Charts CI
```
Updated:
argo/argo-cd:
- 5.49.0
bitnami/wordpress:
- 18.0.12
cert-manager/cert-manager:
- v1.13.2
crowdstrike/falcon-sensor:
- 1.22.1
external-secrets/external-secrets:
- 0.9.8
hashicorp/vault:
- 0.26.1
loft/loft:
- 3.3.1
nats/nats:
- 1.1.3
new-relic/nri-bundle:
- 5.0.43
redpanda/redpanda:
- 5.6.37
stackstate/stackstate-k8s-agent:
- 1.0.51
```
pull/932/head
github-actions[bot]
parent
0771e64a07
commit
d47dfdbd11
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,7 +1,7 @@
|
||||||
annotations:
|
annotations:
|
||||||
artifacthub.io/changes: |
|
artifacthub.io/changes: |
|
||||||
- kind: added
|
- kind: added
|
||||||
description: add terminationGracePeriodSeconds
|
description: Add notification cluster role support
|
||||||
artifacthub.io/signKey: |
|
artifacthub.io/signKey: |
|
||||||
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
|
||||||
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
|
||||||
|
|
@ -11,7 +11,7 @@ annotations:
|
||||||
catalog.cattle.io/kube-version: '>=1.23.0-0'
|
catalog.cattle.io/kube-version: '>=1.23.0-0'
|
||||||
catalog.cattle.io/release-name: argo-cd
|
catalog.cattle.io/release-name: argo-cd
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: v2.8.4
|
appVersion: v2.8.5
|
||||||
dependencies:
|
dependencies:
|
||||||
- condition: redis-ha.enabled
|
- condition: redis-ha.enabled
|
||||||
name: redis-ha
|
name: redis-ha
|
||||||
|
|
@ -33,4 +33,4 @@ name: argo-cd
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
|
||||||
- https://github.com/argoproj/argo-cd
|
- https://github.com/argoproj/argo-cd
|
||||||
version: 5.47.0
|
version: 5.49.0
|
||||||
|
|
|
||||||
|
|
@ -1160,6 +1160,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
|
| notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
|
||||||
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
|
| notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates |
|
||||||
|
| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource |
|
||||||
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
|
| notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map |
|
||||||
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
|
| notifications.containerPorts.metrics | int | `9001` | Metrics container port |
|
||||||
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
|
| notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context |
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,22 @@
|
||||||
|
{{- if .Values.createClusterRoles }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ include "argo-cd.notifications.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
|
||||||
|
rules:
|
||||||
|
{{- with .Values.notifications.clusterRoleRules.rules }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
- apiGroups:
|
||||||
|
- "argoproj.io"
|
||||||
|
resources:
|
||||||
|
- "applications"
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
{{- end }}
|
||||||
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if .Values.createClusterRoles }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ include "argo-cd.notifications.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ include "argo-cd.notifications.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "argo-cd.notificationsServiceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
|
@ -85,6 +85,12 @@ spec:
|
||||||
key: notificationscontroller.log.format
|
key: notificationscontroller.log.format
|
||||||
name: argocd-cmd-params-cm
|
name: argocd-cmd-params-cm
|
||||||
optional: true
|
optional: true
|
||||||
|
- name: ARGOCD_APPLICATION_NAMESPACES
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
key: application.namespaces
|
||||||
|
name: argocd-cmd-params-cm
|
||||||
|
optional: true
|
||||||
{{- with .Values.notifications.extraEnvFrom }}
|
{{- with .Values.notifications.extraEnvFrom }}
|
||||||
envFrom:
|
envFrom:
|
||||||
{{- toYaml . | nindent 12 }}
|
{{- toYaml . | nindent 12 }}
|
||||||
|
|
|
||||||
|
|
@ -326,7 +326,7 @@ configs:
|
||||||
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||||
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
|
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
|
||||||
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
|
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
|
||||||
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
|
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
|
||||||
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||||
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
||||||
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|
||||||
|
|
@ -2997,6 +2997,12 @@ notifications:
|
||||||
# -- Whether helm chart creates notifications controller config map
|
# -- Whether helm chart creates notifications controller config map
|
||||||
create: true
|
create: true
|
||||||
|
|
||||||
|
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
|
||||||
|
## Defaults to off
|
||||||
|
clusterRoleRules:
|
||||||
|
# -- List of custom rules for the notifications controller's ClusterRole resource
|
||||||
|
rules: []
|
||||||
|
|
||||||
# -- Contains centrally managed global application subscriptions
|
# -- Contains centrally managed global application subscriptions
|
||||||
## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
|
## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/
|
||||||
subscriptions: []
|
subscriptions: []
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ annotations:
|
||||||
- name: os-shell
|
- name: os-shell
|
||||||
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
image: docker.io/bitnami/os-shell:11-debian-11-r90
|
||||||
- name: wordpress
|
- name: wordpress
|
||||||
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r4
|
image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5
|
||||||
licenses: Apache-2.0
|
licenses: Apache-2.0
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 6.3.2
|
appVersion: 6.3.2
|
||||||
|
|
@ -47,4 +47,4 @@ maintainers:
|
||||||
name: wordpress
|
name: wordpress
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
|
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
|
||||||
version: 18.0.11
|
version: 18.0.12
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ diagnosticMode:
|
||||||
image:
|
image:
|
||||||
registry: docker.io
|
registry: docker.io
|
||||||
repository: bitnami/wordpress
|
repository: bitnami/wordpress
|
||||||
tag: 6.3.2-debian-11-r4
|
tag: 6.3.2-debian-11-r5
|
||||||
digest: ""
|
digest: ""
|
||||||
## Specify a imagePullPolicy
|
## Specify a imagePullPolicy
|
||||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ annotations:
|
||||||
catalog.cattle.io/namespace: cert-manager
|
catalog.cattle.io/namespace: cert-manager
|
||||||
catalog.cattle.io/release-name: cert-manager
|
catalog.cattle.io/release-name: cert-manager
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
appVersion: v1.13.1
|
appVersion: v1.13.2
|
||||||
description: A Helm chart for cert-manager
|
description: A Helm chart for cert-manager
|
||||||
home: https://github.com/cert-manager/cert-manager
|
home: https://github.com/cert-manager/cert-manager
|
||||||
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png
|
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png
|
||||||
|
|
@ -27,4 +27,4 @@ maintainers:
|
||||||
name: cert-manager
|
name: cert-manager
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/cert-manager/cert-manager
|
- https://github.com/cert-manager/cert-manager
|
||||||
version: v1.13.1
|
version: v1.13.2
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou
|
||||||
This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.
|
This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
|
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
To install the chart with the release name `my-release`:
|
To install the chart with the release name `my-release`:
|
||||||
|
|
@ -29,7 +29,7 @@ To install the chart with the release name `my-release`:
|
||||||
$ helm repo add jetstack https://charts.jetstack.io
|
$ helm repo add jetstack https://charts.jetstack.io
|
||||||
|
|
||||||
## Install the cert-manager helm chart
|
## Install the cert-manager helm chart
|
||||||
$ helm install my-release --namespace cert-manager --version v1.13.1 jetstack/cert-manager
|
$ helm install my-release --namespace cert-manager --version v1.13.2 jetstack/cert-manager
|
||||||
```
|
```
|
||||||
|
|
||||||
In order to begin issuing certificates, you will need to set up a ClusterIssuer
|
In order to begin issuing certificates, you will need to set up a ClusterIssuer
|
||||||
|
|
@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als
|
||||||
delete the previously installed CustomResourceDefinition resources:
|
delete the previously installed CustomResourceDefinition resources:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
|
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
@ -86,7 +86,7 @@ The following table lists the configurable parameters of the cert-manager chart
|
||||||
| `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | |
|
| `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | |
|
||||||
| `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` |
|
| `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` |
|
||||||
| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` |
|
| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` |
|
||||||
| `image.tag` | Image tag | `v1.13.1` |
|
| `image.tag` | Image tag | `v1.13.2` |
|
||||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||||
| `replicaCount` | Number of cert-manager replicas | `1` |
|
| `replicaCount` | Number of cert-manager replicas | `1` |
|
||||||
| `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod |
|
| `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod |
|
||||||
|
|
@ -171,7 +171,7 @@ The following table lists the configurable parameters of the cert-manager chart
|
||||||
| `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` |
|
| `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` |
|
||||||
| `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` |
|
| `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` |
|
||||||
| `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` |
|
| `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` |
|
||||||
| `webhook.image.tag` | Webhook image tag | `v1.13.1` |
|
| `webhook.image.tag` | Webhook image tag | `v1.13.2` |
|
||||||
| `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` |
|
| `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` |
|
||||||
| `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` |
|
| `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` |
|
||||||
| `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
|
| `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
|
||||||
|
|
@ -210,13 +210,13 @@ The following table lists the configurable parameters of the cert-manager chart
|
||||||
| `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` |
|
| `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` |
|
||||||
| `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` |
|
| `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` |
|
||||||
| `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` |
|
| `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` |
|
||||||
| `cainjector.image.tag` | cainjector image tag | `v1.13.1` |
|
| `cainjector.image.tag` | cainjector image tag | `v1.13.2` |
|
||||||
| `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` |
|
| `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` |
|
||||||
| `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
|
| `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
|
||||||
| `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) |
|
| `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) |
|
||||||
| `cainjector.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` |
|
| `cainjector.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` |
|
||||||
| `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` |
|
| `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` |
|
||||||
| `acmesolver.image.tag` | acmesolver image tag | `v1.13.1` |
|
| `acmesolver.image.tag` | acmesolver image tag | `v1.13.2` |
|
||||||
| `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` |
|
| `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` |
|
||||||
| `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` |
|
| `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` |
|
||||||
| `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
|
| `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) |
|
||||||
|
|
@ -232,7 +232,7 @@ The following table lists the configurable parameters of the cert-manager chart
|
||||||
| `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` |
|
| `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` |
|
||||||
| `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` |
|
| `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` |
|
||||||
| `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` |
|
| `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` |
|
||||||
| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.1` |
|
| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.2` |
|
||||||
| `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` |
|
| `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` |
|
||||||
| `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` |
|
| `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` |
|
||||||
| `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | |
|
| `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | |
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,7 @@ spec:
|
||||||
{{ if not $config.securePort -}}
|
{{ if not $config.securePort -}}
|
||||||
- --secure-port={{ .Values.webhook.securePort }}
|
- --secure-port={{ .Values.webhook.securePort }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.featureGates }}
|
{{- if .Values.webhook.featureGates }}
|
||||||
- --feature-gates={{ .Values.webhook.featureGates }}
|
- --feature-gates={{ .Values.webhook.featureGates }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- $tlsConfig := default $config.tlsConfig "" }}
|
{{- $tlsConfig := default $config.tlsConfig "" }}
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ annotations:
|
||||||
catalog.cattle.io/kube-version: '>1.22.0-0'
|
catalog.cattle.io/kube-version: '>1.22.0-0'
|
||||||
catalog.cattle.io/release-name: falcon-sensor
|
catalog.cattle.io/release-name: falcon-sensor
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.21.2
|
appVersion: 1.22.1
|
||||||
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
|
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
|
||||||
home: https://crowdstrike.com
|
home: https://crowdstrike.com
|
||||||
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
|
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
|
||||||
|
|
@ -24,4 +24,4 @@ name: falcon-sensor
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/CrowdStrike/falcon-helm
|
- https://github.com/CrowdStrike/falcon-helm
|
||||||
type: application
|
type: application
|
||||||
version: 1.21.2
|
version: 1.22.1
|
||||||
|
|
|
||||||
|
|
@ -108,6 +108,15 @@ spec:
|
||||||
- name: falconstore-dir
|
- name: falconstore-dir
|
||||||
mountPath: /host_opt
|
mountPath: /host_opt
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
ephemeral-storage: 10Mi
|
||||||
|
memory: 50Mi
|
||||||
|
limits:
|
||||||
|
cpu: 10m
|
||||||
|
ephemeral-storage: 10Mi
|
||||||
|
memory: 50Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
|
||||||
|
|
@ -100,6 +100,15 @@ spec:
|
||||||
- name: opt-crowdstrike
|
- name: opt-crowdstrike
|
||||||
mountPath: /host_opt
|
mountPath: /host_opt
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
ephemeral-storage: 10Mi
|
||||||
|
memory: 50Mi
|
||||||
|
limits:
|
||||||
|
cpu: 10m
|
||||||
|
ephemeral-storage: 10Mi
|
||||||
|
memory: 50Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: true
|
privileged: true
|
||||||
|
|
@ -124,6 +133,15 @@ spec:
|
||||||
- sleep 10
|
- sleep 10
|
||||||
command:
|
command:
|
||||||
- /bin/bash
|
- /bin/bash
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
ephemeral-storage: 10Mi
|
||||||
|
memory: 50Mi
|
||||||
|
limits:
|
||||||
|
cpu: 10m
|
||||||
|
ephemeral-storage: 10Mi
|
||||||
|
memory: 50Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
privileged: false
|
privileged: false
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ annotations:
|
||||||
catalog.cattle.io/kube-version: '>= 1.19.0-0'
|
catalog.cattle.io/kube-version: '>= 1.19.0-0'
|
||||||
catalog.cattle.io/release-name: external-secrets
|
catalog.cattle.io/release-name: external-secrets
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: v0.9.7
|
appVersion: v0.9.8
|
||||||
description: External secret management for Kubernetes
|
description: External secret management for Kubernetes
|
||||||
home: https://github.com/external-secrets/external-secrets
|
home: https://github.com/external-secrets/external-secrets
|
||||||
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
|
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
|
||||||
|
|
@ -17,4 +17,4 @@ maintainers:
|
||||||
name: mcavoyk
|
name: mcavoyk
|
||||||
name: external-secrets
|
name: external-secrets
|
||||||
type: application
|
type: application
|
||||||
version: 0.9.7
|
version: 0.9.8
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
|
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
|
||||||
|
|
||||||
 
|
 
|
||||||
|
|
||||||
External secret management for Kubernetes
|
External secret management for Kubernetes
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -79,16 +79,28 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
decodingStrategy:
|
decodingStrategy:
|
||||||
default: None
|
default: None
|
||||||
description: Used to define a decoding Strategy
|
description: Used to define a decoding Strategy
|
||||||
|
enum:
|
||||||
|
- Auto
|
||||||
|
- Base64
|
||||||
|
- Base64URL
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
key:
|
key:
|
||||||
description: Key is the key used in the Provider, mandatory
|
description: Key is the key used in the Provider, mandatory
|
||||||
type: string
|
type: string
|
||||||
metadataPolicy:
|
metadataPolicy:
|
||||||
|
default: None
|
||||||
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
|
|
@ -151,16 +163,28 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
decodingStrategy:
|
decodingStrategy:
|
||||||
default: None
|
default: None
|
||||||
description: Used to define a decoding Strategy
|
description: Used to define a decoding Strategy
|
||||||
|
enum:
|
||||||
|
- Auto
|
||||||
|
- Base64
|
||||||
|
- Base64URL
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
key:
|
key:
|
||||||
description: Key is the key used in the Provider, mandatory
|
description: Key is the key used in the Provider, mandatory
|
||||||
type: string
|
type: string
|
||||||
metadataPolicy:
|
metadataPolicy:
|
||||||
|
default: None
|
||||||
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
|
|
@ -177,10 +201,18 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
decodingStrategy:
|
decodingStrategy:
|
||||||
default: None
|
default: None
|
||||||
description: Used to define a decoding Strategy
|
description: Used to define a decoding Strategy
|
||||||
|
enum:
|
||||||
|
- Auto
|
||||||
|
- Base64
|
||||||
|
- Base64URL
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
name:
|
name:
|
||||||
description: Finds secrets based on the name.
|
description: Finds secrets based on the name.
|
||||||
|
|
@ -215,6 +247,15 @@ spec:
|
||||||
- source
|
- source
|
||||||
- target
|
- target
|
||||||
type: object
|
type: object
|
||||||
|
transform:
|
||||||
|
description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
|
||||||
|
properties:
|
||||||
|
template:
|
||||||
|
description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- template
|
||||||
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
sourceRef:
|
sourceRef:
|
||||||
|
|
@ -307,9 +348,16 @@ spec:
|
||||||
type: object
|
type: object
|
||||||
engineVersion:
|
engineVersion:
|
||||||
default: v2
|
default: v2
|
||||||
|
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
|
||||||
|
enum:
|
||||||
|
- v1
|
||||||
|
- v2
|
||||||
type: string
|
type: string
|
||||||
mergePolicy:
|
mergePolicy:
|
||||||
default: Replace
|
default: Replace
|
||||||
|
enum:
|
||||||
|
- Replace
|
||||||
|
- Merge
|
||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
|
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
|
||||||
|
|
@ -335,6 +383,9 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
templateAs:
|
templateAs:
|
||||||
default: Values
|
default: Values
|
||||||
|
enum:
|
||||||
|
- Values
|
||||||
|
- KeysAndValues
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- key
|
- key
|
||||||
|
|
@ -357,6 +408,9 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
templateAs:
|
templateAs:
|
||||||
default: Values
|
default: Values
|
||||||
|
enum:
|
||||||
|
- Values
|
||||||
|
- KeysAndValues
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- key
|
- key
|
||||||
|
|
@ -370,6 +424,10 @@ spec:
|
||||||
type: object
|
type: object
|
||||||
target:
|
target:
|
||||||
default: Data
|
default: Data
|
||||||
|
enum:
|
||||||
|
- Data
|
||||||
|
- Annotations
|
||||||
|
- Labels
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
|
@ -409,12 +467,16 @@ spec:
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
x-kubernetes-map-type: atomic
|
x-kubernetes-map-type: atomic
|
||||||
|
namespaces:
|
||||||
|
description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
refreshTime:
|
refreshTime:
|
||||||
description: The time in which the controller should reconcile it's objects and recheck namespaces for labels.
|
description: The time in which the controller should reconcile its objects and recheck namespaces for labels.
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- externalSecretSpec
|
- externalSecretSpec
|
||||||
- namespaceSelector
|
|
||||||
type: object
|
type: object
|
||||||
status:
|
status:
|
||||||
description: ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.
|
description: ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.
|
||||||
|
|
|
||||||
|
|
@ -657,7 +657,7 @@ spec:
|
||||||
description: Oracle configures this store to sync secrets using Oracle Vault provider
|
description: Oracle configures this store to sync secrets using Oracle Vault provider
|
||||||
properties:
|
properties:
|
||||||
auth:
|
auth:
|
||||||
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
|
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
|
||||||
properties:
|
properties:
|
||||||
secretRef:
|
secretRef:
|
||||||
description: SecretRef to pass through sensitive information.
|
description: SecretRef to pass through sensitive information.
|
||||||
|
|
@ -703,6 +703,9 @@ spec:
|
||||||
- tenancy
|
- tenancy
|
||||||
- user
|
- user
|
||||||
type: object
|
type: object
|
||||||
|
principalType:
|
||||||
|
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
|
||||||
|
type: string
|
||||||
region:
|
region:
|
||||||
description: Region is the region where vault is located.
|
description: Region is the region where vault is located.
|
||||||
type: string
|
type: string
|
||||||
|
|
@ -2221,6 +2224,9 @@ spec:
|
||||||
- tenancy
|
- tenancy
|
||||||
- user
|
- user
|
||||||
type: object
|
type: object
|
||||||
|
principalType:
|
||||||
|
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
|
||||||
|
type: string
|
||||||
region:
|
region:
|
||||||
description: Region is the region where vault is located.
|
description: Region is the region where vault is located.
|
||||||
type: string
|
type: string
|
||||||
|
|
|
||||||
|
|
@ -62,6 +62,9 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
key:
|
key:
|
||||||
description: Key is the key used in the Provider, mandatory
|
description: Key is the key used in the Provider, mandatory
|
||||||
|
|
@ -90,6 +93,9 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
key:
|
key:
|
||||||
description: Key is the key used in the Provider, mandatory
|
description: Key is the key used in the Provider, mandatory
|
||||||
|
|
@ -126,6 +132,10 @@ spec:
|
||||||
creationPolicy:
|
creationPolicy:
|
||||||
default: Owner
|
default: Owner
|
||||||
description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
|
description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner'
|
||||||
|
enum:
|
||||||
|
- Owner
|
||||||
|
- Merge
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
immutable:
|
immutable:
|
||||||
description: Immutable defines if the final secret will be immutable
|
description: Immutable defines if the final secret will be immutable
|
||||||
|
|
@ -143,6 +153,9 @@ spec:
|
||||||
engineVersion:
|
engineVersion:
|
||||||
default: v1
|
default: v1
|
||||||
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
|
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
|
||||||
|
enum:
|
||||||
|
- v1
|
||||||
|
- v2
|
||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
|
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
|
||||||
|
|
@ -288,16 +301,28 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
decodingStrategy:
|
decodingStrategy:
|
||||||
default: None
|
default: None
|
||||||
description: Used to define a decoding Strategy
|
description: Used to define a decoding Strategy
|
||||||
|
enum:
|
||||||
|
- Auto
|
||||||
|
- Base64
|
||||||
|
- Base64URL
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
key:
|
key:
|
||||||
description: Key is the key used in the Provider, mandatory
|
description: Key is the key used in the Provider, mandatory
|
||||||
type: string
|
type: string
|
||||||
metadataPolicy:
|
metadataPolicy:
|
||||||
|
default: None
|
||||||
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
|
|
@ -360,16 +385,28 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
decodingStrategy:
|
decodingStrategy:
|
||||||
default: None
|
default: None
|
||||||
description: Used to define a decoding Strategy
|
description: Used to define a decoding Strategy
|
||||||
|
enum:
|
||||||
|
- Auto
|
||||||
|
- Base64
|
||||||
|
- Base64URL
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
key:
|
key:
|
||||||
description: Key is the key used in the Provider, mandatory
|
description: Key is the key used in the Provider, mandatory
|
||||||
type: string
|
type: string
|
||||||
metadataPolicy:
|
metadataPolicy:
|
||||||
|
default: None
|
||||||
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None
|
||||||
|
enum:
|
||||||
|
- None
|
||||||
|
- Fetch
|
||||||
type: string
|
type: string
|
||||||
property:
|
property:
|
||||||
description: Used to select a specific property of the Provider value (if a map), if supported
|
description: Used to select a specific property of the Provider value (if a map), if supported
|
||||||
|
|
@ -386,10 +423,18 @@ spec:
|
||||||
conversionStrategy:
|
conversionStrategy:
|
||||||
default: Default
|
default: Default
|
||||||
description: Used to define a conversion Strategy
|
description: Used to define a conversion Strategy
|
||||||
|
enum:
|
||||||
|
- Default
|
||||||
|
- Unicode
|
||||||
type: string
|
type: string
|
||||||
decodingStrategy:
|
decodingStrategy:
|
||||||
default: None
|
default: None
|
||||||
description: Used to define a decoding Strategy
|
description: Used to define a decoding Strategy
|
||||||
|
enum:
|
||||||
|
- Auto
|
||||||
|
- Base64
|
||||||
|
- Base64URL
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
name:
|
name:
|
||||||
description: Finds secrets based on the name.
|
description: Finds secrets based on the name.
|
||||||
|
|
@ -424,6 +469,15 @@ spec:
|
||||||
- source
|
- source
|
||||||
- target
|
- target
|
||||||
type: object
|
type: object
|
||||||
|
transform:
|
||||||
|
description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation.
|
||||||
|
properties:
|
||||||
|
template:
|
||||||
|
description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- template
|
||||||
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
sourceRef:
|
sourceRef:
|
||||||
|
|
@ -516,9 +570,16 @@ spec:
|
||||||
type: object
|
type: object
|
||||||
engineVersion:
|
engineVersion:
|
||||||
default: v2
|
default: v2
|
||||||
|
description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[].
|
||||||
|
enum:
|
||||||
|
- v1
|
||||||
|
- v2
|
||||||
type: string
|
type: string
|
||||||
mergePolicy:
|
mergePolicy:
|
||||||
default: Replace
|
default: Replace
|
||||||
|
enum:
|
||||||
|
- Replace
|
||||||
|
- Merge
|
||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
|
description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
|
||||||
|
|
@ -544,6 +605,9 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
templateAs:
|
templateAs:
|
||||||
default: Values
|
default: Values
|
||||||
|
enum:
|
||||||
|
- Values
|
||||||
|
- KeysAndValues
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- key
|
- key
|
||||||
|
|
@ -566,6 +630,9 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
templateAs:
|
templateAs:
|
||||||
default: Values
|
default: Values
|
||||||
|
enum:
|
||||||
|
- Values
|
||||||
|
- KeysAndValues
|
||||||
type: string
|
type: string
|
||||||
required:
|
required:
|
||||||
- key
|
- key
|
||||||
|
|
@ -579,6 +646,10 @@ spec:
|
||||||
type: object
|
type: object
|
||||||
target:
|
target:
|
||||||
default: Data
|
default: Data
|
||||||
|
enum:
|
||||||
|
- Data
|
||||||
|
- Annotations
|
||||||
|
- Labels
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
|
|
||||||
|
|
@ -80,6 +80,9 @@ spec:
|
||||||
deletionPolicy:
|
deletionPolicy:
|
||||||
default: None
|
default: None
|
||||||
description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".'
|
description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".'
|
||||||
|
enum:
|
||||||
|
- Delete
|
||||||
|
- None
|
||||||
type: string
|
type: string
|
||||||
refreshInterval:
|
refreshInterval:
|
||||||
description: The Interval to which External Secrets will try to push a secret definition
|
description: The Interval to which External Secrets will try to push a secret definition
|
||||||
|
|
|
||||||
|
|
@ -657,7 +657,7 @@ spec:
|
||||||
description: Oracle configures this store to sync secrets using Oracle Vault provider
|
description: Oracle configures this store to sync secrets using Oracle Vault provider
|
||||||
properties:
|
properties:
|
||||||
auth:
|
auth:
|
||||||
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
|
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
|
||||||
properties:
|
properties:
|
||||||
secretRef:
|
secretRef:
|
||||||
description: SecretRef to pass through sensitive information.
|
description: SecretRef to pass through sensitive information.
|
||||||
|
|
@ -703,6 +703,9 @@ spec:
|
||||||
- tenancy
|
- tenancy
|
||||||
- user
|
- user
|
||||||
type: object
|
type: object
|
||||||
|
principalType:
|
||||||
|
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
|
||||||
|
type: string
|
||||||
region:
|
region:
|
||||||
description: Region is the region where vault is located.
|
description: Region is the region where vault is located.
|
||||||
type: string
|
type: string
|
||||||
|
|
@ -2221,6 +2224,9 @@ spec:
|
||||||
- tenancy
|
- tenancy
|
||||||
- user
|
- user
|
||||||
type: object
|
type: object
|
||||||
|
principalType:
|
||||||
|
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
|
||||||
|
type: string
|
||||||
region:
|
region:
|
||||||
description: Region is the region where vault is located.
|
description: Region is the region where vault is located.
|
||||||
type: string
|
type: string
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,8 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
name: RELEASE-NAME-external-secrets-cert-controller
|
name: RELEASE-NAME-external-secrets-cert-controller
|
||||||
namespace: NAMESPACE
|
namespace: NAMESPACE
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -24,8 +24,8 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets-cert-controller
|
app.kubernetes.io/name: external-secrets-cert-controller
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
spec:
|
spec:
|
||||||
automountServiceAccountToken: true
|
automountServiceAccountToken: true
|
||||||
containers:
|
containers:
|
||||||
|
|
@ -38,7 +38,7 @@ should match snapshot of default values:
|
||||||
- --secret-namespace=NAMESPACE
|
- --secret-namespace=NAMESPACE
|
||||||
- --metrics-addr=:8080
|
- --metrics-addr=:8080
|
||||||
- --healthz-addr=:8081
|
- --healthz-addr=:8081
|
||||||
image: ghcr.io/external-secrets/external-secrets:v0.9.7
|
image: ghcr.io/external-secrets/external-secrets:v0.9.8
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: cert-controller
|
name: cert-controller
|
||||||
ports:
|
ports:
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,8 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
name: RELEASE-NAME-external-secrets
|
name: RELEASE-NAME-external-secrets
|
||||||
namespace: NAMESPACE
|
namespace: NAMESPACE
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -24,14 +24,14 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets
|
app.kubernetes.io/name: external-secrets
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
spec:
|
spec:
|
||||||
automountServiceAccountToken: true
|
automountServiceAccountToken: true
|
||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
- --concurrent=1
|
- --concurrent=1
|
||||||
image: ghcr.io/external-secrets/external-secrets:v0.9.7
|
image: ghcr.io/external-secrets/external-secrets:v0.9.8
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: external-secrets
|
name: external-secrets
|
||||||
ports:
|
ports:
|
||||||
|
|
|
||||||
|
|
@ -662,7 +662,7 @@ should match snapshot of default values:
|
||||||
description: Oracle configures this store to sync secrets using Oracle Vault provider
|
description: Oracle configures this store to sync secrets using Oracle Vault provider
|
||||||
properties:
|
properties:
|
||||||
auth:
|
auth:
|
||||||
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
|
description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal.
|
||||||
properties:
|
properties:
|
||||||
secretRef:
|
secretRef:
|
||||||
description: SecretRef to pass through sensitive information.
|
description: SecretRef to pass through sensitive information.
|
||||||
|
|
@ -708,6 +708,9 @@ should match snapshot of default values:
|
||||||
- tenancy
|
- tenancy
|
||||||
- user
|
- user
|
||||||
type: object
|
type: object
|
||||||
|
principalType:
|
||||||
|
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
|
||||||
|
type: string
|
||||||
region:
|
region:
|
||||||
description: Region is the region where vault is located.
|
description: Region is the region where vault is located.
|
||||||
type: string
|
type: string
|
||||||
|
|
@ -2226,6 +2229,9 @@ should match snapshot of default values:
|
||||||
- tenancy
|
- tenancy
|
||||||
- user
|
- user
|
||||||
type: object
|
type: object
|
||||||
|
principalType:
|
||||||
|
description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity.
|
||||||
|
type: string
|
||||||
region:
|
region:
|
||||||
description: Region is the region where vault is located.
|
description: Region is the region where vault is located.
|
||||||
type: string
|
type: string
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,8 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
name: RELEASE-NAME-external-secrets-webhook
|
name: RELEASE-NAME-external-secrets-webhook
|
||||||
namespace: NAMESPACE
|
namespace: NAMESPACE
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -24,8 +24,8 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
spec:
|
spec:
|
||||||
automountServiceAccountToken: true
|
automountServiceAccountToken: true
|
||||||
containers:
|
containers:
|
||||||
|
|
@ -37,7 +37,7 @@ should match snapshot of default values:
|
||||||
- --check-interval=5m
|
- --check-interval=5m
|
||||||
- --metrics-addr=:8080
|
- --metrics-addr=:8080
|
||||||
- --healthz-addr=:8081
|
- --healthz-addr=:8081
|
||||||
image: ghcr.io/external-secrets/external-secrets:v0.9.7
|
image: ghcr.io/external-secrets/external-secrets:v0.9.8
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
name: webhook
|
name: webhook
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -81,8 +81,8 @@ should match snapshot of default values:
|
||||||
app.kubernetes.io/instance: RELEASE-NAME
|
app.kubernetes.io/instance: RELEASE-NAME
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/name: external-secrets-webhook
|
app.kubernetes.io/name: external-secrets-webhook
|
||||||
app.kubernetes.io/version: v0.9.7
|
app.kubernetes.io/version: v0.9.8
|
||||||
external-secrets.io/component: webhook
|
external-secrets.io/component: webhook
|
||||||
helm.sh/chart: external-secrets-0.9.7
|
helm.sh/chart: external-secrets-0.9.8
|
||||||
name: RELEASE-NAME-external-secrets-webhook
|
name: RELEASE-NAME-external-secrets-webhook
|
||||||
namespace: NAMESPACE
|
namespace: NAMESPACE
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,33 @@
|
||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
|
## 0.26.1 (October 30, 2023)
|
||||||
|
|
||||||
|
Bugs:
|
||||||
|
* Fix templating of `server.ha.replicas` when set via override file. The `0.26.0` chart would ignore `server.ha.replicas` and always deploy 3 server replicas when `server.ha.enabled=true` unless overridden by command line when issuing the helm command: `--set server.ha.replicas=<some_number>`. Fixed in [GH-961](https://github.com/hashicorp/vault-helm/pull/961)
|
||||||
|
|
||||||
|
## 0.26.0 (October 27, 2023)
|
||||||
|
|
||||||
|
Changes:
|
||||||
|
* Default `vault` version updated to 1.15.1
|
||||||
|
* Default `vault-k8s` version updated to 1.3.1
|
||||||
|
* Default `vault-csi-provider` version updated to 1.4.1
|
||||||
|
* Tested with Kubernetes versions 1.24-1.28
|
||||||
|
* server: OpenShift default readiness probe returns 204 when uninitialized [GH-966](https://github.com/hashicorp/vault-helm/pull/966)
|
||||||
|
|
||||||
|
Features:
|
||||||
|
* server: Add support for dual stack clusters [GH-833](https://github.com/hashicorp/vault-helm/pull/833)
|
||||||
|
* server: Support `hostAliases` for the StatefulSet pods [GH-955](https://github.com/hashicorp/vault-helm/pull/955)
|
||||||
|
* server: Add `server.service.active.annotations` and `server.service.standby.annotations` [GH-896](https://github.com/hashicorp/vault-helm/pull/896)
|
||||||
|
* server: Add long-lived service account token option [GH-923](https://github.com/hashicorp/vault-helm/pull/923)
|
||||||
|
|
||||||
|
Bugs:
|
||||||
|
* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909)
|
||||||
|
|
||||||
|
Improvements:
|
||||||
|
* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909)
|
||||||
|
* server: use vault.fullname in Helm test [GH-912](https://github.com/hashicorp/vault-helm/pull/912)
|
||||||
|
* server: Allow scaling HA replicas to zero [GH-943](https://github.com/hashicorp/vault-helm/pull/943)
|
||||||
|
|
||||||
## 0.25.0 (June 26, 2023)
|
## 0.25.0 (June 26, 2023)
|
||||||
|
|
||||||
Changes:
|
Changes:
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ annotations:
|
||||||
catalog.cattle.io/release-name: vault
|
catalog.cattle.io/release-name: vault
|
||||||
charts.openshift.io/name: HashiCorp Vault
|
charts.openshift.io/name: HashiCorp Vault
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.14.0
|
appVersion: 1.15.1
|
||||||
description: Official HashiCorp Vault Chart
|
description: Official HashiCorp Vault Chart
|
||||||
home: https://www.vaultproject.io
|
home: https://www.vaultproject.io
|
||||||
icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
|
icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
|
||||||
|
|
@ -25,4 +25,4 @@ sources:
|
||||||
- https://github.com/hashicorp/vault-helm
|
- https://github.com/hashicorp/vault-helm
|
||||||
- https://github.com/hashicorp/vault-k8s
|
- https://github.com/hashicorp/vault-k8s
|
||||||
- https://github.com/hashicorp/vault-csi-provider
|
- https://github.com/hashicorp/vault-csi-provider
|
||||||
version: 0.25.0
|
version: 0.26.1
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ cases of Vault on Kubernetes depending on the values provided.
|
||||||
|
|
||||||
For full documentation on this Helm chart along with all the ways you can
|
For full documentation on this Helm chart along with all the ways you can
|
||||||
use Vault with Kubernetes, please see the
|
use Vault with Kubernetes, please see the
|
||||||
[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
|
[Vault and Kubernetes documentation](https://developer.hashicorp.com/vault/docs/platform/k8s).
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
|
|
@ -39,5 +39,5 @@ $ helm install vault hashicorp/vault
|
||||||
|
|
||||||
Please see the many options supported in the `values.yaml` file. These are also
|
Please see the many options supported in the `values.yaml` file. These are also
|
||||||
fully documented directly on the [Vault
|
fully documented directly on the [Vault
|
||||||
website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
|
website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more
|
||||||
detailed installation instructions.
|
detailed installation instructions.
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ Thank you for installing HashiCorp Vault!
|
||||||
Now that you have deployed Vault, you should look over the docs on using
|
Now that you have deployed Vault, you should look over the docs on using
|
||||||
Vault with Kubernetes available here:
|
Vault with Kubernetes available here:
|
||||||
|
|
||||||
https://www.vaultproject.io/docs/
|
https://developer.hashicorp.com/vault/docs
|
||||||
|
|
||||||
|
|
||||||
Your release is named {{ .Release.Name }}. To learn more about the release, try:
|
Your release is named {{ .Release.Name }}. To learn more about the release, try:
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,13 @@ Expand the name of the chart.
|
||||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Allow the release namespace to be overridden
|
||||||
|
*/}}
|
||||||
|
{{- define "vault.namespace" -}}
|
||||||
|
{{- default .Release.Namespace .Values.global.namespace -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Compute if the csi driver is enabled.
|
Compute if the csi driver is enabled.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
@ -75,6 +82,17 @@ Compute if the server serviceaccount is enabled.
|
||||||
(eq (.Values.global.enabled | toString) "true"))) -}}
|
(eq (.Values.global.enabled | toString) "true"))) -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Compute if the server serviceaccount should have a token created and mounted to the serviceaccount.
|
||||||
|
*/}}
|
||||||
|
{{- define "vault.serverServiceAccountSecretCreationEnabled" -}}
|
||||||
|
{{- $_ := set . "serverServiceAccountSecretCreationEnabled"
|
||||||
|
(and
|
||||||
|
(eq (.Values.server.serviceAccount.create | toString) "true")
|
||||||
|
(eq (.Values.server.serviceAccount.createSecret | toString) "true")) -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Compute if the server auth delegator serviceaccount is enabled.
|
Compute if the server auth delegator serviceaccount is enabled.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
@ -149,7 +167,11 @@ Set's the replica count based on the different modes configured by user
|
||||||
{{ if eq .mode "standalone" }}
|
{{ if eq .mode "standalone" }}
|
||||||
{{- default 1 -}}
|
{{- default 1 -}}
|
||||||
{{ else if eq .mode "ha" }}
|
{{ else if eq .mode "ha" }}
|
||||||
{{- .Values.server.ha.replicas | default 3 -}}
|
{{- if or (kindIs "int64" .Values.server.ha.replicas) (kindIs "float64" .Values.server.ha.replicas) -}}
|
||||||
|
{{- .Values.server.ha.replicas -}}
|
||||||
|
{{ else }}
|
||||||
|
{{- 3 -}}
|
||||||
|
{{- end -}}
|
||||||
{{ else }}
|
{{ else }}
|
||||||
{{- default 1 -}}
|
{{- default 1 -}}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
@ -688,6 +710,33 @@ Sets extra vault server Service annotations
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Sets extra vault server Service (active) annotations
|
||||||
|
*/}}
|
||||||
|
{{- define "vault.service.active.annotations" -}}
|
||||||
|
{{- if .Values.server.service.active.annotations }}
|
||||||
|
{{- $tp := typeOf .Values.server.service.active.annotations }}
|
||||||
|
{{- if eq $tp "string" }}
|
||||||
|
{{- tpl .Values.server.service.active.annotations . | nindent 4 }}
|
||||||
|
{{- else }}
|
||||||
|
{{- toYaml .Values.server.service.active.annotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Sets extra vault server Service annotations
|
||||||
|
*/}}
|
||||||
|
{{- define "vault.service.standby.annotations" -}}
|
||||||
|
{{- if .Values.server.service.standby.annotations }}
|
||||||
|
{{- $tp := typeOf .Values.server.service.standby.annotations }}
|
||||||
|
{{- if eq $tp "string" }}
|
||||||
|
{{- tpl .Values.server.service.standby.annotations . | nindent 4 }}
|
||||||
|
{{- else }}
|
||||||
|
{{- toYaml .Values.server.service.standby.annotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{/*
|
{{/*
|
||||||
Sets PodSecurityPolicy annotations
|
Sets PodSecurityPolicy annotations
|
||||||
*/}}
|
*/}}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider-agent-config
|
name: {{ template "vault.fullname" . }}-csi-provider-agent-config
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
||||||
|
|
@ -21,7 +21,7 @@ data:
|
||||||
{{- if .Values.global.externalVaultAddr }}
|
{{- if .Values.global.externalVaultAddr }}
|
||||||
"address" = "{{ .Values.global.externalVaultAddr }}"
|
"address" = "{{ .Values.global.externalVaultAddr }}"
|
||||||
{{- else }}
|
{{- else }}
|
||||||
"address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}"
|
"address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -20,5 +20,5 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider
|
name: {{ template "vault.fullname" . }}-csi-provider
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ apiVersion: apps/v1
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider
|
name: {{ template "vault.fullname" . }}-csi-provider
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
@ -71,7 +71,7 @@ spec:
|
||||||
{{- else if .Values.global.externalVaultAddr }}
|
{{- else if .Values.global.externalVaultAddr }}
|
||||||
value: "{{ .Values.global.externalVaultAddr }}"
|
value: "{{ .Values.global.externalVaultAddr }}"
|
||||||
{{- else }}
|
{{- else }}
|
||||||
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
|
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: providervol
|
- name: providervol
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider-role
|
name: {{ template "vault.fullname" . }}-csi-provider-role
|
||||||
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider-rolebinding
|
name: {{ template "vault.fullname" . }}-csi-provider-rolebinding
|
||||||
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
@ -20,5 +21,5 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider
|
name: {{ template "vault.fullname" . }}-csi-provider
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-csi-provider
|
name: {{ template "vault.fullname" . }}-csi-provider
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: vault-injector-certs
|
name: vault-injector-certs
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -20,5 +20,5 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector
|
name: {{ template "vault.fullname" . }}-agent-injector
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector
|
name: {{ template "vault.fullname" . }}-agent-injector
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
@ -64,7 +64,7 @@ spec:
|
||||||
{{- else if .Values.injector.externalVaultAddr }}
|
{{- else if .Values.injector.externalVaultAddr }}
|
||||||
value: "{{ .Values.injector.externalVaultAddr }}"
|
value: "{{ .Values.injector.externalVaultAddr }}"
|
||||||
{{- else }}
|
{{- else }}
|
||||||
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
|
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: AGENT_INJECT_VAULT_AUTH_PATH
|
- name: AGENT_INJECT_VAULT_AUTH_PATH
|
||||||
value: {{ .Values.injector.authPath }}
|
value: {{ .Values.injector.authPath }}
|
||||||
|
|
@ -79,7 +79,7 @@ spec:
|
||||||
- name: AGENT_INJECT_TLS_AUTO
|
- name: AGENT_INJECT_TLS_AUTO
|
||||||
value: {{ template "vault.fullname" . }}-agent-injector-cfg
|
value: {{ template "vault.fullname" . }}-agent-injector-cfg
|
||||||
- name: AGENT_INJECT_TLS_AUTO_HOSTS
|
- name: AGENT_INJECT_TLS_AUTO_HOSTS
|
||||||
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
|
value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }}.svc
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: AGENT_INJECT_LOG_FORMAT
|
- name: AGENT_INJECT_LOG_FORMAT
|
||||||
value: {{ .Values.injector.logFormat | default "standard" }}
|
value: {{ .Values.injector.logFormat | default "standard" }}
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ apiVersion: policy/v1
|
||||||
kind: PodDisruptionBudget
|
kind: PodDisruptionBudget
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector
|
name: {{ template "vault.fullname" . }}-agent-injector
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ webhooks:
|
||||||
clientConfig:
|
clientConfig:
|
||||||
service:
|
service:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector-svc
|
name: {{ template "vault.fullname" . }}-agent-injector-svc
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
path: "/mutate"
|
path: "/mutate"
|
||||||
caBundle: {{ .Values.injector.certs.caBundle | quote }}
|
caBundle: {{ .Values.injector.certs.caBundle | quote }}
|
||||||
rules:
|
rules:
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector-psp
|
name: {{ template "vault.fullname" . }}-agent-injector-psp
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector-psp
|
name: {{ template "vault.fullname" . }}-agent-injector-psp
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
|
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
|
name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
@ -22,6 +22,6 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector
|
name: {{ template "vault.fullname" . }}-agent-injector
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
@ -9,7 +9,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector-svc
|
name: {{ template "vault.fullname" . }}-agent-injector-svc
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-agent-injector
|
name: {{ template "vault.fullname" . }}-agent-injector
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -45,5 +45,5 @@ spec:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
namespaceSelector:
|
namespaceSelector:
|
||||||
matchNames:
|
matchNames:
|
||||||
- {{ .Release.Namespace }}
|
- {{ include "vault.namespace" . }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
|
||||||
|
|
@ -25,5 +25,5 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ template "vault.serviceAccount.name" . }}
|
name: {{ template "vault.serviceAccount.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
@ -12,7 +12,7 @@ apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-config
|
name: {{ template "vault.fullname" . }}-config
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ SPDX-License-Identifier: MPL-2.0
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
name: {{ template "vault.fullname" . }}-discovery-role
|
name: {{ template "vault.fullname" . }}-discovery-role
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-discovery-rolebinding
|
name: {{ template "vault.fullname" . }}-discovery-rolebinding
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
@ -28,7 +28,7 @@ roleRef:
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ template "vault.serviceAccount.name" . }}
|
name: {{ template "vault.serviceAccount.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ apiVersion: policy/v1
|
||||||
kind: PodDisruptionBudget
|
kind: PodDisruptionBudget
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}
|
name: {{ template "vault.fullname" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-active
|
name: {{ template "vault.fullname" . }}-active
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
@ -22,11 +22,20 @@ metadata:
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
vault-active: "true"
|
vault-active: "true"
|
||||||
annotations:
|
annotations:
|
||||||
{{ template "vault.service.annotations" .}}
|
{{- template "vault.service.active.annotations" . }}
|
||||||
|
{{- template "vault.service.annotations" . }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.server.service.type}}
|
{{- if .Values.server.service.type}}
|
||||||
type: {{ .Values.server.service.type }}
|
type: {{ .Values.server.service.type }}
|
||||||
{{- end}}
|
{{- end}}
|
||||||
|
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
|
||||||
|
{{- if .Values.server.service.ipFamilyPolicy }}
|
||||||
|
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.server.service.ipFamilies }}
|
||||||
|
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.server.service.clusterIP }}
|
{{- if .Values.server.service.clusterIP }}
|
||||||
clusterIP: {{ .Values.server.service.clusterIP }}
|
clusterIP: {{ .Values.server.service.clusterIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -14,18 +14,27 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-standby
|
name: {{ template "vault.fullname" . }}-standby
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
annotations:
|
annotations:
|
||||||
{{ template "vault.service.annotations" .}}
|
{{- template "vault.service.standby.annotations" . }}
|
||||||
|
{{- template "vault.service.annotations" . }}
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.server.service.type}}
|
{{- if .Values.server.service.type}}
|
||||||
type: {{ .Values.server.service.type }}
|
type: {{ .Values.server.service.type }}
|
||||||
{{- end}}
|
{{- end}}
|
||||||
|
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
|
||||||
|
{{- if .Values.server.service.ipFamilyPolicy }}
|
||||||
|
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.server.service.ipFamilies }}
|
||||||
|
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.server.service.clusterIP }}
|
{{- if .Values.server.service.clusterIP }}
|
||||||
clusterIP: {{ .Values.server.service.clusterIP }}
|
clusterIP: {{ .Values.server.service.clusterIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-internal
|
name: {{ template "vault.fullname" . }}-internal
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
@ -22,6 +22,14 @@ metadata:
|
||||||
annotations:
|
annotations:
|
||||||
{{ template "vault.service.annotations" .}}
|
{{ template "vault.service.annotations" .}}
|
||||||
spec:
|
spec:
|
||||||
|
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
|
||||||
|
{{- if .Values.server.service.ipFamilyPolicy }}
|
||||||
|
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.server.service.ipFamilies }}
|
||||||
|
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
clusterIP: None
|
clusterIP: None
|
||||||
publishNotReadyAddresses: true
|
publishNotReadyAddresses: true
|
||||||
ports:
|
ports:
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}
|
name: {{ template "vault.fullname" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-psp
|
name: {{ template "vault.fullname" . }}-psp
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-psp
|
name: {{ template "vault.fullname" . }}-psp
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ kind: Route
|
||||||
apiVersion: route.openshift.io/v1
|
apiVersion: route.openshift.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}
|
name: {{ template "vault.fullname" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}
|
name: {{ template "vault.fullname" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
@ -24,6 +24,14 @@ spec:
|
||||||
{{- if .Values.server.service.type}}
|
{{- if .Values.server.service.type}}
|
||||||
type: {{ .Values.server.service.type }}
|
type: {{ .Values.server.service.type }}
|
||||||
{{- end}}
|
{{- end}}
|
||||||
|
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
|
||||||
|
{{- if .Values.server.service.ipFamilyPolicy }}
|
||||||
|
ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.server.service.ipFamilies }}
|
||||||
|
ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.server.service.clusterIP }}
|
{{- if .Values.server.service.clusterIP }}
|
||||||
clusterIP: {{ .Values.server.service.clusterIP }}
|
clusterIP: {{ .Values.server.service.clusterIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{/*
|
||||||
|
Copyright (c) HashiCorp, Inc.
|
||||||
|
SPDX-License-Identifier: MPL-2.0
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{ template "vault.serverServiceAccountSecretCreationEnabled" . }}
|
||||||
|
{{- if .serverServiceAccountSecretCreationEnabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ template "vault.serviceAccount.name" . }}-token
|
||||||
|
namespace: {{ include "vault.namespace" . }}
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/service-account.name: {{ template "vault.serviceAccount.name" . }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
type: kubernetes.io/service-account-token
|
||||||
|
{{ end }}
|
||||||
|
|
@ -9,7 +9,7 @@ apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.serviceAccount.name" . }}
|
name: {{ template "vault.serviceAccount.name" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ apiVersion: apps/v1
|
||||||
kind: StatefulSet
|
kind: StatefulSet
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}
|
name: {{ template "vault.fullname" . }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
@ -61,6 +61,10 @@ spec:
|
||||||
{{ template "vault.volumes" . }}
|
{{ template "vault.volumes" . }}
|
||||||
- name: home
|
- name: home
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
{{- if .Values.server.hostAliases }}
|
||||||
|
hostAliases:
|
||||||
|
{{ toYaml .Values.server.hostAliases | nindent 8}}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.server.extraInitContainers }}
|
{{- if .Values.server.extraInitContainers }}
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ toYaml .Values.server.extraInitContainers | nindent 8}}
|
{{ toYaml .Values.server.extraInitContainers | nindent 8}}
|
||||||
|
|
|
||||||
|
|
@ -9,8 +9,8 @@ SPDX-License-Identifier: MPL-2.0
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: "{{ .Release.Name }}-server-test"
|
name: {{ template "vault.fullname" . }}-server-test
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
annotations:
|
annotations:
|
||||||
"helm.sh/hook": test
|
"helm.sh/hook": test
|
||||||
spec:
|
spec:
|
||||||
|
|
@ -21,7 +21,7 @@ spec:
|
||||||
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
|
||||||
env:
|
env:
|
||||||
- name: VAULT_ADDR
|
- name: VAULT_ADDR
|
||||||
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
|
value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
|
||||||
{{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
|
{{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
|
||||||
command:
|
command:
|
||||||
- /bin/sh
|
- /bin/sh
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ template "vault.fullname" . }}-ui
|
name: {{ template "vault.fullname" . }}-ui
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ include "vault.namespace" . }}
|
||||||
labels:
|
labels:
|
||||||
helm.sh/chart: {{ include "vault.chart" . }}
|
helm.sh/chart: {{ include "vault.chart" . }}
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}-ui
|
app.kubernetes.io/name: {{ include "vault.name" . }}-ui
|
||||||
|
|
@ -20,6 +20,14 @@ metadata:
|
||||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
{{- template "vault.ui.annotations" . }}
|
{{- template "vault.ui.annotations" . }}
|
||||||
spec:
|
spec:
|
||||||
|
{{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
|
||||||
|
{{- if .Values.ui.serviceIPFamilyPolicy }}
|
||||||
|
ipFamilyPolicy: {{ .Values.ui.serviceIPFamilyPolicy }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.ui.serviceIPFamilies }}
|
||||||
|
ipFamilies: {{ .Values.ui.serviceIPFamilies | toYaml | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: {{ include "vault.name" . }}
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
||||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
|
|
||||||
|
|
@ -9,13 +9,16 @@ global:
|
||||||
injector:
|
injector:
|
||||||
image:
|
image:
|
||||||
repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
|
repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
|
||||||
tag: "1.2.1-ubi"
|
tag: "1.3.1-ubi"
|
||||||
|
|
||||||
agentImage:
|
agentImage:
|
||||||
repository: "registry.connect.redhat.com/hashicorp/vault"
|
repository: "registry.connect.redhat.com/hashicorp/vault"
|
||||||
tag: "1.14.0-ubi"
|
tag: "1.15.1-ubi"
|
||||||
|
|
||||||
server:
|
server:
|
||||||
image:
|
image:
|
||||||
repository: "registry.connect.redhat.com/hashicorp/vault"
|
repository: "registry.connect.redhat.com/hashicorp/vault"
|
||||||
tag: "1.14.0-ubi"
|
tag: "1.15.1-ubi"
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
path: "/v1/sys/health?uninitcode=204"
|
||||||
|
|
|
||||||
|
|
@ -228,6 +228,9 @@
|
||||||
"enabled": {
|
"enabled": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
"namespace": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
"externalVaultAddr": {
|
"externalVaultAddr": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
|
@ -737,6 +740,9 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"hostAliases": {
|
||||||
|
"type": "array"
|
||||||
|
},
|
||||||
"image": {
|
"image": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|
@ -916,6 +922,12 @@
|
||||||
"properties": {
|
"properties": {
|
||||||
"enabled": {
|
"enabled": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
"annotations": {
|
||||||
|
"type": [
|
||||||
|
"object",
|
||||||
|
"string"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
@ -950,6 +962,12 @@
|
||||||
"properties": {
|
"properties": {
|
||||||
"enabled": {
|
"enabled": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
|
},
|
||||||
|
"annotations": {
|
||||||
|
"type": [
|
||||||
|
"object",
|
||||||
|
"string"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
@ -964,6 +982,14 @@
|
||||||
},
|
},
|
||||||
"standbyNodePort": {
|
"standbyNodePort": {
|
||||||
"type": "integer"
|
"type": "integer"
|
||||||
|
},
|
||||||
|
"ipFamilyPolicy": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"ipFamilies": {
|
||||||
|
"type": [
|
||||||
|
"array"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
@ -982,6 +1008,9 @@
|
||||||
"extraLabels": {
|
"extraLabels": {
|
||||||
"type": "object"
|
"type": "object"
|
||||||
},
|
},
|
||||||
|
"createSecret": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"name": {
|
"name": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
|
@ -1137,6 +1166,16 @@
|
||||||
},
|
},
|
||||||
"targetPort": {
|
"targetPort": {
|
||||||
"type": "integer"
|
"type": "integer"
|
||||||
|
},
|
||||||
|
"serviceIPFamilyPolicy": {
|
||||||
|
"type": [
|
||||||
|
"string"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"serviceIPFamilies": {
|
||||||
|
"type": [
|
||||||
|
"array"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,9 @@ global:
|
||||||
# will enable or disable all the components within this chart by default.
|
# will enable or disable all the components within this chart by default.
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
# The namespace to deploy to. Defaults to the `helm` installation namespace.
|
||||||
|
namespace: ""
|
||||||
|
|
||||||
# Image pull secret to use for registry authentication.
|
# Image pull secret to use for registry authentication.
|
||||||
# Alternatively, the value may be specified as an array of strings.
|
# Alternatively, the value may be specified as an array of strings.
|
||||||
imagePullSecrets: []
|
imagePullSecrets: []
|
||||||
|
|
@ -65,7 +68,7 @@ injector:
|
||||||
# image sets the repo and tag of the vault-k8s image to use for the injector.
|
# image sets the repo and tag of the vault-k8s image to use for the injector.
|
||||||
image:
|
image:
|
||||||
repository: "hashicorp/vault-k8s"
|
repository: "hashicorp/vault-k8s"
|
||||||
tag: "1.2.1"
|
tag: "1.3.1"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
# agentImage sets the repo and tag of the Vault image to use for the Vault Agent
|
# agentImage sets the repo and tag of the Vault image to use for the Vault Agent
|
||||||
|
|
@ -73,7 +76,7 @@ injector:
|
||||||
# required.
|
# required.
|
||||||
agentImage:
|
agentImage:
|
||||||
repository: "hashicorp/vault"
|
repository: "hashicorp/vault"
|
||||||
tag: "1.14.0"
|
tag: "1.15.1"
|
||||||
|
|
||||||
# The default values for the injected Vault Agent containers.
|
# The default values for the injected Vault Agent containers.
|
||||||
agentDefaults:
|
agentDefaults:
|
||||||
|
|
@ -374,7 +377,7 @@ server:
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: "hashicorp/vault"
|
repository: "hashicorp/vault"
|
||||||
tag: "1.14.0"
|
tag: "1.15.1"
|
||||||
# Overrides the default Image Pull Policy
|
# Overrides the default Image Pull Policy
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
|
@ -442,6 +445,12 @@ server:
|
||||||
# hosts:
|
# hosts:
|
||||||
# - chart-example.local
|
# - chart-example.local
|
||||||
|
|
||||||
|
# hostAliases is a list of aliases to be added to /etc/hosts. Specified as a YAML list.
|
||||||
|
hostAliases: []
|
||||||
|
# - ip: 127.0.0.1
|
||||||
|
# hostnames:
|
||||||
|
# - chart-example.local
|
||||||
|
|
||||||
# OpenShift only - create a route to expose the service
|
# OpenShift only - create a route to expose the service
|
||||||
# By default the created route will be of type passthrough
|
# By default the created route will be of type passthrough
|
||||||
route:
|
route:
|
||||||
|
|
@ -462,7 +471,7 @@ server:
|
||||||
|
|
||||||
# authDelegator enables a cluster role binding to be attached to the service
|
# authDelegator enables a cluster role binding to be attached to the service
|
||||||
# account. This cluster role binding can be used to setup Kubernetes auth
|
# account. This cluster role binding can be used to setup Kubernetes auth
|
||||||
# method. https://www.vaultproject.io/docs/auth/kubernetes.html
|
# method. See https://developer.hashicorp.com/vault/docs/auth/kubernetes
|
||||||
authDelegator:
|
authDelegator:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
|
@ -649,13 +658,21 @@ server:
|
||||||
service:
|
service:
|
||||||
enabled: true
|
enabled: true
|
||||||
# Enable or disable the vault-active service, which selects Vault pods that
|
# Enable or disable the vault-active service, which selects Vault pods that
|
||||||
# have labelled themselves as the cluster leader with `vault-active: "true"`
|
# have labeled themselves as the cluster leader with `vault-active: "true"`.
|
||||||
active:
|
active:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
# Extra annotations for the service definition. This can either be YAML or a
|
||||||
|
# YAML-formatted multi-line templated string map of the annotations to apply
|
||||||
|
# to the active service.
|
||||||
|
annotations: {}
|
||||||
# Enable or disable the vault-standby service, which selects Vault pods that
|
# Enable or disable the vault-standby service, which selects Vault pods that
|
||||||
# have labelled themselves as a cluster follower with `vault-active: "false"`
|
# have labeled themselves as a cluster follower with `vault-active: "false"`.
|
||||||
standby:
|
standby:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
# Extra annotations for the service definition. This can either be YAML or a
|
||||||
|
# YAML-formatted multi-line templated string map of the annotations to apply
|
||||||
|
# to the standby service.
|
||||||
|
annotations: {}
|
||||||
# If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}`
|
# If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}`
|
||||||
# When disabled, services may select Vault pods not deployed from the chart.
|
# When disabled, services may select Vault pods not deployed from the chart.
|
||||||
# Does not affect the headless vault-internal service with `ClusterIP: None`
|
# Does not affect the headless vault-internal service with `ClusterIP: None`
|
||||||
|
|
@ -673,6 +690,21 @@ server:
|
||||||
# or NodePort.
|
# or NodePort.
|
||||||
#type: ClusterIP
|
#type: ClusterIP
|
||||||
|
|
||||||
|
# The IP family and IP families options are to set the behaviour in a dual-stack environment.
|
||||||
|
# Omitting these values will let the service fall back to whatever the CNI dictates the defaults
|
||||||
|
# should be.
|
||||||
|
# These are only supported for kubernetes versions >=1.23.0
|
||||||
|
#
|
||||||
|
# Configures the service's supported IP family policy, can be either:
|
||||||
|
# SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
|
||||||
|
# PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service.
|
||||||
|
# RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges.
|
||||||
|
ipFamilyPolicy: ""
|
||||||
|
|
||||||
|
# Sets the families that should be supported and the order in which they should be applied to ClusterIP as well.
|
||||||
|
# Can be IPv4 and/or IPv6.
|
||||||
|
ipFamilies: []
|
||||||
|
|
||||||
# Do not wait for pods to be ready before including them in the services'
|
# Do not wait for pods to be ready before including them in the services'
|
||||||
# targets. Does not apply to the headless service, which is used for
|
# targets. Does not apply to the headless service, which is used for
|
||||||
# cluster-internal communication.
|
# cluster-internal communication.
|
||||||
|
|
@ -709,7 +741,7 @@ server:
|
||||||
|
|
||||||
# This configures the Vault Statefulset to create a PVC for data
|
# This configures the Vault Statefulset to create a PVC for data
|
||||||
# storage when using the file or raft backend storage engines.
|
# storage when using the file or raft backend storage engines.
|
||||||
# See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
|
# See https://developer.hashicorp.com/vault/docs/configuration/storage to know more
|
||||||
dataStorage:
|
dataStorage:
|
||||||
enabled: true
|
enabled: true
|
||||||
# Size of the PVC created
|
# Size of the PVC created
|
||||||
|
|
@ -728,7 +760,7 @@ server:
|
||||||
# logs. Once Vault is deployed, initialized, and unsealed, Vault must
|
# logs. Once Vault is deployed, initialized, and unsealed, Vault must
|
||||||
# be configured to use this for audit logs. This will be mounted to
|
# be configured to use this for audit logs. This will be mounted to
|
||||||
# /vault/audit
|
# /vault/audit
|
||||||
# See https://www.vaultproject.io/docs/audit/index.html to know more
|
# See https://developer.hashicorp.com/vault/docs/audit to know more
|
||||||
auditStorage:
|
auditStorage:
|
||||||
enabled: false
|
enabled: false
|
||||||
# Size of the PVC created
|
# Size of the PVC created
|
||||||
|
|
@ -747,7 +779,7 @@ server:
|
||||||
# and no initialization. This is useful for experimenting with Vault without
|
# and no initialization. This is useful for experimenting with Vault without
|
||||||
# needing to unseal, store keys, et. al. All data is lost on restart - do not
|
# needing to unseal, store keys, et. al. All data is lost on restart - do not
|
||||||
# use dev mode for anything other than experimenting.
|
# use dev mode for anything other than experimenting.
|
||||||
# See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
|
# See https://developer.hashicorp.com/vault/docs/concepts/dev-server to know more
|
||||||
dev:
|
dev:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
|
@ -769,7 +801,7 @@ server:
|
||||||
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
||||||
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
||||||
# or through a Kube secret. For more information see:
|
# or through a Kube secret. For more information see:
|
||||||
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
# https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
||||||
config: |
|
config: |
|
||||||
ui = true
|
ui = true
|
||||||
|
|
||||||
|
|
@ -812,12 +844,12 @@ server:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
|
|
||||||
# Set the api_addr configuration for Vault HA
|
# Set the api_addr configuration for Vault HA
|
||||||
# See https://www.vaultproject.io/docs/configuration#api_addr
|
# See https://developer.hashicorp.com/vault/docs/configuration#api_addr
|
||||||
# If set to null, this will be set to the Pod IP Address
|
# If set to null, this will be set to the Pod IP Address
|
||||||
apiAddr: null
|
apiAddr: null
|
||||||
|
|
||||||
# Set the cluster_addr confuguration for Vault HA
|
# Set the cluster_addr confuguration for Vault HA
|
||||||
# See https://www.vaultproject.io/docs/configuration#cluster_addr
|
# See https://developer.hashicorp.com/vault/docs/configuration#cluster_addr
|
||||||
# If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
|
# If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
|
||||||
clusterAddr: null
|
clusterAddr: null
|
||||||
|
|
||||||
|
|
@ -835,7 +867,7 @@ server:
|
||||||
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
||||||
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
||||||
# or through a Kube secret. For more information see:
|
# or through a Kube secret. For more information see:
|
||||||
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
# https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
||||||
config: |
|
config: |
|
||||||
ui = true
|
ui = true
|
||||||
|
|
||||||
|
|
@ -862,7 +894,7 @@ server:
|
||||||
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
# Note: Configuration files are stored in ConfigMaps so sensitive data
|
||||||
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
# such as passwords should be either mounted through extraSecretEnvironmentVars
|
||||||
# or through a Kube secret. For more information see:
|
# or through a Kube secret. For more information see:
|
||||||
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
# https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
|
||||||
config: |
|
config: |
|
||||||
ui = true
|
ui = true
|
||||||
|
|
||||||
|
|
@ -914,6 +946,12 @@ server:
|
||||||
# The name of the service account to use.
|
# The name of the service account to use.
|
||||||
# If not set and create is true, a name is generated using the fullname template
|
# If not set and create is true, a name is generated using the fullname template
|
||||||
name: ""
|
name: ""
|
||||||
|
# Create a Secret API object to store a non-expiring token for the service account.
|
||||||
|
# Prior to v1.24.0, Kubernetes used to generate this secret for each service account by default.
|
||||||
|
# Kubernetes now recommends using short-lived tokens from the TokenRequest API or projected volumes instead if possible.
|
||||||
|
# For more details, see https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets
|
||||||
|
# serviceAccount.create must be equal to 'true' in order to use this feature.
|
||||||
|
createSecret: false
|
||||||
# Extra annotations for the serviceAccount definition. This can either be
|
# Extra annotations for the serviceAccount definition. This can either be
|
||||||
# YAML or a YAML-formatted multi-line templated string map of the
|
# YAML or a YAML-formatted multi-line templated string map of the
|
||||||
# annotations to apply to the serviceAccount.
|
# annotations to apply to the serviceAccount.
|
||||||
|
|
@ -970,6 +1008,21 @@ ui:
|
||||||
externalPort: 8200
|
externalPort: 8200
|
||||||
targetPort: 8200
|
targetPort: 8200
|
||||||
|
|
||||||
|
# The IP family and IP families options are to set the behaviour in a dual-stack environment.
|
||||||
|
# Omitting these values will let the service fall back to whatever the CNI dictates the defaults
|
||||||
|
# should be.
|
||||||
|
# These are only supported for kubernetes versions >=1.23.0
|
||||||
|
#
|
||||||
|
# Configures the service's supported IP family, can be either:
|
||||||
|
# SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
|
||||||
|
# PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service.
|
||||||
|
# RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges.
|
||||||
|
serviceIPFamilyPolicy: ""
|
||||||
|
|
||||||
|
# Sets the families that should be supported and the order in which they should be applied to ClusterIP as well
|
||||||
|
# Can be IPv4 and/or IPv6.
|
||||||
|
serviceIPFamilies: []
|
||||||
|
|
||||||
# The externalTrafficPolicy can be set to either Cluster or Local
|
# The externalTrafficPolicy can be set to either Cluster or Local
|
||||||
# and is only valid for LoadBalancer and NodePort service types.
|
# and is only valid for LoadBalancer and NodePort service types.
|
||||||
# The default value is Cluster.
|
# The default value is Cluster.
|
||||||
|
|
@ -1001,7 +1054,7 @@ csi:
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: "hashicorp/vault-csi-provider"
|
repository: "hashicorp/vault-csi-provider"
|
||||||
tag: "1.4.0"
|
tag: "1.4.1"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
# volumes is a list of volumes made available to all containers. These are rendered
|
# volumes is a list of volumes made available to all containers. These are rendered
|
||||||
|
|
@ -1086,7 +1139,7 @@ csi:
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: "hashicorp/vault"
|
repository: "hashicorp/vault"
|
||||||
tag: "1.14.0"
|
tag: "1.15.1"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
logFormat: standard
|
logFormat: standard
|
||||||
|
|
@ -1143,7 +1196,7 @@ csi:
|
||||||
debug: false
|
debug: false
|
||||||
|
|
||||||
# Pass arbitrary additional arguments to vault-csi-provider.
|
# Pass arbitrary additional arguments to vault-csi-provider.
|
||||||
# See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
|
# See https://developer.hashicorp.com/vault/docs/platform/k8s/csi/configurations#command-line-arguments
|
||||||
# for the available command line flags.
|
# for the available command line flags.
|
||||||
extraArgs: []
|
extraArgs: []
|
||||||
|
|
||||||
|
|
@ -1152,8 +1205,8 @@ csi:
|
||||||
# the Vault configuration. There are a few examples included in the `config` sections above.
|
# the Vault configuration. There are a few examples included in the `config` sections above.
|
||||||
#
|
#
|
||||||
# For more information see:
|
# For more information see:
|
||||||
# https://www.vaultproject.io/docs/configuration/telemetry
|
# https://developer.hashicorp.com/vault/docs/configuration/telemetry
|
||||||
# https://www.vaultproject.io/docs/internals/telemetry
|
# https://developer.hashicorp.com/vault/docs/internals/telemetry
|
||||||
serverTelemetry:
|
serverTelemetry:
|
||||||
# Enable support for the Prometheus Operator. Currently, this chart does not support
|
# Enable support for the Prometheus Operator. Currently, this chart does not support
|
||||||
# authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included
|
# authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included
|
||||||
|
|
|
||||||
|
|
@ -28,4 +28,4 @@ name: loft
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/loft-sh/loft
|
- https://github.com/loft-sh/loft
|
||||||
type: application
|
type: application
|
||||||
version: 3.3.0
|
version: 3.3.1
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ annotations:
|
||||||
catalog.cattle.io/kube-version: '>=1.16-0'
|
catalog.cattle.io/kube-version: '>=1.16-0'
|
||||||
catalog.cattle.io/release-name: nats
|
catalog.cattle.io/release-name: nats
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 2.10.3
|
appVersion: 2.10.4
|
||||||
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
|
description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications
|
||||||
Technology.
|
Technology.
|
||||||
home: http://github.com/nats-io/k8s
|
home: http://github.com/nats-io/k8s
|
||||||
|
|
@ -18,4 +18,4 @@ maintainers:
|
||||||
name: The NATS Authors
|
name: The NATS Authors
|
||||||
url: https://github.com/nats-io
|
url: https://github.com/nats-io
|
||||||
name: nats
|
name: nats
|
||||||
version: 1.1.2
|
version: 1.1.3
|
||||||
|
|
|
||||||
|
|
@ -308,7 +308,7 @@ config:
|
||||||
container:
|
container:
|
||||||
image:
|
image:
|
||||||
repository: nats
|
repository: nats
|
||||||
tag: 2.10.3-alpine
|
tag: 2.10.4-alpine
|
||||||
pullPolicy:
|
pullPolicy:
|
||||||
registry:
|
registry:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,25 +1,25 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: newrelic-infrastructure
|
- name: newrelic-infrastructure
|
||||||
repository: https://newrelic.github.io/nri-kubernetes
|
repository: https://newrelic.github.io/nri-kubernetes
|
||||||
version: 3.23.3
|
version: 3.23.4
|
||||||
- name: nri-prometheus
|
- name: nri-prometheus
|
||||||
repository: https://newrelic.github.io/nri-prometheus
|
repository: https://newrelic.github.io/nri-prometheus
|
||||||
version: 2.1.17
|
version: 2.1.17
|
||||||
- name: newrelic-prometheus-agent
|
- name: newrelic-prometheus-agent
|
||||||
repository: https://newrelic.github.io/newrelic-prometheus-configurator
|
repository: https://newrelic.github.io/newrelic-prometheus-configurator
|
||||||
version: 1.5.1
|
version: 1.6.0
|
||||||
- name: nri-metadata-injection
|
- name: nri-metadata-injection
|
||||||
repository: https://newrelic.github.io/k8s-metadata-injection
|
repository: https://newrelic.github.io/k8s-metadata-injection
|
||||||
version: 4.10.2
|
version: 4.11.0
|
||||||
- name: newrelic-k8s-metrics-adapter
|
- name: newrelic-k8s-metrics-adapter
|
||||||
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
|
repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter
|
||||||
version: 1.4.3
|
version: 1.5.0
|
||||||
- name: kube-state-metrics
|
- name: kube-state-metrics
|
||||||
repository: https://prometheus-community.github.io/helm-charts
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
version: 5.12.1
|
version: 5.12.1
|
||||||
- name: nri-kube-events
|
- name: nri-kube-events
|
||||||
repository: https://newrelic.github.io/nri-kube-events
|
repository: https://newrelic.github.io/nri-kube-events
|
||||||
version: 3.2.6
|
version: 3.3.0
|
||||||
- name: newrelic-logging
|
- name: newrelic-logging
|
||||||
repository: https://newrelic.github.io/helm-charts
|
repository: https://newrelic.github.io/helm-charts
|
||||||
version: 1.18.1
|
version: 1.18.1
|
||||||
|
|
@ -31,6 +31,6 @@ dependencies:
|
||||||
version: 0.1.4
|
version: 0.1.4
|
||||||
- name: newrelic-infra-operator
|
- name: newrelic-infra-operator
|
||||||
repository: https://newrelic.github.io/newrelic-infra-operator
|
repository: https://newrelic.github.io/newrelic-infra-operator
|
||||||
version: 2.3.3
|
version: 2.4.0
|
||||||
digest: sha256:c543d1a04d2e80cc532d335b7c13104007c19ca20fc64a625ca1f0c4e27ae681
|
digest: sha256:513fd7c4b9475bfa329ebe349022b95481f456b4facad64b82921bb8926361e1
|
||||||
generated: "2023-10-25T15:02:36.960563782Z"
|
generated: "2023-10-31T08:04:17.666576471Z"
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ dependencies:
|
||||||
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
|
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
|
||||||
name: newrelic-infrastructure
|
name: newrelic-infrastructure
|
||||||
repository: file://./charts/newrelic-infrastructure
|
repository: file://./charts/newrelic-infrastructure
|
||||||
version: 3.23.3
|
version: 3.23.4
|
||||||
- condition: prometheus.enabled,nri-prometheus.enabled
|
- condition: prometheus.enabled,nri-prometheus.enabled
|
||||||
name: nri-prometheus
|
name: nri-prometheus
|
||||||
repository: file://./charts/nri-prometheus
|
repository: file://./charts/nri-prometheus
|
||||||
|
|
@ -15,15 +15,15 @@ dependencies:
|
||||||
- condition: newrelic-prometheus-agent.enabled
|
- condition: newrelic-prometheus-agent.enabled
|
||||||
name: newrelic-prometheus-agent
|
name: newrelic-prometheus-agent
|
||||||
repository: file://./charts/newrelic-prometheus-agent
|
repository: file://./charts/newrelic-prometheus-agent
|
||||||
version: 1.5.1
|
version: 1.6.0
|
||||||
- condition: webhook.enabled,nri-metadata-injection.enabled
|
- condition: webhook.enabled,nri-metadata-injection.enabled
|
||||||
name: nri-metadata-injection
|
name: nri-metadata-injection
|
||||||
repository: file://./charts/nri-metadata-injection
|
repository: file://./charts/nri-metadata-injection
|
||||||
version: 4.10.2
|
version: 4.11.0
|
||||||
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
|
- condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
|
||||||
name: newrelic-k8s-metrics-adapter
|
name: newrelic-k8s-metrics-adapter
|
||||||
repository: file://./charts/newrelic-k8s-metrics-adapter
|
repository: file://./charts/newrelic-k8s-metrics-adapter
|
||||||
version: 1.4.3
|
version: 1.5.0
|
||||||
- condition: ksm.enabled,kube-state-metrics.enabled
|
- condition: ksm.enabled,kube-state-metrics.enabled
|
||||||
name: kube-state-metrics
|
name: kube-state-metrics
|
||||||
repository: file://./charts/kube-state-metrics
|
repository: file://./charts/kube-state-metrics
|
||||||
|
|
@ -31,7 +31,7 @@ dependencies:
|
||||||
- condition: kubeEvents.enabled,nri-kube-events.enabled
|
- condition: kubeEvents.enabled,nri-kube-events.enabled
|
||||||
name: nri-kube-events
|
name: nri-kube-events
|
||||||
repository: file://./charts/nri-kube-events
|
repository: file://./charts/nri-kube-events
|
||||||
version: 3.2.6
|
version: 3.3.0
|
||||||
- condition: logging.enabled,newrelic-logging.enabled
|
- condition: logging.enabled,newrelic-logging.enabled
|
||||||
name: newrelic-logging
|
name: newrelic-logging
|
||||||
repository: file://./charts/newrelic-logging
|
repository: file://./charts/newrelic-logging
|
||||||
|
|
@ -48,7 +48,7 @@ dependencies:
|
||||||
- condition: newrelic-infra-operator.enabled
|
- condition: newrelic-infra-operator.enabled
|
||||||
name: newrelic-infra-operator
|
name: newrelic-infra-operator
|
||||||
repository: file://./charts/newrelic-infra-operator
|
repository: file://./charts/newrelic-infra-operator
|
||||||
version: 2.3.3
|
version: 2.4.0
|
||||||
description: Groups together the individual charts for the New Relic Kubernetes solution
|
description: Groups together the individual charts for the New Relic Kubernetes solution
|
||||||
for a more comfortable deployment.
|
for a more comfortable deployment.
|
||||||
home: https://github.com/newrelic/helm-charts
|
home: https://github.com/newrelic/helm-charts
|
||||||
|
|
@ -89,4 +89,4 @@ sources:
|
||||||
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
|
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
|
||||||
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
|
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
|
||||||
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
|
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
|
||||||
version: 5.0.42
|
version: 5.0.43
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.11.3
|
appVersion: 0.12.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common-library
|
- name: common-library
|
||||||
repository: https://helm-charts.newrelic.com
|
repository: https://helm-charts.newrelic.com
|
||||||
|
|
@ -32,4 +32,4 @@ name: newrelic-infra-operator
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/newrelic/newrelic-infra-operator
|
- https://github.com/newrelic/newrelic-infra-operator
|
||||||
- https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator
|
- https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator
|
||||||
version: 2.3.3
|
version: 2.4.0
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 3.18.3
|
appVersion: 3.18.4
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common-library
|
- name: common-library
|
||||||
repository: https://helm-charts.newrelic.com
|
repository: https://helm-charts.newrelic.com
|
||||||
|
|
@ -35,4 +35,4 @@ sources:
|
||||||
- https://github.com/newrelic/nri-kubernetes/
|
- https://github.com/newrelic/nri-kubernetes/
|
||||||
- https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
|
- https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
|
||||||
- https://github.com/newrelic/infrastructure-agent/
|
- https://github.com/newrelic/infrastructure-agent/
|
||||||
version: 3.23.3
|
version: 3.23.4
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.6.4
|
appVersion: 0.7.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common-library
|
- name: common-library
|
||||||
repository: https://helm-charts.newrelic.com
|
repository: https://helm-charts.newrelic.com
|
||||||
|
|
@ -20,4 +20,4 @@ name: newrelic-k8s-metrics-adapter
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/newrelic/newrelic-k8s-metrics-adapter
|
- https://github.com/newrelic/newrelic-k8s-metrics-adapter
|
||||||
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter
|
- https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter
|
||||||
version: 1.4.3
|
version: 1.5.0
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
annotations:
|
annotations:
|
||||||
configuratorVersion: 1.8.1
|
configuratorVersion: 1.9.0
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: v2.37.8
|
appVersion: v2.37.8
|
||||||
dependencies:
|
dependencies:
|
||||||
|
|
@ -31,4 +31,4 @@ maintainers:
|
||||||
url: https://github.com/xqi-nr
|
url: https://github.com/xqi-nr
|
||||||
name: newrelic-prometheus-agent
|
name: newrelic-prometheus-agent
|
||||||
type: application
|
type: application
|
||||||
version: 1.5.1
|
version: 1.6.0
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 2.2.13
|
appVersion: 2.3.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common-library
|
- name: common-library
|
||||||
repository: https://helm-charts.newrelic.com
|
repository: https://helm-charts.newrelic.com
|
||||||
|
|
@ -35,4 +35,4 @@ sources:
|
||||||
- https://github.com/newrelic/nri-kube-events/
|
- https://github.com/newrelic/nri-kube-events/
|
||||||
- https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events
|
- https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events
|
||||||
- https://github.com/newrelic/infrastructure-agent/
|
- https://github.com/newrelic/infrastructure-agent/
|
||||||
version: 3.2.6
|
version: 3.3.0
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
# nri-kube-events
|
# nri-kube-events
|
||||||
|
|
||||||
 
|
 
|
||||||
|
|
||||||
A Helm chart to deploy the New Relic Kube Events router
|
A Helm chart to deploy the New Relic Kube Events router
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.18.4
|
appVersion: 1.19.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common-library
|
- name: common-library
|
||||||
repository: https://helm-charts.newrelic.com
|
repository: https://helm-charts.newrelic.com
|
||||||
|
|
@ -22,4 +22,4 @@ name: nri-metadata-injection
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/newrelic/k8s-metadata-injection
|
- https://github.com/newrelic/k8s-metadata-injection
|
||||||
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
|
- https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
|
||||||
version: 4.10.2
|
version: 4.11.0
|
||||||
|
|
|
||||||
|
|
@ -6,4 +6,4 @@ dependencies:
|
||||||
repository: https://charts.redpanda.com
|
repository: https://charts.redpanda.com
|
||||||
version: 0.1.7
|
version: 0.1.7
|
||||||
digest: sha256:2be209fa1660b3c8a030bb35e9e7fa25dcb81aa456ce7a73c2ab1ae6eebb3d04
|
digest: sha256:2be209fa1660b3c8a030bb35e9e7fa25dcb81aa456ce7a73c2ab1ae6eebb3d04
|
||||||
generated: "2023-10-27T18:34:04.296697929Z"
|
generated: "2023-10-30T17:31:44.018230015Z"
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ annotations:
|
||||||
artifacthub.io/links: |
|
artifacthub.io/links: |
|
||||||
- name: Documentation
|
- name: Documentation
|
||||||
url: https://docs.redpanda.com
|
url: https://docs.redpanda.com
|
||||||
- name: "Helm (>= 3.6.0)"
|
- name: "Helm (>= 3.8.0)"
|
||||||
url: https://helm.sh/docs/intro/install/
|
url: https://helm.sh/docs/intro/install/
|
||||||
catalog.cattle.io/certified: partner
|
catalog.cattle.io/certified: partner
|
||||||
catalog.cattle.io/display-name: Redpanda
|
catalog.cattle.io/display-name: Redpanda
|
||||||
|
|
@ -37,4 +37,4 @@ name: redpanda
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/redpanda-data/helm-charts
|
- https://github.com/redpanda-data/helm-charts
|
||||||
type: application
|
type: application
|
||||||
version: 5.6.35
|
version: 5.6.37
|
||||||
|
|
|
||||||
|
|
@ -202,7 +202,10 @@ Use AppVersion if image.tag is not set
|
||||||
Input can be: b | B | k | K | m | M | g | G | Ki | Mi | Gi
|
Input can be: b | B | k | K | m | M | g | G | Ki | Mi | Gi
|
||||||
Or number without suffix
|
Or number without suffix
|
||||||
*/}}
|
*/}}
|
||||||
{{- $si := . | toString -}}
|
{{- $si := . -}}
|
||||||
|
{{- if not (typeIs "string" . ) -}}
|
||||||
|
{{- $si = int64 $si | toString -}}
|
||||||
|
{{- end -}}
|
||||||
{{- $bytes := 0 -}}
|
{{- $bytes := 0 -}}
|
||||||
{{- if or (hasSuffix "B" $si) (hasSuffix "b" $si) -}}
|
{{- if or (hasSuffix "B" $si) (hasSuffix "b" $si) -}}
|
||||||
{{- $bytes = $si | trimSuffix "B" | trimSuffix "b" | float64 | floor -}}
|
{{- $bytes = $si | trimSuffix "B" | trimSuffix "b" | float64 | floor -}}
|
||||||
|
|
@ -423,6 +426,13 @@ than 1 core.
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "fail-on-unsupported-helm-version" -}}
|
||||||
|
{{- $helmVer := (fromYaml (toYaml .Capabilities.HelmVersion)).version -}}
|
||||||
|
{{- if semverCompare "<3.8.0-0" $helmVer -}}
|
||||||
|
{{- fail (printf "helm version %s is not supported. Please use helm version v3.8.0 or newer." $helmVer) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
{{- define "redpanda-atleast-22-2-0" -}}
|
{{- define "redpanda-atleast-22-2-0" -}}
|
||||||
{{- toJson (dict "bool" (or (not (eq .Values.image.repository "docker.redpanda.com/redpandadata/redpanda")) (include "redpanda.semver" . | semverCompare ">=22.2.0-0 || <0.0.1-0"))) -}}
|
{{- toJson (dict "bool" (or (not (eq .Values.image.repository "docker.redpanda.com/redpandadata/redpanda")) (include "redpanda.semver" . | semverCompare ">=22.2.0-0 || <0.0.1-0"))) -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- include "fail-on-unsupported-helm-version" . -}}
|
||||||
{{- include "fail-on-insecure-sasl-logging" . -}}
|
{{- include "fail-on-insecure-sasl-logging" . -}}
|
||||||
|
|
||||||
{{- $values := .Values }}
|
{{- $values := .Values }}
|
||||||
|
|
|
||||||
|
|
@ -21,4 +21,4 @@ maintainers:
|
||||||
- email: ops@stackstate.com
|
- email: ops@stackstate.com
|
||||||
name: Stackstate
|
name: Stackstate
|
||||||
name: stackstate-k8s-agent
|
name: stackstate-k8s-agent
|
||||||
version: 1.0.49
|
version: 1.0.51
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
Helm chart for the StackState Agent.
|
Helm chart for the StackState Agent.
|
||||||
|
|
||||||
Current chart version is `1.0.49`
|
Current chart version is `1.0.51`
|
||||||
|
|
||||||
**Homepage:** <https://github.com/StackVista/stackstate-agent>
|
**Homepage:** <https://github.com/StackVista/stackstate-agent>
|
||||||
|
|
||||||
|
|
@ -61,7 +61,7 @@ stackstate/stackstate-k8s-agent
|
||||||
| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod |
|
| checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod |
|
||||||
| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
|
| checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
|
||||||
| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
|
| checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
|
||||||
| checksAgent.image.tag | string | `"e36d1c88"` | Default container image tag. |
|
| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. |
|
||||||
| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
|
| checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
|
||||||
| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
|
| checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
|
||||||
| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
|
| checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
|
||||||
|
|
@ -121,7 +121,7 @@ stackstate/stackstate-k8s-agent
|
||||||
| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. |
|
| clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. |
|
||||||
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
|
| clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
|
||||||
| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. |
|
| clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. |
|
||||||
| clusterAgent.image.tag | string | `"e36d1c88"` | Default container image tag. |
|
| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. |
|
||||||
| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
|
| clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
|
||||||
| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
|
| clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
|
||||||
| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
|
| clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
|
||||||
|
|
@ -178,7 +178,7 @@ stackstate/stackstate-k8s-agent
|
||||||
| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container |
|
| nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container |
|
||||||
| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
|
| nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. |
|
||||||
| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
|
| nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. |
|
||||||
| nodeAgent.containers.agent.image.tag | string | `"e36d1c88"` | Default container image tag. |
|
| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. |
|
||||||
| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
|
| nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. |
|
||||||
| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
|
| nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. |
|
||||||
| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
|
| nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. |
|
||||||
|
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue