andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Added:
  kubemq/kubemq-cluster:
    - 2.3.7
  kubemq/kubemq-controller:
    - 1.9.3
  kubemq/kubemq-crds:
    - 2.3.7

Updated:
  bitnami/kafka:
    - 21.4.1
  bitnami/mariadb:
    - 11.5.5
  bitnami/mysql:
    - 9.7.0
  bitnami/postgresql:
    - 12.2.6
  bitnami/redis:
    - 17.9.0
  bitnami/tomcat:
    - 10.6.0
  bitnami/wordpress:
    - 15.2.57
  crate/crate-operator:
    - 2.25.0
  datadog/datadog:
    - 3.21.0
  digitalis/vals-operator:
    - 0.7.2
  dynatrace/dynatrace-operator:
    - 0.10.4
  gitlab/gitlab:
    - 6.10.0
  new-relic/nri-bundle:
    - 5.0.6
  speedscale/speedscale-operator:
    - 1.2.27
  sysdig/sysdig:
    - 1.15.80
```
pull/695/head
github-actions[bot] 2023-03-23 13:52:28 +00:00
parent a5df22fa62
commit d4b9c45c23
284 changed files with 3837 additions and 1170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/bitnami/kafka-21.4.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mariadb-11.5.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/mysql-9.7.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/postgresql-12.2.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-17.9.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/tomcat-10.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/wordpress-15.2.57.tgz Normal file
View File

Binary file not shown.

BIN
assets/crate/crate-operator-2.25.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.21.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/digitalis/vals-operator-0.7.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/dynatrace/dynatrace-operator-0.10.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/gitlab/gitlab-6.10.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubemq/kubemq-cluster-2.3.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubemq/kubemq-controller-1.9.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/kubemq/kubemq-crds-2.3.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-1.2.27.tgz Normal file
View File

Binary file not shown.

BIN
assets/sysdig/sysdig-1.15.80.tgz Normal file
View File

Binary file not shown.

8
charts/bitnami/kafka/Chart.lock
View File

@ -1,9 +1,9 @@
dependencies:
- name: zookeeper
repository: https://charts.bitnami.com/bitnami
version: 11.1.3
version: 11.1.5
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.3
digest: sha256:9b4839a665633a42ed9baebd57470791a91b377183962a91c33d505985aa790b
generated: "2023-02-22T15:02:37.191542654Z"
version: 2.2.4
digest: sha256:a9cc33255fae632899c931e89126a7a0e9cec72fa758d499dd75f1ab752d1b0e
generated: "2023-03-22T03:12:46.460010968Z"

2
charts/bitnami/kafka/Chart.yaml
View File

@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
version: 21.4.0
version: 21.4.1

112
charts/bitnami/kafka/README.md
View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `image.registry` | Kafka image registry | `docker.io` |
| `image.repository` | Kafka image repository | `bitnami/kafka` |
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r6` |
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.4.0-debian-11-r12` |
| `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -232,55 +232,55 @@ The command removes all the Kubernetes components associated with the chart and
### Traffic Exposure parameters
| Name | Description | Value |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.client` | Kafka svc port for client connections | `9092` |
| `service.ports.internal` | Kafka svc port for inter-broker connections | `9093` |
| `service.ports.external` | Kafka svc port for external connections | `9094` |
| `service.nodePorts.client` | Node port for the Kafka client connections | `""` |
| `service.nodePorts.external` | Node port for the Kafka external connections | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `service.headless.labels` | Labels for the headless service. | `{}` |
| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` |
| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` |
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` |
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` |
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.6-debian-11-r14` |
| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.service.labels` | Service labels for external access | `{}` |
| `externalAccess.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
| Name | Description | Value |
| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.client` | Kafka svc port for client connections | `9092` |
| `service.ports.internal` | Kafka svc port for inter-broker connections | `9093` |
| `service.ports.external` | Kafka svc port for external connections | `9094` |
| `service.nodePorts.client` | Node port for the Kafka client connections | `""` |
| `service.nodePorts.external` | Node port for the Kafka external connections | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `service.headless.labels` | Labels for the headless service. | `{}` |
| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` |
| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` |
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` |
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` |
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.7-debian-11-r4` |
| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.service.labels` | Service labels for external access | `{}` |
| `externalAccess.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
### Persistence parameters
@ -311,7 +311,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r99` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -336,7 +336,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` |
| `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` |
| `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` |
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r65` |
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.6.0-debian-11-r70` |
| `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` |
| `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -384,7 +384,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r53` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r4` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -864,6 +864,10 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading
### To 21.0.0
This major updates Kafka to its newest version, 3.4.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/34/documentation.html#upgrade).
### To 20.0.0
This major updates the Zookeeper subchart to it newest major, 11.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1100).
@ -1060,4 +1064,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.

4
charts/bitnami/kafka/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.2.3
appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.3
version: 2.2.4

136
charts/bitnami/kafka/charts/common/README.md
View File

@ -12,7 +12,7 @@ dependencies:
```
```console
$ helm dependency update
helm dependency update
```
```yaml
@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
### Affinities
| Helper identifier | Description | Expected Input |
|-------------------------------|------------------------------------------------------|------------------------------------------------|
| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
### Capabilities
| Helper identifier | Description | Expected Input |
|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
### Errors
| Helper identifier | Description | Expected Input |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
### Images
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
### Ingress
| Helper identifier | Description | Expected Input |
|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
### Labels
| Helper identifier | Description | Expected Input |
|-----------------------------|-----------------------------------------------------------------------------|-------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
### Names
| Helper identifier | Description | Expected Input |
|-----------------------------------|-----------------------------------------------------------------------|-------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
### Secrets
| Helper identifier | Description | Expected Input |
|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
### Storage
| Helper identifier | Description | Expected Input |
|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
### TplValues
| Helper identifier | Description | Expected Input |
|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
### Utils
| Helper identifier | Description | Expected Input |
|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
### Validations
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
### Warnings
| Helper identifier | Description | Expected Input |
|------------------------------|----------------------------------|------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
## Special input schemas
### ImageRoot
@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
#### Useful links
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
## License
@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,

6
charts/bitnami/kafka/charts/common/templates/_images.tpl
View File

@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- if $registryName }}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- else -}}
{{- printf "%s%s%s" $repositoryName $separator $termination -}}
{{- end -}}
{{- end -}}
{{/*

6
charts/bitnami/kafka/charts/zookeeper/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.3
digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
generated: "2023-02-17T20:26:24.808959946Z"
version: 2.2.4
digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
generated: "2023-03-19T02:06:13.108650823Z"

2
charts/bitnami/kafka/charts/zookeeper/Chart.yaml
View File

@ -22,4 +22,4 @@ name: zookeeper
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
- https://zookeeper.apache.org/
version: 11.1.3
version: 11.1.5

4
charts/bitnami/kafka/charts/zookeeper/README.md
View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r6` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r15` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |

4
charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.2.3
appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
version: 2.2.3
version: 2.2.4

136
charts/bitnami/kafka/charts/zookeeper/charts/common/README.md
View File

@ -12,7 +12,7 @@ dependencies:
```
```console
$ helm dependency update
helm dependency update
```
```yaml
@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
The following table lists the helpers available in the library which are scoped in different sections.
### Affinities
| Helper identifier | Description | Expected Input |
|-------------------------------|------------------------------------------------------|------------------------------------------------|
| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
### Capabilities
| Helper identifier | Description | Expected Input |
|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
### Errors
| Helper identifier | Description | Expected Input |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
### Images
| Helper identifier | Description | Expected Input |
|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
### Ingress
| Helper identifier | Description | Expected Input |
|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
### Labels
| Helper identifier | Description | Expected Input |
|-----------------------------|-----------------------------------------------------------------------------|-------------------|
| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
### Names
| Helper identifier | Description | Expected Input |
|-----------------------------------|-----------------------------------------------------------------------|-------------------|
| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
| `common.names.chart` | Chart name plus version | `.` Chart context |
### Secrets
| Helper identifier | Description | Expected Input |
|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
### Storage
| Helper identifier | Description | Expected Input |
|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
### TplValues
| Helper identifier | Description | Expected Input |
|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
### Utils
| Helper identifier | Description | Expected Input |
|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
### Validations
| Helper identifier | Description | Expected Input |
|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB&reg; are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
### Warnings
| Helper identifier | Description | Expected Input |
|------------------------------|----------------------------------|------------------------------------------------------------|
| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
## Special input schemas
### ImageRoot
@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
$ helm install test mychart --set path.to.value00="",path.to.value01=""
helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
**What changes were introduced in this major version?**
#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
**Considerations when upgrading to this version**
#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
**Useful links**
#### Useful links
- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
- https://helm.sh/docs/topics/v2_v3_migration/
- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
## License
@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,

6
charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_images.tpl
View File

@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- if $registryName }}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- else -}}
{{- printf "%s%s%s" $repositoryName $separator $termination -}}
{{- end -}}
{{- end -}}
{{/*

4
charts/bitnami/kafka/charts/zookeeper/values.yaml
View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
tag: 3.8.1-debian-11-r6
tag: 3.8.1-debian-11-r15
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r86
tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

10
charts/bitnami/kafka/values.yaml
View File

@ -77,7 +77,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/kafka
tag: 3.4.0-debian-11-r6
tag: 3.4.0-debian-11-r12
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -779,7 +779,7 @@ externalAccess:
image:
registry: docker.io
repository: bitnami/kubectl
tag: 1.25.6-debian-11-r14
tag: 1.25.7-debian-11-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1028,7 +1028,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r90
tag: 11-debian-11-r99
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1110,7 +1110,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/kafka-exporter
tag: 1.6.0-debian-11-r65
tag: 1.6.0-debian-11-r70
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1346,7 +1346,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/jmx-exporter
tag: 0.17.2-debian-11-r53
tag: 0.18.0-debian-11-r4
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

2
charts/bitnami/mariadb/Chart.yaml
View File

@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
version: 11.5.4
version: 11.5.5

6
charts/bitnami/mariadb/README.md
View File

@ -372,13 +372,13 @@ The command removes all the Kubernetes components associated with the chart and
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. | `false` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the primary node. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the primary node. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the primary node. | `{}` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the primary node. | `[]` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled` | Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. | `false` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to acces the secondary nodes. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the secondary nodes. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules` | Custom network policy for the secondary nodes. | `{}` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules` | Custom network policy for the secondary nodes. | `[]` |
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `[]` |
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.

12
charts/bitnami/mariadb/values.yaml
View File

@ -1263,11 +1263,11 @@ networkPolicy:
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin.
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the primary node. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the primary node. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules [object] Custom network policy for the primary node.
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules Custom network policy for the primary node.
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin.
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to acces the secondary nodes. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the secondary nodes. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules [object] Custom network policy for the secondary nodes.
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules Custom network policy for the secondary nodes.
##
ingressRules:
## Allow access to the primary node only from the indicated:
@ -1292,7 +1292,7 @@ networkPolicy:
## matchLabels:
## label: example
##
customRules: {}
customRules: []
## Allow access to the secondary node only from the indicated:
##
@ -1316,10 +1316,10 @@ networkPolicy:
## matchLabels:
## label: example
##
customRules: {}
customRules: []
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules [object] Custom network policy rule
## @param networkPolicy.egressRules.customRules Custom network policy rule
##
egressRules:
# Deny connections to external. This is not compatible with an external database.
@ -1332,4 +1332,4 @@ networkPolicy:
## matchLabels:
## label: example
##
customRules: {}
customRules: []

2
charts/bitnami/mysql/Chart.yaml
View File

@ -30,4 +30,4 @@ name: mysql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mysql
- https://mysql.com
version: 9.6.0
version: 9.7.0

89
charts/bitnami/mysql/README.md
View File

@ -315,49 +315,52 @@ The command removes all the Kubernetes components associated with the chart and
### Metrics parameters
| Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` |
| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` |
| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` |
| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` |
| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` |
| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` |
| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` |
| `metrics.prometheusRule.enabled` | Creates a Prometheus Operator prometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the prometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
| Name | Description | Value |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.containerSecurityContext.enabled` | MySQL metrics container securityContext | `true` |
| `metrics.containerSecurityContext.runAsUser` | User ID for the MySQL metrics container | `1001` |
| `metrics.containerSecurityContext.runAsNonRoot` | Set MySQL metrics container's Security Context runAsNonRoot | `true` |
| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` |
| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` |
| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` |
| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` |
| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` |
| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` |
| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` |
| `metrics.prometheusRule.enabled` | Creates a Prometheus Operator prometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` |
| `metrics.prometheusRule.namespace` | Namespace for the prometheusRule Resource (defaults to the Release Namespace) | `""` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` |
The above parameters map to the env variables defined in [bitnami/mysql](https://github.com/bitnami/containers/tree/main/bitnami/mysql). For more information please refer to the [bitnami/mysql](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image documentation.

3
charts/bitnami/mysql/templates/primary/statefulset.yaml
View File

@ -265,6 +265,9 @@ spec:
- name: metrics
image: {{ include "mysql.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- if .Values.auth.usePasswordFiles }}
- name: MYSQL_ROOT_PASSWORD_FILE

3
charts/bitnami/mysql/templates/secondary/statefulset.yaml
View File

@ -249,6 +249,9 @@ spec:
- name: metrics
image: {{ include "mysql.metrics.image" . }}
imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
{{- if .Values.metrics.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- if .Values.auth.usePasswordFiles }}
- name: MYSQL_ROOT_PASSWORD_FILE

10
charts/bitnami/mysql/values.yaml
View File

@ -1053,6 +1053,16 @@ metrics:
## - myRegistryKeySecretName
##
pullSecrets: []
## MySQL metrics container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param metrics.containerSecurityContext.enabled MySQL metrics container securityContext
## @param metrics.containerSecurityContext.runAsUser User ID for the MySQL metrics container
## @param metrics.containerSecurityContext.runAsNonRoot Set MySQL metrics container's Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## MySQL Prometheus exporter service parameters
## Mysqld Prometheus exporter liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes

2
charts/bitnami/postgresql/Chart.yaml
View File

@ -32,4 +32,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
version: 12.2.5
version: 12.2.6

6
charts/bitnami/postgresql/README.md
View File

@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r13` |
| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r14` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@ -377,7 +377,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r99` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -405,7 +405,7 @@ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r69` |
| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r71` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |

6
charts/bitnami/postgresql/values.yaml
View File

@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 15.2.0-debian-11-r13
tag: 15.2.0-debian-11-r14
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1136,7 +1136,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r98
tag: 11-debian-11-r99
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1231,7 +1231,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
tag: 0.11.1-debian-11-r69
tag: 0.12.0-debian-11-r71
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

2
charts/bitnami/redis/Chart.yaml
View File

@ -28,4 +28,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis
version: 17.8.7
version: 17.9.0

1
charts/bitnami/redis/README.md
View File

@ -408,6 +408,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.service.annotations` | Additional custom annotations for Redis&reg; Sentinel service | `{}` |
| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `sentinel.service.headless.annotations` | Annotations for the headless service. | `{}` |
| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` |
### Other Parameters

9
charts/bitnami/redis/templates/headless-svc.yaml
View File

@ -8,9 +8,12 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.sentinel.service.headless.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.service.headless.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- include "redis.externalDNS.annotations" . | nindent 4 }}
spec:
type: ClusterIP

6
charts/bitnami/redis/values.yaml
View File

@ -1255,6 +1255,12 @@ sentinel:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Headless service properties
##
headless:
## @param sentinel.service.headless.annotations Annotations for the headless service.
##
annotations: {}
## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods
##
terminationGracePeriodSeconds: 30

2
charts/bitnami/tomcat/Chart.yaml
View File

@ -32,4 +32,4 @@ name: tomcat
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org
version: 10.5.20
version: 10.6.0

1
charts/bitnami/tomcat/README.md
View File

@ -180,6 +180,7 @@ The command removes all the Kubernetes components associated with the chart and
| `service.annotations` | Annotations for Tomcat service | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.headless.annotations` | Annotations for the headless service. | `{}` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.hostname` | Default host for the ingress resource | `tomcat.local` |
| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |

6
charts/bitnami/tomcat/templates/svc-headless.yaml
View File

@ -8,10 +8,10 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- if or .Values.service.headless.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- if .Values.service.headless.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.headless.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}

6
charts/bitnami/tomcat/values.yaml
View File

@ -451,6 +451,12 @@ service:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Headless service properties
##
headless:
## @param service.headless.annotations Annotations for the headless service.
##
annotations: {}
## Ingress configuratiom
##
ingress:

6
charts/bitnami/wordpress/Chart.lock
View File

@ -4,9 +4,9 @@ dependencies:
version: 6.3.13
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 11.5.4
version: 11.5.5
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.4
digest: sha256:6cdf6880c17e68dc3717a6b1d6bc0b4150f2de2eadf7a2d3fe71386eff623658
generated: "2023-03-19T02:05:20.005606461Z"
digest: sha256:b6bf1e36cf75cf20888726a965b30006de0048818437da05e4ec9bc6da926791
generated: "2023-03-22T23:18:11.010220619Z"

2
charts/bitnami/wordpress/Chart.yaml
View File

@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
version: 15.2.56
version: 15.2.57

6
charts/bitnami/wordpress/README.md
View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r67` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r69` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@ -247,7 +247,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r99` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@ -279,7 +279,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r8` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r9` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |

2
charts/bitnami/wordpress/charts/mariadb/Chart.yaml
View File

@ -28,4 +28,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
version: 11.5.4
version: 11.5.5

6
charts/bitnami/wordpress/charts/mariadb/README.md
View File

@ -372,13 +372,13 @@ The command removes all the Kubernetes components associated with the chart and
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. | `false` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the primary node. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the primary node. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the primary node. | `{}` |
| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the primary node. | `[]` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled` | Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin. | `false` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to acces the secondary nodes. This label will be used to identified the allowed namespace(s). | `{}` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the secondary nodes. This label will be used to identified the allowed pod(s). | `{}` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules` | Custom network policy for the secondary nodes. | `{}` |
| `networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules` | Custom network policy for the secondary nodes. | `[]` |
| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `[]` |
The above parameters map to the env variables defined in [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb). For more information please refer to the [bitnami/mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb) image documentation.

12
charts/bitnami/wordpress/charts/mariadb/values.yaml
View File

@ -1263,11 +1263,11 @@ networkPolicy:
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin.
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the primary node. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the primary node. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules [object] Custom network policy for the primary node.
## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules Custom network policy for the primary node.
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled Enable ingress rule that makes primary mariadb nodes only accessible from a particular origin.
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to acces the secondary nodes. This label will be used to identified the allowed namespace(s).
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the secondary nodes. This label will be used to identified the allowed pod(s).
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules [object] Custom network policy for the secondary nodes.
## @param networkPolicy.ingressRules.secondaryAccessOnlyFrom.customRules Custom network policy for the secondary nodes.
##
ingressRules:
## Allow access to the primary node only from the indicated:
@ -1292,7 +1292,7 @@ networkPolicy:
## matchLabels:
## label: example
##
customRules: {}
customRules: []
## Allow access to the secondary node only from the indicated:
##
@ -1316,10 +1316,10 @@ networkPolicy:
## matchLabels:
## label: example
##
customRules: {}
customRules: []
## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).
## @param networkPolicy.egressRules.customRules [object] Custom network policy rule
## @param networkPolicy.egressRules.customRules Custom network policy rule
##
egressRules:
# Deny connections to external. This is not compatible with an external database.
@ -1332,4 +1332,4 @@ networkPolicy:
## matchLabels:
## label: example
##
customRules: {}
customRules: []

6
charts/bitnami/wordpress/values.yaml
View File

@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.1.1-debian-11-r67
tag: 6.1.1-debian-11-r69
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -757,7 +757,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r98
tag: 11-debian-11-r99
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -851,7 +851,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.13.0-debian-11-r8
tag: 0.13.0-debian-11-r9
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

6
charts/crate/crate-operator/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: crate-operator-crds
repository: file://../crate-operator-crds
version: 2.24.0
digest: sha256:c49ffbfea5a0a2668a0bf2c1f87add413268b36b82fee73c642411176c45a6c5
generated: "2023-03-21T14:36:08.260603114Z"
version: 2.25.0
digest: sha256:f5b63acbc58495c53c6d92aef4182b983b4e790142657f77c4efa4b172bcd78c
generated: "2023-03-23T11:44:20.81618663Z"

6
charts/crate/crate-operator/Chart.yaml
View File

@ -3,16 +3,16 @@ annotations:
catalog.cattle.io/display-name: CrateDB Operator
catalog.cattle.io/release-name: crate-operator
apiVersion: v2
appVersion: 2.24.0
appVersion: 2.25.0
dependencies:
- condition: crate-operator-crds.enabled
name: crate-operator-crds
repository: file://./charts/crate-operator-crds
version: 2.24.0
version: 2.25.0
description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
maintainers:
- name: Crate.io
name: crate-operator
type: application
version: 2.24.0
version: 2.25.0

4
charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
View File

@ -1,9 +1,9 @@
apiVersion: v2
appVersion: 2.24.0
appVersion: 2.25.0
description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
Resource Definitions (CRDs) for the Crate Operator.
maintainers:
- name: Crate.io
name: crate-operator-crds
type: application
version: 2.24.0
version: 2.25.0

8
charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml
View File

@ -307,6 +307,14 @@ spec:
cluster.
type: object
x-kubernetes-preserve-unknown-fields: true
service:
description: Additional configuration for k8s services.
properties:
annotations:
description: Additional annotations to add to the k8s load balancer service.
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
ssl:
properties:
keystore:

16
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,19 +1,23 @@
# Datadog changelog
# 3.20.3
## 3.21.0
* Add `datadog.remoteConfiguration.enabled` parameter to enable remote configuration.
## 3.20.3
* Fix command script in linux init container to prevent blocking deployment in GKE Autopilot on Rapid release channel.
* Only mount DogStatsD socket in non-Autopilot environments.
# 3.20.2
## 3.20.2
* Fix R/W volume mounts for CRI on Windows
# 3.20.1
## 3.20.1
* Fix command args in linux init container to prevent blocking deployment in GKE Autopilot.
# 3.20.0
## 3.20.0
* Enable CWS network detections by default.
@ -21,12 +25,12 @@
* Fix R/W volume mounts in init containers on Windows
# 3.19.1
## 3.19.1
* Mount emptyDir volumes in `/etc/datadog-agent` and `/tmp` to allow the cluster-agent to write files in those
locations with read-only root filesystem.
# 3.19.0
## 3.19.0
* Declare `readOnly` in volumeMounts.

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.20.3
version: 3.21.0

3
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.20.3](https://img.shields.io/badge/Version-3.20.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.21.0](https://img.shields.io/badge/Version-3.21.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
@ -679,6 +679,7 @@ helm install <RELEASE_NAME> \
| datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. |
| datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. |
| datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. |
| datadog.remoteConfiguration.enabled | bool | `false` | Set to true to enable remote configuration. |
| datadog.secretAnnotations | object | `{}` | |
| datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). |
| datadog.secretBackend.command | string | `nil` | Configure the secret backend command, path to the secret backend binary. |

4
charts/datadog/datadog/templates/_container-agent.yaml
View File

@ -149,6 +149,10 @@
value: {{ .Values.datadog.expvarPort | quote }}
{{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }}
{{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }}
{{- if .Values.datadog.remoteConfiguration.enabled }}
- name: DD_REMOTE_CONFIGURATION_ENABLED
value: "true"
{{- end }}
volumeMounts:
{{- if eq .Values.targetSystem "linux" }}
- name: installinfo

2
charts/datadog/datadog/templates/system-probe-configmap.yaml
View File

@ -53,6 +53,8 @@ data:
enabled: {{ $.Values.datadog.securityAgent.runtime.syscallMonitor.enabled }}
network:
enabled: {{ $.Values.datadog.securityAgent.runtime.network.enabled }}
remote_configuration:
enabled: {{ if and .Values.datadog.securityAgent.runtime.enabled .Values.datadog.remoteConfiguration.enabled -}} true {{else -}} false {{end}}
{{- if .Values.datadog.securityAgent.runtime.activityDump.enabled }}
activity_dump:
enabled: true

4
charts/datadog/datadog/values.yaml
View File

@ -378,6 +378,10 @@ datadog:
# datadog.leaderLeaseDuration -- Set the lease time for leader election in second
leaderLeaseDuration: # 60
remoteConfiguration:
# datadog.remoteConfiguration.enabled -- Set to true to enable remote configuration.
enabled: false
## Enable logs agent and provide custom configs
logs:
# datadog.logs.enabled -- Enables this to activate Datadog Agent log collection

4
charts/digitalis/vals-operator/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: vals-operator
apiVersion: v2
appVersion: 0.7.0
appVersion: 0.7.2
description: This helm chart installs the Digitalis Vals Operator to manage sync secrets
from supported backends into Kubernetes
icon: https://digitalis.io/wp-content/uploads/2020/06/cropped-Digitalis-512x512-Blue_Digitalis-512x512-Blue-32x32.png
@ -14,4 +14,4 @@ maintainers:
name: Digitalis.IO
name: vals-operator
type: application
version: 0.7.1
version: 0.7.2

2
charts/digitalis/vals-operator/crds/valssecrets.yaml
View File

@ -47,7 +47,7 @@ spec:
type: string
ref:
description: Ref value to the secret in the format ref+backend://path
https://github.com/variantdev/vals
https://github.com/helmfile/vals
type: string
required:
- ref

4
charts/digitalis/vals-operator/templates/serviceaccount.yaml
View File

@ -11,6 +11,7 @@ rules:
- "apps"
resources:
- "statefulsets"
- "deployments"
verbs:
- "get"
- "list"
@ -23,9 +24,6 @@ rules:
- ""
resources:
- "secrets"
{{- if .Values.enableDbSecrets }}
- "deployments"
{{- end }}
verbs:
- "get"
- "list"

2
charts/digitalis/vals-operator/values.yaml
View File

@ -57,7 +57,7 @@ args: []
environmentSecret: ""
# See https://github.com/variantdev/vals
# See https://github.com/helmfile/vals
# for information on setting up your backend environment.
env: []
# - name: VAULT_SKIP_VERIFY

4
charts/dynatrace/dynatrace-operator/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
appVersion: 0.10.3
appVersion: 0.10.4
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
@ -20,4 +20,4 @@ name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
version: 0.10.3
version: 0.10.4

41
charts/gitlab/gitlab/CHANGELOG.md
View File

@ -2,6 +2,39 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 6.10.0 (2023-03-21)
### Added (6 changes)
- [Support setting extra env vars for kas](gitlab-org/charts/gitlab@f8c5589fc5c82ea20b3798838da007b066ec67e4) ([merge request](gitlab-org/charts/gitlab!3023))
- [Add containerSecurityContext helper templates and values to Gitaly chart ](gitlab-org/charts/gitlab@a7cd11bbc886271d4212ad368fd41885a674a647) by @BrettSeedling ([merge request](gitlab-org/charts/gitlab!2793))
- [Add new cron backup parameter Ref #3076](gitlab-org/charts/gitlab@42b7f8dab938d0d748318d736a42e0070472ccea) by @Vedrillan ([merge request](gitlab-org/charts/gitlab!2984))
- [Add support for Gitaly GPG signing](gitlab-org/charts/gitlab@d65fa4b7880f2b006cb1f0b54c704d47febee136) ([merge request](gitlab-org/charts/gitlab!2754))
- [Add support for fsGroupChangePolicy to all subcharts](gitlab-org/charts/gitlab@20283351cbe24015d25b7823746534c9b65a139a) ([merge request](gitlab-org/charts/gitlab!3000))
- [Added `useGenericEphemeralVolume` for backup-job](gitlab-org/charts/gitlab@ae5f493574d647b050f3a5c50f35f364dec69abe) by @daniel.marks ([merge request](gitlab-org/charts/gitlab!2937))
### Fixed (1 change)
- [Fix config for Registry Deployment TLS SecretName](gitlab-org/charts/gitlab@3be948165d0f20c9fdc9eadaafaaaf80d4e50b09) ([merge request](gitlab-org/charts/gitlab!3017))
### Changed (8 changes)
- [Update gitlab-org/charts/gitlab-runner from 0.50.1 to 0.51.0](gitlab-org/charts/gitlab@2b0632a49d5e3d58d4bd75c08fcb2bb303af21e3) ([merge request](gitlab-org/charts/gitlab!3036))
- [Honor gitlab.psql.ci.enabled=false when generating database.yml](gitlab-org/charts/gitlab@e65fd651417c88a3f187b5fe00f4ddca2baa2bcc) ([merge request](gitlab-org/charts/gitlab!3016))
- [Bump Container Registry to v3.69.0-gitlab](gitlab-org/charts/gitlab@c539445598a8991fa34c1af2b15efdf34d7d1adb) ([merge request](gitlab-org/charts/gitlab!3026))
- [Update gitlab-org/container-registry from 3.67.0-gitlab to 3.68.0-gitlab](gitlab-org/charts/gitlab@5f9964246cf95b29ecd39eb730d6947aebe81249) ([merge request](gitlab-org/charts/gitlab!3007))
- [Bump prometheus to 2.38.0](gitlab-org/charts/gitlab@6278c7572da075d11b5e5c92089a598288162afe) ([merge request](gitlab-org/charts/gitlab!3001))
- [Replace deprecated k8s.gcr.io entries](gitlab-org/charts/gitlab@bde4f2113c7df880e14128fff4b6cfcacae2d1a1) by @tlindsay42 ([merge request](gitlab-org/charts/gitlab!2985))
- [Update gitlab-org/charts/gitlab-runner from 0.49.3 to 0.50.1](gitlab-org/charts/gitlab@eda6fbc036bc24e01cdd2622d0b10662df574d46) ([merge request](gitlab-org/charts/gitlab!2996))
- [Update gitlab-org/charts/gitlab-runner from 0.49.2 to 0.49.3](gitlab-org/charts/gitlab@82e4e9145a36b1a037674ebe3187116d2adce7a6) ([merge request](gitlab-org/charts/gitlab!2987))
### Other (4 changes)
- [Remove GitLab Runner UBI known limitation](gitlab-org/charts/gitlab@3444929667ec0e7c5cf26e10da984fdcb1442431) ([merge request](gitlab-org/charts/gitlab!3034))
- [Add docs and config check for gitlab-shell metrics](gitlab-org/charts/gitlab@e46e19b84a47f45018e39af1e5e0731be6982a1f) ([merge request](gitlab-org/charts/gitlab!3006))
- [Add more context to sidekiq pod deprecation notices](gitlab-org/charts/gitlab@fdaef9d08c68beac06b0bcff16d0ec6b1bc274aa) ([merge request](gitlab-org/charts/gitlab!2966))
- [Add more context to sidekiq pod deprecation notices](gitlab-org/charts/gitlab@378fd9116dc5147d9d4c23d81a72e0e8089f138e) ([merge request](gitlab-org/charts/gitlab!2972))
## 6.9.3 (2023-03-09)
No changes.
@ -54,6 +87,10 @@ No changes.
- [Moved minio config to global in example config](gitlab-org/charts/gitlab@973557e4cf0c5ec1e0c399fcce557fae2a87de17) ([merge request](gitlab-org/charts/gitlab!2952))
- [Doc - configure the GitLab chart with an decomposed database](gitlab-org/charts/gitlab@af72661b6f82f8f16dab591c8af67e44baf0b998) ([merge request](gitlab-org/charts/gitlab!2890))
## 6.8.4 (2023-03-02)
No changes.
## 6.8.3 (2023-02-15)
No changes.
@ -88,6 +125,10 @@ No changes.
- [Update gitlab-org/gitlab-exporter from 11.18.2 to 12.1.0](gitlab-org/charts/gitlab@428de3dd7c208a0469b18b927fece2bc54029b19) ([merge request](gitlab-org/charts/gitlab!2911))
- [Update gitlab-org/container-registry from 3.63.0-gitlab to 3.64.0-gitlab](gitlab-org/charts/gitlab@a1edaea5f4d9d2a6d972b7412deafe6a2b50aedb) ([merge request](gitlab-org/charts/gitlab!2904))
## 6.7.8 (2023-03-02)
No changes.
## 6.7.7 (2023-02-10)
No changes.

6
charts/gitlab/gitlab/CONTRIBUTING.md
View File

@ -167,9 +167,9 @@ reported by emailing contact@gitlab.com.
This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0,
available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/).
[accepting-mrs]: https://gitlab.com/gitlab-org/charts/gitlab/issues?label_name=Accepting+Merge+Requests
[gitlab-mr-tracker]: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests
[closed-merge-requests]: https://gitlab.com/gitlab-org/charts/gitlab/merge_requests?assignee_id=&label_name=&milestone_id=&scope=&sort=&state=closed
[accepting-mrs]: https://gitlab.com/gitlab-org/charts/gitlab/-/issues?label_name=Accepting+Merge+Requests
[gitlab-mr-tracker]: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests
[closed-merge-requests]: https://gitlab.com/gitlab-org/charts/gitlab/-/merge_requests?assignee_id=&label_name=&milestone_id=&scope=&sort=&state=closed
[contributor-covenant]: http://contributor-covenant.org
[changelog]: doc/development/changelog.md "Generate a changelog entry"
[git-squash]: https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits

4
charts/gitlab/gitlab/Chart.yaml
View File

@ -3,7 +3,7 @@ annotations:
catalog.cattle.io/display-name: GitLab
catalog.cattle.io/release-name: gitlab
apiVersion: v1
appVersion: 15.9.3
appVersion: 15.10.0
description: The One DevOps Platform
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png
@ -15,4 +15,4 @@ maintainers:
name: gitlab
sources:
- https://gitlab.com/gitlab-org/charts/gitlab
version: 6.9.3
version: 6.10.0

17
charts/gitlab/gitlab/charts/gitlab-runner/CHANGELOG.md
View File

@ -1,21 +1,14 @@
## v0.50.1 (2023-02-21)
## v0.51.0 (2023-03-20)
### New features
- Update GitLab Runner version to v15.9.1
## v0.50.0 (2023-02-21)
### New features
- Update GitLab Runner version to v15.9.0
- Add namespace to service account manifest !375 (Daniel Schömer @quatauta)
- Update GitLab Runner version to v15.10.0
- Removing replicaCount from deployment when HPA is configured !368 (Gustavo Oliveira @gustoliv)
### Maintenance
- Add Chart repository as source !379 (Geoffrey McQuat @gmcquat)
- Fix grammatical error in instructional comment !376 (Shafiullah Khan @gitshafi)
- Add reference to actual documentation method of obtaining runnerRegistrationToken !361 (SveLem @SveLem)
- Fix integration test scripting !383
- Update the example reference to the helper image !382
## v0.48.0 (2022-12-17)

4
charts/gitlab/gitlab/charts/gitlab-runner/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.9.1
appVersion: 15.10.0
description: GitLab Runner
icon: https://gitlab.com/uploads/-/system/project/avatar/250833/runner_logo.png
keywords:
@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab-runner
- https://gitlab.com/gitlab-org/gitlab-runner
- https://docs.gitlab.com/runner/
version: 0.50.1
version: 0.51.0

2
charts/gitlab/gitlab/charts/gitlab-runner/templates/deployment.yaml
View File

@ -9,7 +9,9 @@ metadata:
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
{{- if not .Values.hpa}}
replicas: {{ default 1 .Values.replicas }}
{{- end}}
revisionHistoryLimit: {{ default 10 .Values.revisionHistoryLimit }}
selector:
matchLabels:

2
charts/gitlab/gitlab/charts/gitlab-runner/values.yaml
View File

@ -511,7 +511,7 @@ runners:
# memoryLimit: 256Mi
# cpuRequests: 100m
# memoryRequests: 128Mi
# image: "registry.gitlab.com/gitlab-org/gitlab-runner-helper:x86_64-${CI_RUNNER_REVISION}"
# image: "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-${CI_RUNNER_REVISION}"
## Helper container security context configuration
## Refer to https://docs.gitlab.com/runner/executors/kubernetes.html#using-security-context

4
charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.9.3
appVersion: 15.10.0
description: GitLab Geo logcursor
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -12,4 +12,4 @@ name: geo-logcursor
sources:
- https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails
version: 6.9.3
version: 6.10.0

4
charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/templates/deployment.yaml
View File

@ -37,9 +37,7 @@ spec:
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
{{- end }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 6 }}
{{- if eq (default .Values.global.antiAffinity .Values.antiAffinity) "hard" }}
affinity:
podAntiAffinity:

1
charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/values.yaml
View File

@ -101,6 +101,7 @@ priorityClassName: ""
securityContext:
runAsUser: 1000
fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
## Enable deployment to use a serviceAccount
serviceAccount:

4
charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.9.3
appVersion: 15.10.0
description: Git RPC service for handling all the git calls made by GitLab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -13,4 +13,4 @@ name: gitaly
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly
version: 6.9.3
version: 6.10.0

6
charts/gitlab/gitlab/charts/gitlab/charts/gitaly/templates/_configmap_spec.yaml
View File

@ -8,6 +8,9 @@ data:
cp -v -L /init-config/gitaly.crt /init-secrets/gitaly/gitaly.crt
cp -v -L /init-config/gitaly.key /init-secrets/gitaly/gitaly.key
{{- end }}
{{- if .Values.gpgSigning.enabled }}
cp -v -L /init-config/signing_key.gpg /init-secrets/gitaly/signing_key.gpg
{{- end }}
config.toml.erb: |
# The directory where Gitaly's executables are stored
bin_dir = "/usr/local/bin"
@ -105,6 +108,9 @@ data:
[git]
use_bundled_binaries = true
ignore_gitconfig = true
{{- if .Values.gpgSigning.enabled }}
signing_key = '/etc/gitlab-secrets/gitaly/signing_key.gpg'
{{- end }}
{{- with .Values.git }}
{{- if .catFileCacheSize }}
catfile_cache_size = {{ .catFileCacheSize }}

22
charts/gitlab/gitlab/charts/gitlab/charts/gitaly/templates/_statefulset_spec.yaml
View File

@ -61,6 +61,7 @@ spec:
command: ['sh', '/config/configure']
image: {{ include "gitlab.busybox.image" (dict "local" .Values.init "global" .Values.global) | quote }}
{{- include "gitlab.image.pullPolicy" $initImageCfg | indent 10 }}
{{- include "gitlab.init.containerSecurityContext" . | indent 10 }}
env:
{{- include "gitlab.extraEnv" . | nindent 10 }}
{{- include "gitlab.extraEnvFrom" (dict "root" $ "local" (dict)) | nindent 10 }}
@ -77,18 +78,7 @@ spec:
readOnly: false
resources:
{{- toYaml .Values.init.resources | nindent 12 }}
{{- if .Values.securityContext }}
securityContext:
{{- if not (empty .Values.securityContext.runAsUser) }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- if not (empty .Values.securityContext.fsGroup) }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if not (empty .Values.securityContext.fsGroupChangePolicy) }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{- end }}
{{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 6 }}
{{- include "gitlab.image.pullSecrets" $imageCfg | indent 6 }}
{{- if eq (default .Values.global.antiAffinity .Values.antiAffinity) "hard" }}
affinity:
@ -124,6 +114,7 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.parseAppVersion" (dict "appVersion" .Chart.AppVersion "prepend" "true")) }}{{ include "gitlab.image.tagSuffix" . }}"
{{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }}
{{- include "gitlab.containerSecurityContext" . | indent 10 }}
ports:
- containerPort: {{ coalesce .Values.service.internalPort .Values.global.gitaly.service.internalPort }}
name: grpc-gitaly
@ -220,6 +211,13 @@ spec:
items:
- key: {{ template "gitlab.gitlab-shell.authToken.key" . }}
path: ".gitlab_shell_secret"
{{- if .Values.gpgSigning.enabled }}
- secret:
name: {{ .Values.gpgSigning.secret }}
items:
- key: {{ .Values.gpgSigning.key }}
path: "signing_key.gpg"
{{- end }}
{{- if .Values.global.gitaly.tls.enabled }}
{{- $secretName := include "gitlab.gitaly.tls.secret" . -}}
{{- if .storage }}

15
charts/gitlab/gitlab/charts/gitlab/charts/gitaly/values.yaml
View File

@ -38,6 +38,7 @@ init:
resources:
requests:
cpu: 50m
containerSecurityContext: {}
## Support for tolerations for pod scheduling
tolerations: []
@ -138,10 +139,15 @@ resources:
## For PodDisruptionBudget, how many pods can be unavailable at one time
maxUnavailable: 1
## Allow to overwrite under which User and Group we're running.
## Allow to overwrite under which User and Group Pod will be running.
securityContext:
runAsUser: 1000
fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
## Allow to overwrite the specific security context under which the gitaly container is running.
containerSecurityContext:
runAsUser: 1000
## Enable deployment to use a serviceAccount
serviceAccount:
@ -176,3 +182,10 @@ packObjectsCache: {}
# enabled: false
# dir: "/home/git/repositories/+gitaly/PackObjectsCache"
# max_age: 5m
## Enable Gitaly to GPG sign all commits created by GitLab
## ref: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#configure-commit-signing-for-gitlab-ui-commits
gpgSigning: {}
# enabled: false
# secret: glGPG
# key:

2
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml
View File

@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter
- https://gitlab.com/gitlab-org/gitlab-exporter
version: 6.9.3
version: 6.10.0

6
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/templates/deployment.yaml
View File

@ -45,9 +45,7 @@ spec:
{{- end }}
spec:
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 6 }}
{{- if eq (default .Values.global.antiAffinity .antiAffinity) "hard" }}
affinity:
podAntiAffinity:
@ -79,6 +77,7 @@ spec:
command: ['sh', '/config/configure']
image: {{ include "gitlab.busybox.image" (dict "local" .Values.init "global" $.Values.global) | quote }}
{{- include "gitlab.image.pullPolicy" $initImageCfg | indent 10 }}
{{- include "gitlab.init.containerSecurityContext" . | indent 10 }}
env:
{{- include "gitlab.extraEnv" . | nindent 10 }}
{{- include "gitlab.extraEnvFrom" (dict "root" $ "local" (dict)) | nindent 10 }}
@ -102,6 +101,7 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag .Chart.AppVersion }}{{ include "gitlab.image.tagSuffix" . }}"
{{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }}
{{- include "gitlab.containerSecurityContext" . | indent 10 }}
env:
- name: CONFIG_TEMPLATE_DIRECTORY
value: '/var/opt/gitlab-exporter/templates'

8
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/values.yaml
View File

@ -50,6 +50,7 @@ init:
resources:
requests:
cpu: 50m
containerSecurityContext: {}
global:
redis:
@ -69,10 +70,15 @@ resources:
cpu: 75m
memory: 100M
## Allow to overwrite under which User and Group we're running.
## Allow to overwrite under which User and Group the Pod will be running.
securityContext:
runAsUser: 1000
fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
## Allow to overwrite the specific security context under which the container is running.
containerSecurityContext:
runAsUser: 1000
## Enable deployment to use a serviceAccount
serviceAccount:

4
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.9.3
appVersion: 15.10.0
description: Adapt the Grafana chart to interface to the GitLab App
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -13,4 +13,4 @@ name: gitlab-grafana
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana
version: 6.9.3
version: 6.10.0

4
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 15.9.3
appVersion: 15.10.0
description: Daemon for serving static websites from GitLab projects
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -14,4 +14,4 @@ sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages
- https://gitlab.com/gitlab-org/gitlab-pages
version: 6.9.3
version: 6.10.0

4
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/templates/deployment.yaml
View File

@ -52,9 +52,7 @@ spec:
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
{{- end }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 6 }}
{{- if eq (default .Values.global.antiAffinity .antiAffinity) "hard" }}
affinity:
podAntiAffinity:

1
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/values.yaml
View File

@ -117,6 +117,7 @@ resources:
securityContext:
runAsUser: 1000
fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
## Enable deployment to use a serviceAccount
serviceAccount:

4
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: 14.17.0
appVersion: 14.18.0
description: sshd for Gitlab
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -14,4 +14,4 @@ name: gitlab-shell
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell
- https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell
version: 6.9.3
version: 6.10.0

6
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/templates/deployment.yaml
View File

@ -56,6 +56,7 @@ spec:
command: ['sh', '/config/configure']
image: {{ include "gitlab.busybox.image" (dict "local" .Values.init "global" $.Values.global) | quote }}
{{- include "gitlab.image.pullPolicy" $initImageCfg | indent 10 }}
{{- include "gitlab.init.containerSecurityContext" . | indent 10 }}
env:
{{- include "gitlab.extraEnv" . | nindent 10 }}
{{- include "gitlab.extraEnvFrom" (dict "root" $ "local" (dict)) | nindent 10 }}
@ -72,9 +73,7 @@ spec:
readOnly: false
resources:
{{- toYaml .Values.init.resources | nindent 12 }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 6 }}
{{- include "gitlab.image.pullSecrets" $imageCfg | indent 6 }}
{{- if eq (default .Values.global.antiAffinity .Values.antiAffinity) "hard" }}
affinity:
@ -104,6 +103,7 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ coalesce .Values.image.tag (include "gitlab.parseAppVersion" (dict "appVersion" .Chart.AppVersion "prepend" "true")) }}{{ include "gitlab.image.tagSuffix" . }}"
{{- include "gitlab.image.pullPolicy" $imageCfg | indent 10 }}
{{- include "gitlab.containerSecurityContext" . | indent 10 }}
ports:
{{- if .Values.metrics.enabled }}
- containerPort: {{ .Values.metrics.port }}

8
charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/values.yaml
View File

@ -26,6 +26,7 @@ init:
resources:
requests:
cpu: 50m
containerSecurityContext: {}
# Tolerations for pod scheduling
tolerations: []
@ -120,10 +121,15 @@ config:
krb5Config: ""
servicePrincipalName: ""
## Allow to overwrite under which User and Group we're running.
## Allow to overwrite under which User and Group the Pod will be running.
securityContext:
runAsUser: 1000
fsGroup: 1000
# fsGroupChangePolicy: OnRootMismatch
## Allow to overwrite the specific security context under which the gitaly container is running.
containerSecurityContext:
runAsUser: 1000
## Enable deployment to use a serviceAccount
serviceAccount:

4
charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: v15.9.0
appVersion: v15.10.0
description: GitLab Agent Server
home: https://about.gitlab.com/
icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg
@ -17,4 +17,4 @@ name: kas
sources:
- https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas
- https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent
version: 6.9.3
version: 6.10.0

1
charts/gitlab/gitlab/charts/gitlab/charts/kas/templates/_default-config.yaml
View File

@ -16,6 +16,7 @@ agent:
url_path_prefix: "{{ .Values.ingress.k8sApiPath }}"
gitlab:
address: "{{ template "gitlab.workhorse.url" . }}"
external_url: "{{- template "gitlab.gitlab.url" . -}}"
authentication_secret_file: "/etc/kas/.gitlab_kas_secret"
observability:
listen:

7
charts/gitlab/gitlab/charts/gitlab/charts/kas/templates/deployment.yaml
View File

@ -69,10 +69,7 @@ spec:
matchLabels:
{{- include "gitlab.selectorLabels" . | nindent 18 }}
{{- end }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- include "gitlab.podSecurityContext" .Values.securityContext | nindent 6 }}
{{- include "gitlab.image.pullSecrets" $imageCfg | indent 6 }}
{{- include "gitlab.priorityClassName" . | nindent 6 }}
initContainers:
@ -93,6 +90,8 @@ spec:
fieldPath: status.podIP
- name: OWN_PRIVATE_API_URL
value: "{{ include "gitlab.kas.internal.scheme" . }}://$(POD_IP):{{ .Values.service.privateApiPort }}"
{{- include "gitlab.extraEnv" . | nindent 12 }}
{{- include "gitlab.extraEnvFrom" (dict "root" $ "local" (dict)) | nindent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ template "name" . }}

Some files were not shown because too many files have changed in this diff Show More