diff --git a/assets/argo/argo-cd-5.27.1.tgz b/assets/argo/argo-cd-5.27.1.tgz
new file mode 100644
index 000000000..3f3aa83c8
Binary files /dev/null and b/assets/argo/argo-cd-5.27.1.tgz differ
diff --git a/assets/bitnami/airflow-14.0.16.tgz b/assets/bitnami/airflow-14.0.16.tgz
new file mode 100644
index 000000000..3e6e068fe
Binary files /dev/null and b/assets/bitnami/airflow-14.0.16.tgz differ
diff --git a/assets/bitnami/mariadb-11.5.4.tgz b/assets/bitnami/mariadb-11.5.4.tgz
new file mode 100644
index 000000000..01fa8e4bf
Binary files /dev/null and b/assets/bitnami/mariadb-11.5.4.tgz differ
diff --git a/assets/bitnami/postgresql-12.2.5.tgz b/assets/bitnami/postgresql-12.2.5.tgz
new file mode 100644
index 000000000..ae485375b
Binary files /dev/null and b/assets/bitnami/postgresql-12.2.5.tgz differ
diff --git a/assets/bitnami/redis-17.8.7.tgz b/assets/bitnami/redis-17.8.7.tgz
new file mode 100644
index 000000000..6b8f89c1a
Binary files /dev/null and b/assets/bitnami/redis-17.8.7.tgz differ
diff --git a/assets/bitnami/spark-6.4.1.tgz b/assets/bitnami/spark-6.4.1.tgz
new file mode 100644
index 000000000..8ad1efe3f
Binary files /dev/null and b/assets/bitnami/spark-6.4.1.tgz differ
diff --git a/assets/bitnami/tomcat-10.5.20.tgz b/assets/bitnami/tomcat-10.5.20.tgz
new file mode 100644
index 000000000..687a06802
Binary files /dev/null and b/assets/bitnami/tomcat-10.5.20.tgz differ
diff --git a/assets/bitnami/wordpress-15.2.56.tgz b/assets/bitnami/wordpress-15.2.56.tgz
new file mode 100644
index 000000000..442869510
Binary files /dev/null and b/assets/bitnami/wordpress-15.2.56.tgz differ
diff --git a/assets/bitnami/zookeeper-11.1.5.tgz b/assets/bitnami/zookeeper-11.1.5.tgz
new file mode 100644
index 000000000..27eb057cc
Binary files /dev/null and b/assets/bitnami/zookeeper-11.1.5.tgz differ
diff --git a/assets/citrix/citrix-cpx-with-ingress-controller-1.30.1.tgz b/assets/citrix/citrix-cpx-with-ingress-controller-1.30.1.tgz
new file mode 100644
index 000000000..17aca25c9
Binary files /dev/null and b/assets/citrix/citrix-cpx-with-ingress-controller-1.30.1.tgz differ
diff --git a/assets/citrix/citrix-ingress-controller-1.30.1.tgz b/assets/citrix/citrix-ingress-controller-1.30.1.tgz
new file mode 100644
index 000000000..14da42833
Binary files /dev/null and b/assets/citrix/citrix-ingress-controller-1.30.1.tgz differ
diff --git a/assets/codefresh/cf-runtime-1.9.12.tgz b/assets/codefresh/cf-runtime-1.9.12.tgz
new file mode 100644
index 000000000..84b1337ba
Binary files /dev/null and b/assets/codefresh/cf-runtime-1.9.12.tgz differ
diff --git a/assets/crate/crate-operator-2.24.0.tgz b/assets/crate/crate-operator-2.24.0.tgz
new file mode 100644
index 000000000..b2edf99ea
Binary files /dev/null and b/assets/crate/crate-operator-2.24.0.tgz differ
diff --git a/assets/datadog/datadog-3.20.3.tgz b/assets/datadog/datadog-3.20.3.tgz
new file mode 100644
index 000000000..260140a20
Binary files /dev/null and b/assets/datadog/datadog-3.20.3.tgz differ
diff --git a/assets/external-secrets/external-secrets-0.8.1.tgz b/assets/external-secrets/external-secrets-0.8.1.tgz
new file mode 100644
index 000000000..731139699
Binary files /dev/null and b/assets/external-secrets/external-secrets-0.8.1.tgz differ
diff --git a/assets/gluu/gluu-5.0.14.tgz b/assets/gluu/gluu-5.0.14.tgz
new file mode 100644
index 000000000..969d12345
Binary files /dev/null and b/assets/gluu/gluu-5.0.14.tgz differ
diff --git a/assets/jenkins/jenkins-4.3.9.tgz b/assets/jenkins/jenkins-4.3.9.tgz
new file mode 100644
index 000000000..99028c237
Binary files /dev/null and b/assets/jenkins/jenkins-4.3.9.tgz differ
diff --git a/assets/jfrog/artifactory-ha-107.55.8.tgz b/assets/jfrog/artifactory-ha-107.55.8.tgz
new file mode 100644
index 000000000..c0b357b46
Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.55.8.tgz differ
diff --git a/assets/jfrog/artifactory-jcr-107.55.8.tgz b/assets/jfrog/artifactory-jcr-107.55.8.tgz
new file mode 100644
index 000000000..5ff9cd1c3
Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.55.8.tgz differ
diff --git a/assets/kubecost/cost-analyzer-1.101.2.tgz b/assets/kubecost/cost-analyzer-1.101.2.tgz
index abca574d5..98030d8db 100644
Binary files a/assets/kubecost/cost-analyzer-1.101.2.tgz and b/assets/kubecost/cost-analyzer-1.101.2.tgz differ
diff --git a/assets/kubecost/cost-analyzer-1.101.3.tgz b/assets/kubecost/cost-analyzer-1.101.3.tgz
new file mode 100644
index 000000000..2782fded1
Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.101.3.tgz differ
diff --git a/assets/loft/loft-3.0.1.tgz b/assets/loft/loft-3.0.1.tgz
new file mode 100644
index 000000000..54c6ad48c
Binary files /dev/null and b/assets/loft/loft-3.0.1.tgz differ
diff --git a/assets/percona/psmdb-operator-1.14.1.tgz b/assets/percona/psmdb-operator-1.14.1.tgz
new file mode 100644
index 000000000..e5aa939b5
Binary files /dev/null and b/assets/percona/psmdb-operator-1.14.1.tgz differ
diff --git a/assets/redpanda/redpanda-3.0.6.tgz b/assets/redpanda/redpanda-3.0.6.tgz
new file mode 100644
index 000000000..3ad776d56
Binary files /dev/null and b/assets/redpanda/redpanda-3.0.6.tgz differ
diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml
index ccc319b06..f424dba71 100644
--- a/charts/argo/argo-cd/Chart.yaml
+++ b/charts/argo/argo-cd/Chart.yaml
@@ -1,13 +1,13 @@
annotations:
artifacthub.io/changes: |
- - kind: added
- description: Ability to add project scoped cluster(s)
+ - kind: changed
+ description: Upgrade Argo CD to v2.6.6
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Argo CD
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
-appVersion: v2.6.5
+appVersion: v2.6.6
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@@ -29,4 +29,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
-version: 5.27.0
+version: 5.27.1
diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock
index 6b974ed08..a09910f7b 100644
--- a/charts/bitnami/airflow/Chart.lock
+++ b/charts/bitnami/airflow/Chart.lock
@@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: https://charts.bitnami.com/bitnami
- version: 17.8.3
+ version: 17.8.5
- name: postgresql
repository: https://charts.bitnami.com/bitnami
- version: 12.2.2
+ version: 12.2.3
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.4
-digest: sha256:312aa5a59050e0d5a5cf0cc81ba0896aa83945a29b0495349be4067d7cab43c9
-generated: "2023-03-08T11:26:32.336933894Z"
+digest: sha256:71b7d925ac46567290097438fb62612549c75a2813cde66b37b2fe25906f1b11
+generated: "2023-03-15T05:43:25.19026132Z"
diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml
index e8063c7f6..45a721b22 100644
--- a/charts/bitnami/airflow/Chart.yaml
+++ b/charts/bitnami/airflow/Chart.yaml
@@ -6,7 +6,7 @@ annotations:
category: WorkFlow
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.5.1
+appVersion: 2.5.2
dependencies:
- condition: redis.enabled
name: redis
@@ -38,4 +38,4 @@ name: airflow
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/airflow
- https://airflow.apache.org/
-version: 14.0.14
+version: 14.0.16
diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md
index 6c1c2a190..dd0480f75 100644
--- a/charts/bitnami/airflow/README.md
+++ b/charts/bitnami/airflow/README.md
@@ -90,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and
| `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` |
| `dags.image.registry` | Init container load-dags image registry | `docker.io` |
| `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` |
-| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r94` |
+| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r97` |
| `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` |
| `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` |
@@ -105,78 +105,78 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow web parameters
-| Name | Description | Value |
-| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- |
-| `web.image.registry` | Airflow image registry | `docker.io` |
-| `web.image.repository` | Airflow image repository | `bitnami/airflow` |
-| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r16` |
-| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
-| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
-| `web.image.debug` | Enable image debug mode | `false` |
-| `web.baseUrl` | URL used to access to Airflow web ui | `""` |
-| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` |
-| `web.command` | Override default container command (useful when using custom images) | `[]` |
-| `web.args` | Override default container args (useful when using custom images) | `[]` |
-| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` |
-| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` |
-| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` |
-| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` |
-| `web.containerPorts.http` | Airflow web HTTP container port | `8080` |
-| `web.replicaCount` | Number of Airflow web replicas | `1` |
-| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` |
-| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
-| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
-| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
-| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
-| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
-| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` |
-| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
-| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
-| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
-| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
-| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
-| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` |
-| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
-| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
-| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
-| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
-| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
-| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
-| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
-| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
-| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
-| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
-| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
-| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
-| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
-| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
-| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
-| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
-| `web.hostAliases` | Deployment pod host aliases | `[]` |
-| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
-| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
-| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` |
-| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` |
-| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` |
-| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` |
-| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
-| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
-| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` |
-| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
-| `web.priorityClassName` | Priority Class Name | `""` |
-| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
-| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` |
-| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` |
-| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` |
-| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` |
-| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` |
-| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` |
-| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` |
-| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` |
-| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` |
-| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
+| Name | Description | Value |
+| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- |
+| `web.image.registry` | Airflow image registry | `docker.io` |
+| `web.image.repository` | Airflow image repository | `bitnami/airflow` |
+| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.2-debian-11-r1` |
+| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` |
+| `web.image.pullSecrets` | Airflow image pull secrets | `[]` |
+| `web.image.debug` | Enable image debug mode | `false` |
+| `web.baseUrl` | URL used to access to Airflow web ui | `""` |
+| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` |
+| `web.command` | Override default container command (useful when using custom images) | `[]` |
+| `web.args` | Override default container args (useful when using custom images) | `[]` |
+| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` |
+| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` |
+| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` |
+| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` |
+| `web.containerPorts.http` | Airflow web HTTP container port | `8080` |
+| `web.replicaCount` | Number of Airflow web replicas | `1` |
+| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` |
+| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` |
+| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
+| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` |
+| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
+| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` |
+| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` |
+| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
+| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
+| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` |
+| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` |
+| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` |
+| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` |
+| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` |
+| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` |
+| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` |
+| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` |
+| `web.hostAliases` | Deployment pod host aliases | `[]` |
+| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` |
+| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` |
+| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` |
+| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` |
+| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` |
+| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` |
+| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` |
+| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` |
+| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` |
+| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `web.priorityClassName` | Priority Class Name | `""` |
+| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
+| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` |
+| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` |
+| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` |
+| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` |
+| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` |
+| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` |
+| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` |
+| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` |
+| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` |
+| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` |
### Airflow scheduler parameters
@@ -184,7 +184,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- |
| `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` |
| `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` |
-| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r17` |
+| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.2-debian-11-r0` |
| `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` |
| `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` |
@@ -238,7 +238,7 @@ The command removes all the Kubernetes components associated with the chart and
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
| `worker.image.registry` | Airflow Worker image registry | `docker.io` |
| `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` |
-| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r17` |
+| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.2-debian-11-r0` |
| `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` |
| `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` |
@@ -318,7 +318,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- |
| `git.image.registry` | Git image registry | `docker.io` |
| `git.image.repository` | Git image repository | `bitnami/git` |
-| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.2-debian-11-r8` |
+| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.40.0-debian-11-r0` |
| `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` |
| `git.image.pullSecrets` | Git image pull secrets | `[]` |
@@ -405,53 +405,53 @@ The command removes all the Kubernetes components associated with the chart and
### Airflow metrics parameters
-| Name | Description | Value |
-| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------- |
-| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
-| `metrics.image.registry` | Airflow exporter image registry | `docker.io` |
-| `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` |
-| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r99` |
-| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
-| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
-| `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` |
-| `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` |
-| `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` |
-| `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` |
-| `metrics.resources.limits` | The resources limits for the container | `{}` |
-| `metrics.resources.requests` | The requested resources for the container | `{}` |
-| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
-| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
-| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
-| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
-| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
-| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
-| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
-| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
-| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
-| `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
-| `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
-| `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` |
-| `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
-| `metrics.affinity` | Affinity for pod assignment | `{}` |
-| `metrics.nodeSelector` | Node labels for pod assignment | `{}` |
-| `metrics.tolerations` | Tolerations for pod assignment | `[]` |
-| `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` |
-| `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` |
-| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
-| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
-| `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` |
-| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` |
-| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
-| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` |
-| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
-| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
-| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
-| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
-| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
-| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
-| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
+| Name | Description | Value |
+| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------- |
+| `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` |
+| `metrics.image.registry` | Airflow exporter image registry | `docker.io` |
+| `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` |
+| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r101` |
+| `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` |
+| `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` |
+| `metrics.extraEnvVars` | Array with extra environment variables to add Airflow exporter pods | `[]` |
+| `metrics.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow exporter pods | `""` |
+| `metrics.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow exporter pods | `""` |
+| `metrics.containerPorts.http` | Airflow exporter metrics container port | `9112` |
+| `metrics.resources.limits` | The resources limits for the container | `{}` |
+| `metrics.resources.requests` | The requested resources for the container | `{}` |
+| `metrics.podSecurityContext.enabled` | Enable security context for the pods | `true` |
+| `metrics.podSecurityContext.fsGroup` | Set Airflow exporter pod's Security Context fsGroup | `1001` |
+| `metrics.containerSecurityContext.enabled` | Enable Airflow exporter containers' Security Context | `true` |
+| `metrics.containerSecurityContext.runAsUser` | Set Airflow exporter containers' Security Context runAsUser | `1001` |
+| `metrics.containerSecurityContext.runAsNonRoot` | Set Airflow exporter containers' Security Context runAsNonRoot | `true` |
+| `metrics.lifecycleHooks` | for the Airflow exporter container(s) to automate configuration before or after startup | `{}` |
+| `metrics.hostAliases` | Airflow exporter pods host aliases | `[]` |
+| `metrics.podLabels` | Extra labels for Airflow exporter pods | `{}` |
+| `metrics.podAnnotations` | Extra annotations for Airflow exporter pods | `{}` |
+| `metrics.podAffinityPreset` | Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `metrics.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `metrics.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `metrics.nodeAffinityPreset.key` | Node label key to match Ignored if `metrics.affinity` is set. | `""` |
+| `metrics.nodeAffinityPreset.values` | Node label values to match. Ignored if `metrics.affinity` is set. | `[]` |
+| `metrics.affinity` | Affinity for pod assignment | `{}` |
+| `metrics.nodeSelector` | Node labels for pod assignment | `{}` |
+| `metrics.tolerations` | Tolerations for pod assignment | `[]` |
+| `metrics.schedulerName` | Name of the k8s scheduler (other than default) for Airflow exporter | `""` |
+| `metrics.service.ports.http` | Airflow exporter metrics service port | `9112` |
+| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` |
+| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
+| `metrics.service.annotations` | Annotations for the Airflow exporter service | `{}` |
+| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) | `false` |
+| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` |
+| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` |
+| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` |
+| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` |
+| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
+| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` |
+| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` |
+| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
+| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
### Airflow database parameters
diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.lock b/charts/bitnami/airflow/charts/postgresql/Chart.lock
index 5f647678a..2b9dadc72 100644
--- a/charts/bitnami/airflow/charts/postgresql/Chart.lock
+++ b/charts/bitnami/airflow/charts/postgresql/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2023-02-09T18:59:17.379982577Z"
+ version: 2.2.4
+digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
+generated: "2023-03-14T07:26:55.449518929Z"
diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/Chart.yaml
index 9e7eb9389..0a1382a1b 100644
--- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml
@@ -28,4 +28,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
-version: 12.2.2
+version: 12.2.3
diff --git a/charts/bitnami/airflow/charts/postgresql/README.md b/charts/bitnami/airflow/charts/postgresql/README.md
index 55048e985..89de9e4c7 100644
--- a/charts/bitnami/airflow/charts/postgresql/README.md
+++ b/charts/bitnami/airflow/charts/postgresql/README.md
@@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
-| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r5` |
+| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r11` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@@ -377,7 +377,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r96` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -405,7 +405,7 @@ kubectl delete pvc -l release=my-release
| `metrics.enabled` | Start a prometheus exporter | `false` |
| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` |
| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` |
-| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r64` |
+| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r69` |
| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` |
@@ -457,6 +457,7 @@ kubectl delete pvc -l release=my-release
| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` |
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
diff --git a/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/airflow/charts/postgresql/charts/common/README.md b/charts/bitnami/airflow/charts/postgresql/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/README.md
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl
+++ b/charts/bitnami/airflow/charts/postgresql/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/airflow/charts/postgresql/values.yaml b/charts/bitnami/airflow/charts/postgresql/values.yaml
index f770b9878..65c09d49a 100644
--- a/charts/bitnami/airflow/charts/postgresql/values.yaml
+++ b/charts/bitnami/airflow/charts/postgresql/values.yaml
@@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
- tag: 15.2.0-debian-11-r5
+ tag: 15.2.0-debian-11-r11
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1136,7 +1136,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r96
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1231,7 +1231,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/postgres-exporter
- tag: 0.11.1-debian-11-r64
+ tag: 0.11.1-debian-11-r69
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/airflow/charts/redis/Chart.yaml b/charts/bitnami/airflow/charts/redis/Chart.yaml
index 3929f9aac..5ee98b5e0 100644
--- a/charts/bitnami/airflow/charts/redis/Chart.yaml
+++ b/charts/bitnami/airflow/charts/redis/Chart.yaml
@@ -24,4 +24,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis
-version: 17.8.3
+version: 17.8.5
diff --git a/charts/bitnami/airflow/charts/redis/README.md b/charts/bitnami/airflow/charts/redis/README.md
index 17bca708a..069b06b87 100644
--- a/charts/bitnami/airflow/charts/redis/README.md
+++ b/charts/bitnami/airflow/charts/redis/README.md
@@ -542,6 +542,7 @@ The command removes all the Kubernetes components associated with the chart and
| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. Setting this to `false` will disable annotations. | `external-dns.alpha.kubernetes.io/` |
| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` |
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
@@ -933,4 +934,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file
+limitations under the License.
diff --git a/charts/bitnami/airflow/charts/redis/templates/_helpers.tpl b/charts/bitnami/airflow/charts/redis/templates/_helpers.tpl
index 90064e80c..b3a47ffd2 100644
--- a/charts/bitnami/airflow/charts/redis/templates/_helpers.tpl
+++ b/charts/bitnami/airflow/charts/redis/templates/_helpers.tpl
@@ -229,14 +229,16 @@ otherwise it generates a random value.
Return Redis® password
*/}}
{{- define "redis.password" -}}
-{{- if not (empty .Values.global.redis.password) }}
- {{- .Values.global.redis.password -}}
-{{- else if not (empty .Values.auth.password) -}}
- {{- .Values.auth.password -}}
-{{- else -}}
- {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "redis-password") -}}
-{{- end -}}
+{{- if or .Values.auth.enabled .Values.global.redis.password }}
+ {{- if not (empty .Values.global.redis.password) }}
+ {{- .Values.global.redis.password -}}
+ {{- else if not (empty .Values.auth.password) -}}
+ {{- .Values.auth.password -}}
+ {{- else -}}
+ {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "redis.secretName" .) "Length" 10 "Key" (include "redis.secretPasswordKey" .)) -}}
+ {{- end -}}
{{- end -}}
+{{- end }}
{{/* Check if there are rolling tags in the images */}}
{{- define "redis.checkRollingTags" -}}
diff --git a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
index 9c05393e7..184916c71 100644
--- a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml
@@ -26,7 +26,7 @@ spec:
{{- else }}
updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }}
{{- end }}
- {{- if and .Values.master.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
+ {{- if and .Values.master.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }}
minReadySeconds: {{ .Values.master.minReadySeconds }}
{{- end }}
{{- end }}
diff --git a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
index f94594316..8a856abf1 100644
--- a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml
@@ -23,7 +23,7 @@ spec:
{{- if .Values.replica.updateStrategy }}
updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
{{- end }}
- {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
+ {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }}
minReadySeconds: {{ .Values.replica.minReadySeconds }}
{{- end }}
{{- if .Values.replica.podManagementPolicy }}
diff --git a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
index 39a0ae3b7..245f2a97c 100644
--- a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
+++ b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml
@@ -22,7 +22,7 @@ spec:
{{- if .Values.replica.updateStrategy }}
updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }}
{{- end }}
- {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.25" (include "common.capabilities.kubeVersion" .)) }}
+ {{- if and .Values.replica.minReadySeconds (semverCompare ">= 1.23-0" (include "common.capabilities.kubeVersion" .)) }}
minReadySeconds: {{ .Values.replica.minReadySeconds }}
{{- end }}
{{- if .Values.replica.podManagementPolicy }}
diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml
index 422d4c6e5..ae2e255fb 100644
--- a/charts/bitnami/airflow/values.yaml
+++ b/charts/bitnami/airflow/values.yaml
@@ -118,7 +118,7 @@ dags:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r94
+ tag: 11-debian-11-r97
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -185,7 +185,7 @@ web:
image:
registry: docker.io
repository: bitnami/airflow
- tag: 2.5.1-debian-11-r16
+ tag: 2.5.2-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -443,7 +443,7 @@ scheduler:
image:
registry: docker.io
repository: bitnami/airflow-scheduler
- tag: 2.5.1-debian-11-r17
+ tag: 2.5.2-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -647,7 +647,7 @@ worker:
image:
registry: docker.io
repository: bitnami/airflow-worker
- tag: 2.5.1-debian-11-r17
+ tag: 2.5.2-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -920,7 +920,7 @@ git:
image:
registry: docker.io
repository: bitnami/git
- tag: 2.39.2-debian-11-r8
+ tag: 2.40.0-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1283,7 +1283,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/airflow-exporter
- tag: 0.20220314.0-debian-11-r99
+ tag: 0.20220314.0-debian-11-r101
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/mariadb/Chart.lock b/charts/bitnami/mariadb/Chart.lock
index 9b535546c..ea921218d 100644
--- a/charts/bitnami/mariadb/Chart.lock
+++ b/charts/bitnami/mariadb/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2023-02-17T18:41:00.54667787Z"
+ version: 2.2.4
+digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
+generated: "2023-03-18T22:59:57.930574974Z"
diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml
index 34fa406c4..f9a428c23 100644
--- a/charts/bitnami/mariadb/Chart.yaml
+++ b/charts/bitnami/mariadb/Chart.yaml
@@ -32,4 +32,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
-version: 11.5.3
+version: 11.5.4
diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md
index c77223837..48e1a78d6 100644
--- a/charts/bitnami/mariadb/README.md
+++ b/charts/bitnami/mariadb/README.md
@@ -82,28 +82,28 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB common parameters
-| Name | Description | Value |
-| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
-| `image.registry` | MariaDB image registry | `docker.io` |
-| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
-| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r9` |
-| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
-| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
-| `image.debug` | Specify if debug logs should be enabled | `false` |
-| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
-| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
-| `auth.database` | Name for a custom database to create | `my_database` |
-| `auth.username` | Name for a custom user to create | `""` |
-| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
-| `auth.replicationUser` | MariaDB replication user | `replicator` |
-| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
-| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
-| `auth.forcePassword` | Force users to specify required passwords | `false` |
-| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
-| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
-| `initdbScripts` | Dictionary of initdb scripts | `{}` |
-| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
+| Name | Description | Value |
+| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
+| `image.registry` | MariaDB image registry | `docker.io` |
+| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
+| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r13` |
+| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
+| `image.debug` | Specify if debug logs should be enabled | `false` |
+| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
+| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
+| `auth.database` | Name for a custom database to create | `my_database` |
+| `auth.username` | Name for a custom user to create | `""` |
+| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
+| `auth.replicationUser` | MariaDB replication user | `replicator` |
+| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
+| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
+| `auth.forcePassword` | Force users to specify required passwords | `false` |
+| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
+| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
+| `initdbScripts` | Dictionary of initdb scripts | `{}` |
+| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
@@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r94` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
-| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
+| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r99` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -557,4 +557,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
\ No newline at end of file
diff --git a/charts/bitnami/mariadb/charts/common/Chart.yaml b/charts/bitnami/mariadb/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/mariadb/charts/common/Chart.yaml
+++ b/charts/bitnami/mariadb/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/mariadb/charts/common/README.md b/charts/bitnami/mariadb/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/mariadb/charts/common/README.md
+++ b/charts/bitnami/mariadb/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/mariadb/charts/common/templates/_images.tpl b/charts/bitnami/mariadb/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/mariadb/charts/common/templates/_images.tpl
+++ b/charts/bitnami/mariadb/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml
index 7918eac9f..e0b774aeb 100644
--- a/charts/bitnami/mariadb/values.yaml
+++ b/charts/bitnami/mariadb/values.yaml
@@ -87,7 +87,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
- tag: 10.6.12-debian-11-r9
+ tag: 10.6.12-debian-11-r13
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1001,7 +1001,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r94
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@@ -1037,7 +1037,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
- tag: 0.14.0-debian-11-r96
+ tag: 0.14.0-debian-11-r99
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml
index 33a46c593..add6ad589 100644
--- a/charts/bitnami/postgresql/Chart.yaml
+++ b/charts/bitnami/postgresql/Chart.yaml
@@ -32,4 +32,4 @@ name: postgresql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/postgresql
- https://www.postgresql.org/
-version: 12.2.3
+version: 12.2.5
diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md
index 89de9e4c7..343875879 100644
--- a/charts/bitnami/postgresql/README.md
+++ b/charts/bitnami/postgresql/README.md
@@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release
| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `image.registry` | PostgreSQL image registry | `docker.io` |
| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` |
-| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r11` |
+| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r13` |
| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify image pull secrets | `[]` |
@@ -377,7 +377,7 @@ kubectl delete pvc -l release=my-release
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r96` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml
index 65c09d49a..19765b1c7 100644
--- a/charts/bitnami/postgresql/values.yaml
+++ b/charts/bitnami/postgresql/values.yaml
@@ -95,7 +95,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/postgresql
- tag: 15.2.0-debian-11-r11
+ tag: 15.2.0-debian-11-r13
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1136,7 +1136,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r96
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/redis/Chart.lock b/charts/bitnami/redis/Chart.lock
index 9d89ddcef..09dfa460f 100644
--- a/charts/bitnami/redis/Chart.lock
+++ b/charts/bitnami/redis/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2023-02-14T22:31:24.380931903Z"
+ version: 2.2.4
+digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
+generated: "2023-03-19T00:36:11.095928642Z"
diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml
index f57ba73a6..2b2857f6b 100644
--- a/charts/bitnami/redis/Chart.yaml
+++ b/charts/bitnami/redis/Chart.yaml
@@ -6,7 +6,7 @@ annotations:
category: Database
licenses: Apache-2.0
apiVersion: v2
-appVersion: 7.0.9
+appVersion: 7.0.10
dependencies:
- name: common
repository: file://./charts/common
@@ -28,4 +28,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/redis
-version: 17.8.5
+version: 17.8.7
diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md
index 069b06b87..4b1d4f591 100644
--- a/charts/bitnami/redis/README.md
+++ b/charts/bitnami/redis/README.md
@@ -95,15 +95,15 @@ The command removes all the Kubernetes components associated with the chart and
### Redis® Image parameters
-| Name | Description | Value |
-| ------------------- | ---------------------------------------------------------------------------------------------------------- | -------------------- |
-| `image.registry` | Redis® image registry | `docker.io` |
-| `image.repository` | Redis® image repository | `bitnami/redis` |
-| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.9-debian-11-r1` |
-| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` |
-| `image.pullSecrets` | Redis® image pull secrets | `[]` |
-| `image.debug` | Enable image debug mode | `false` |
+| Name | Description | Value |
+| ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- |
+| `image.registry` | Redis® image registry | `docker.io` |
+| `image.repository` | Redis® image repository | `bitnami/redis` |
+| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.0.10-debian-11-r0` |
+| `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Redis® image pull secrets | `[]` |
+| `image.debug` | Enable image debug mode | `false` |
### Redis® common configuration parameters
@@ -333,7 +333,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` |
| `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` |
| `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` |
-| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.9-debian-11-r0` |
+| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.0.9-debian-11-r5` |
| `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` |
| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` |
@@ -449,7 +449,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` |
| `metrics.image.registry` | Redis® Exporter image registry | `docker.io` |
| `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` |
-| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.47.0-debian-11-r1` |
+| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.48.0-debian-11-r5` |
| `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` |
@@ -514,7 +514,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r92` |
+| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@@ -524,7 +524,7 @@ The command removes all the Kubernetes components associated with the chart and
| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` |
| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` |
| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r92` |
+| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `sysctl.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@@ -934,4 +934,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
\ No newline at end of file
diff --git a/charts/bitnami/redis/charts/common/Chart.yaml b/charts/bitnami/redis/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/redis/charts/common/Chart.yaml
+++ b/charts/bitnami/redis/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/redis/charts/common/README.md b/charts/bitnami/redis/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/redis/charts/common/README.md
+++ b/charts/bitnami/redis/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/redis/charts/common/templates/_images.tpl b/charts/bitnami/redis/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/redis/charts/common/templates/_images.tpl
+++ b/charts/bitnami/redis/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml
index 8fa7f0bdc..879b02b6f 100644
--- a/charts/bitnami/redis/values.yaml
+++ b/charts/bitnami/redis/values.yaml
@@ -82,7 +82,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/redis
- tag: 7.0.9-debian-11-r1
+ tag: 7.0.10-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -995,7 +995,7 @@ sentinel:
image:
registry: docker.io
repository: bitnami/redis-sentinel
- tag: 7.0.9-debian-11-r0
+ tag: 7.0.9-debian-11-r5
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1428,7 +1428,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/redis-exporter
- tag: 1.47.0-debian-11-r1
+ tag: 1.48.0-debian-11-r5
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1679,7 +1679,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r92
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -1727,7 +1727,7 @@ sysctl:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r92
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/spark/Chart.lock b/charts/bitnami/spark/Chart.lock
index 09869f824..daecb86d1 100644
--- a/charts/bitnami/spark/Chart.lock
+++ b/charts/bitnami/spark/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2023-02-17T20:43:52.500017625Z"
+ version: 2.2.4
+digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
+generated: "2023-03-19T03:00:05.496146746Z"
diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml
index 4aa4d88dc..78e670274 100644
--- a/charts/bitnami/spark/Chart.yaml
+++ b/charts/bitnami/spark/Chart.yaml
@@ -28,4 +28,4 @@ name: spark
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/spark
- https://spark.apache.org/
-version: 6.4.0
+version: 6.4.1
diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md
index c15ea3804..c7f7a1e51 100644
--- a/charts/bitnami/spark/README.md
+++ b/charts/bitnami/spark/README.md
@@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | Spark image registry | `docker.io` |
| `image.repository` | Spark image repository | `bitnami/spark` |
-| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r3` |
+| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r9` |
| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -478,4 +478,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
\ No newline at end of file
diff --git a/charts/bitnami/spark/charts/common/Chart.yaml b/charts/bitnami/spark/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/spark/charts/common/Chart.yaml
+++ b/charts/bitnami/spark/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/spark/charts/common/README.md b/charts/bitnami/spark/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/spark/charts/common/README.md
+++ b/charts/bitnami/spark/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/spark/charts/common/templates/_images.tpl b/charts/bitnami/spark/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/spark/charts/common/templates/_images.tpl
+++ b/charts/bitnami/spark/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml
index f987b61fb..dd4f057ba 100644
--- a/charts/bitnami/spark/values.yaml
+++ b/charts/bitnami/spark/values.yaml
@@ -92,7 +92,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/spark
- tag: 3.3.2-debian-11-r3
+ tag: 3.3.2-debian-11-r9
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml
index 06da11219..35721d1ec 100644
--- a/charts/bitnami/tomcat/Chart.yaml
+++ b/charts/bitnami/tomcat/Chart.yaml
@@ -32,4 +32,4 @@ name: tomcat
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org
-version: 10.5.19
+version: 10.5.20
diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md
index b8f20dae2..d8a6b99b5 100644
--- a/charts/bitnami/tomcat/README.md
+++ b/charts/bitnami/tomcat/README.md
@@ -81,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | --------------------- |
| `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
-| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.7-debian-11-r0` |
+| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.7-debian-11-r1` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -202,7 +202,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r96` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -217,7 +217,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
-| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r1` |
+| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r3` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml
index 07c1bfe29..9c4715fde 100644
--- a/charts/bitnami/tomcat/values.yaml
+++ b/charts/bitnami/tomcat/values.yaml
@@ -58,7 +58,7 @@ extraDeploy: []
image:
registry: docker.io
repository: bitnami/tomcat
- tag: 10.1.7-debian-11-r0
+ tag: 10.1.7-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -576,7 +576,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r96
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -636,7 +636,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/jmx-exporter
- tag: 0.18.0-debian-11-r1
+ tag: 0.18.0-debian-11-r3
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock
index 2f32c99c5..2fea55f08 100644
--- a/charts/bitnami/wordpress/Chart.lock
+++ b/charts/bitnami/wordpress/Chart.lock
@@ -1,12 +1,12 @@
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
- version: 6.3.12
+ version: 6.3.13
- name: mariadb
repository: https://charts.bitnami.com/bitnami
- version: 11.5.3
+ version: 11.5.4
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.2.4
-digest: sha256:2564cc5268ba7d6517e83a933c5092b28af3c6573888fb0bce19558f594de505
-generated: "2023-03-14T17:33:46.883760239Z"
+digest: sha256:6cdf6880c17e68dc3717a6b1d6bc0b4150f2de2eadf7a2d3fe71386eff623658
+generated: "2023-03-19T02:05:20.005606461Z"
diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml
index 54330c39b..eceb3243e 100644
--- a/charts/bitnami/wordpress/Chart.yaml
+++ b/charts/bitnami/wordpress/Chart.yaml
@@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
-version: 15.2.55
+version: 15.2.56
diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md
index 061b8fa1a..6413a9dc6 100644
--- a/charts/bitnami/wordpress/README.md
+++ b/charts/bitnami/wordpress/README.md
@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
-| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r66` |
+| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r67` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@@ -247,7 +247,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r96` |
+| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@@ -279,7 +279,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
-| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r7` |
+| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r8` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.lock b/charts/bitnami/wordpress/charts/mariadb/Chart.lock
index 9b535546c..ea921218d 100644
--- a/charts/bitnami/wordpress/charts/mariadb/Chart.lock
+++ b/charts/bitnami/wordpress/charts/mariadb/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2023-02-17T18:41:00.54667787Z"
+ version: 2.2.4
+digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
+generated: "2023-03-18T22:59:57.930574974Z"
diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml
index 96eee1b81..30e79743d 100644
--- a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml
@@ -28,4 +28,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mariadb
- https://github.com/prometheus/mysqld_exporter
- https://mariadb.org
-version: 11.5.3
+version: 11.5.4
diff --git a/charts/bitnami/wordpress/charts/mariadb/README.md b/charts/bitnami/wordpress/charts/mariadb/README.md
index c77223837..48e1a78d6 100644
--- a/charts/bitnami/wordpress/charts/mariadb/README.md
+++ b/charts/bitnami/wordpress/charts/mariadb/README.md
@@ -82,28 +82,28 @@ The command removes all the Kubernetes components associated with the chart and
### MariaDB common parameters
-| Name | Description | Value |
-| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
-| `image.registry` | MariaDB image registry | `docker.io` |
-| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
-| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r9` |
-| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
-| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
-| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
-| `image.debug` | Specify if debug logs should be enabled | `false` |
-| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
-| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
-| `auth.database` | Name for a custom database to create | `my_database` |
-| `auth.username` | Name for a custom user to create | `""` |
-| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
-| `auth.replicationUser` | MariaDB replication user | `replicator` |
-| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
-| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
-| `auth.forcePassword` | Force users to specify required passwords | `false` |
-| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
-| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
-| `initdbScripts` | Dictionary of initdb scripts | `{}` |
-| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
+| Name | Description | Value |
+| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
+| `image.registry` | MariaDB image registry | `docker.io` |
+| `image.repository` | MariaDB image repository | `bitnami/mariadb` |
+| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r13` |
+| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
+| `image.debug` | Specify if debug logs should be enabled | `false` |
+| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` |
+| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` |
+| `auth.database` | Name for a custom database to create | `my_database` |
+| `auth.username` | Name for a custom user to create | `""` |
+| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
+| `auth.replicationUser` | MariaDB replication user | `replicator` |
+| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` |
+| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` |
+| `auth.forcePassword` | Force users to specify required passwords | `false` |
+| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` |
+| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
+| `initdbScripts` | Dictionary of initdb scripts | `{}` |
+| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MariaDB Primary parameters
@@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r94` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
-| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r96` |
+| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r99` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -557,4 +557,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.
\ No newline at end of file
diff --git a/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md b/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md
+++ b/charts/bitnami/wordpress/charts/mariadb/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl b/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl
+++ b/charts/bitnami/wordpress/charts/mariadb/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/wordpress/charts/mariadb/values.yaml b/charts/bitnami/wordpress/charts/mariadb/values.yaml
index 7918eac9f..e0b774aeb 100644
--- a/charts/bitnami/wordpress/charts/mariadb/values.yaml
+++ b/charts/bitnami/wordpress/charts/mariadb/values.yaml
@@ -87,7 +87,7 @@ serviceBindings:
image:
registry: docker.io
repository: bitnami/mariadb
- tag: 10.6.12-debian-11-r9
+ tag: 10.6.12-debian-11-r13
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1001,7 +1001,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r94
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
@@ -1037,7 +1037,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
- tag: 0.14.0-debian-11-r96
+ tag: 0.14.0-debian-11-r99
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml
index 0e87650b7..a814eced2 100644
--- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml
@@ -24,4 +24,4 @@ name: memcached
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/memcached
- http://memcached.org/
-version: 6.3.12
+version: 6.3.13
diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md
index 0911c0574..066ca5b44 100644
--- a/charts/bitnami/wordpress/charts/memcached/README.md
+++ b/charts/bitnami/wordpress/charts/memcached/README.md
@@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Memcached image registry | `docker.io` |
| `image.repository` | Memcached image repository | `bitnami/memcached` |
-| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.19-debian-11-r0` |
+| `image.tag` | Memcached image tag (immutable tags are recommended) | `1.6.19-debian-11-r3` |
| `image.digest` | Memcached image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -207,7 +207,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r95` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -217,7 +217,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Memcached exporter image registry | `docker.io` |
| `metrics.image.repository` | Memcached exporter image repository | `bitnami/memcached-exporter` |
-| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.11.2-debian-11-r0` |
+| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.11.2-debian-11-r2` |
| `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
diff --git a/charts/bitnami/wordpress/charts/memcached/values.yaml b/charts/bitnami/wordpress/charts/memcached/values.yaml
index e116d3c3c..89b1a7a61 100644
--- a/charts/bitnami/wordpress/charts/memcached/values.yaml
+++ b/charts/bitnami/wordpress/charts/memcached/values.yaml
@@ -70,7 +70,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/memcached
- tag: 1.6.19-debian-11-r0
+ tag: 1.6.19-debian-11-r3
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -512,7 +512,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r95
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -557,7 +557,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/memcached-exporter
- tag: 0.11.2-debian-11-r0
+ tag: 0.11.2-debian-11-r2
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml
index 70fe52197..82b91092d 100644
--- a/charts/bitnami/wordpress/values.yaml
+++ b/charts/bitnami/wordpress/values.yaml
@@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
- tag: 6.1.1-debian-11-r66
+ tag: 6.1.1-debian-11-r67
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -757,7 +757,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r96
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -851,7 +851,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
- tag: 0.13.0-debian-11-r7
+ tag: 0.13.0-debian-11-r8
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/zookeeper/Chart.lock b/charts/bitnami/zookeeper/Chart.lock
index db268a715..4cd9a8ba3 100644
--- a/charts/bitnami/zookeeper/Chart.lock
+++ b/charts/bitnami/zookeeper/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
- version: 2.2.3
-digest: sha256:2c7165542fc01b9e98b577cd8b1095d0ed8267d34b97b6e581a1176bfb8e4dcb
-generated: "2023-02-17T20:26:24.808959946Z"
+ version: 2.2.4
+digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
+generated: "2023-03-19T02:06:13.108650823Z"
diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml
index 95936e364..0b02cbb9d 100644
--- a/charts/bitnami/zookeeper/Chart.yaml
+++ b/charts/bitnami/zookeeper/Chart.yaml
@@ -26,4 +26,4 @@ name: zookeeper
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
- https://zookeeper.apache.org/
-version: 11.1.4
+version: 11.1.5
diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md
index 5296484a2..eebf64f34 100644
--- a/charts/bitnami/zookeeper/README.md
+++ b/charts/bitnami/zookeeper/README.md
@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
-| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r9` |
+| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r15` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r98` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
diff --git a/charts/bitnami/zookeeper/charts/common/Chart.yaml b/charts/bitnami/zookeeper/charts/common/Chart.yaml
index 031ee0fd4..8583e628a 100644
--- a/charts/bitnami/zookeeper/charts/common/Chart.yaml
+++ b/charts/bitnami/zookeeper/charts/common/Chart.yaml
@@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
-appVersion: 2.2.3
+appVersion: 2.2.4
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://github.com/bitnami/charts/tree/main/bitnami/common
@@ -21,4 +21,4 @@ sources:
- https://github.com/bitnami/charts
- https://www.bitnami.com/
type: library
-version: 2.2.3
+version: 2.2.4
diff --git a/charts/bitnami/zookeeper/charts/common/README.md b/charts/bitnami/zookeeper/charts/common/README.md
index 8f3bda37d..825639f2a 100644
--- a/charts/bitnami/zookeeper/charts/common/README.md
+++ b/charts/bitnami/zookeeper/charts/common/README.md
@@ -12,7 +12,7 @@ dependencies:
```
```console
-$ helm dependency update
+helm dependency update
```
```yaml
@@ -37,124 +37,6 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
## Parameters
-The following table lists the helpers available in the library which are scoped in different sections.
-
-### Affinities
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|------------------------------------------------------|------------------------------------------------|
-| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` |
-| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` |
-| `common.affinities.topologyKey` | Return a topologyKey definition | `dict "topologyKey" "FOO"` |
-
-### Capabilities
-
-| Helper identifier | Description | Expected Input |
-|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------|
-| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context |
-| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context |
-| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context |
-| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context |
-| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context |
-| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context |
-| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context |
-| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context |
-| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context |
-| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context |
-| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context |
-| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context |
-
-### Errors
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
-| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` |
-
-### Images
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. |
-| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` |
-| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` |
-
-### Ingress
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences |
-| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context |
-| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context |
-| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` |
-
-### Labels
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------|-----------------------------------------------------------------------------|-------------------|
-| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context |
-| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context |
-
-### Names
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|-----------------------------------------------------------------------|-------------------|
-| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context |
-| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context |
-| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context |
-| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context |
-| `common.names.chart` | Chart name plus version | `.` Chart context |
-
-### Secrets
-
-| Helper identifier | Description | Expected Input |
-|-----------------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. |
-| `common.secrets.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. |
-| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` |
-
-### Storage
-
-| Helper identifier | Description | Expected Input |
-|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------|
-| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. |
-
-### TplValues
-
-| Helper identifier | Description | Expected Input |
-|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` |
-
-### Utils
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` |
-| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` |
-| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` |
-| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` |
-
-### Validations
-
-| Helper identifier | Description | Expected Input |
-|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) |
-| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) |
-| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. |
-| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. |
-| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. |
-| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. |
-| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. |
-| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. |
-
-### Warnings
-
-| Helper identifier | Description | Expected Input |
-|------------------------------|----------------------------------|------------------------------------------------------------|
-| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. |
-
## Special input schemas
### ImageRoot
@@ -300,7 +182,7 @@ keyMapping:
If we force those values to be empty we will see some alerts
```console
-$ helm install test mychart --set path.to.value00="",path.to.value01=""
+helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
@@ -316,23 +198,23 @@ $ helm install test mychart --set path.to.value00="",path.to.value01=""
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
-**What changes were introduced in this major version?**
+#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
-**Considerations when upgrading to this version**
+#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
-**Useful links**
+#### Useful links
-- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/
-- https://helm.sh/docs/topics/v2_v3_migration/
-- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/
+-
+-
+-
## License
@@ -342,7 +224,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/charts/bitnami/zookeeper/charts/common/templates/_images.tpl b/charts/bitnami/zookeeper/charts/common/templates/_images.tpl
index b06071492..2e7b15151 100644
--- a/charts/bitnami/zookeeper/charts/common/templates/_images.tpl
+++ b/charts/bitnami/zookeeper/charts/common/templates/_images.tpl
@@ -17,7 +17,11 @@ Return the proper image name
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
-{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
{{- end -}}
{{/*
diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml
index b03fcdf9a..617febf4a 100644
--- a/charts/bitnami/zookeeper/values.yaml
+++ b/charts/bitnami/zookeeper/values.yaml
@@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
- tag: 3.8.1-debian-11-r9
+ tag: 3.8.1-debian-11-r15
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r90
+ tag: 11-debian-11-r98
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
index c51b03e94..fb2a513d9 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml
@@ -4,18 +4,18 @@ annotations:
catalog.cattle.io/kube-version: '>=v1.16.0-0'
catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller
apiVersion: v2
-appVersion: 1.29.5
+appVersion: 1.30.1
description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running
as sidecar.
-home: https://www.citrix.com
+home: https://www.cloud.com
icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
kubeVersion: '>=v1.16.0-0'
maintainers:
-- email: priyanka.sharma@citrix.com
+- email: priyanka.sharma@cloud.com
name: priyankash-citrix
-- email: subash.dangol@citrix.com
+- email: subash.dangol@cloud.com
name: subashd
name: citrix-cpx-with-ingress-controller
sources:
- https://github.com/citrix/citrix-k8s-ingress-controller
-version: 1.29.5
+version: 1.30.1
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/README.md b/charts/citrix/citrix-cpx-with-ingress-controller/README.md
index accfd0af3..99d689131 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/README.md
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/README.md
@@ -455,7 +455,7 @@ The following table lists the configurable parameters of the Citrix ADC CPX with
| daemonSet | Optional | False | Set this to true if Citrix ADC CPX needs to be deployed as DaemonSet. |
| cic.imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry |
| cic.imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository |
-| cic.imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag |
+| cic.imageTag | Mandatory | `1.30.1` | The Citrix ingress controller image tag |
| cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. |
| cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX |
| cic.resources | Optional | {} | CPU/Memory resource requests/limits for Citrix Ingress Controller container |
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
index 54c7c448d..b1c287d23 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml
@@ -524,7 +524,7 @@ spec:
type: array
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
header_name:
description: "HTTP header that identifies the unique API client for e.g. X-apikey"
type: string
@@ -1089,7 +1089,7 @@ spec:
type: array
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
required:
- path
expression:
@@ -1129,7 +1129,7 @@ spec:
type: array
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
claims:
description: 'authorization scopes required for selected resource saved as claims or attributes'
type: array
@@ -1170,7 +1170,6 @@ metadata:
{{- end }}
spec:
group: citrix.com
- version: null
names:
kind: Listener
plural: listeners
@@ -1447,7 +1446,6 @@ metadata:
{{- end }}
spec:
group: citrix.com
- version: null
names:
kind: HTTPRoute
plural: httproutes
@@ -1815,7 +1813,7 @@ spec:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
- type: string
+ type: object
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:
@@ -1833,7 +1831,7 @@ spec:
description: "List of http methods to inspect"
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
header:
type: array
description: "List of http headers to inspect"
@@ -1980,7 +1978,7 @@ spec:
description: "List of http methods to inspect"
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
header:
type: array
description: "List of http headers to inspect"
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
index 815fe6bd3..d7d610ea0 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml
@@ -151,7 +151,7 @@ spec:
value: "local"
{{- end }}
- name: "NS_APPS_NAME_PREFIX"
- value: {{ .Values.entityPrefix | default "k8s"}}
+ value: {{ .Values.entityPrefix | default "k8s"| quote }}
- name: "NS_DEPLOYMENT_MODE"
value: "SIDECAR"
{{- if and .Values.openshift .Values.routeLabels }}
diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
index 65a8dc2ef..0adcb9205 100644
--- a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
+++ b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml
@@ -82,7 +82,7 @@ servicePorts: []
cic:
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
- imageTag: 1.29.5
+ imageTag: 1.30.1
image: "{{ .Values.cic.imageRegistry }}/{{ .Values.cic.imageRepository }}:{{ .Values.cic.imageTag }}"
pullPolicy: IfNotPresent
required: true
diff --git a/charts/citrix/citrix-ingress-controller/Chart.yaml b/charts/citrix/citrix-ingress-controller/Chart.yaml
index ecd39f165..9f70d06cc 100644
--- a/charts/citrix/citrix-ingress-controller/Chart.yaml
+++ b/charts/citrix/citrix-ingress-controller/Chart.yaml
@@ -4,17 +4,17 @@ annotations:
catalog.cattle.io/kube-version: '>=v1.16.0-0'
catalog.cattle.io/release-name: citrix-ingress-controller
apiVersion: v2
-appVersion: 1.29.5
+appVersion: 1.30.1
description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX.
-home: https://www.citrix.com
+home: https://www.cloud.com
icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
kubeVersion: '>=v1.16.0-0'
maintainers:
-- email: priyanka.sharma@citrix.com
+- email: priyanka.sharma@cloud.com
name: priyankash-citrix
-- email: subash.dangol@citrix.com
+- email: subash.dangol@cloud.com
name: subashd
name: citrix-ingress-controller
sources:
- https://github.com/citrix/citrix-k8s-ingress-controller
-version: 1.29.5
+version: 1.30.1
diff --git a/charts/citrix/citrix-ingress-controller/README.md b/charts/citrix/citrix-ingress-controller/README.md
index 402ca6521..f4751b7ac 100644
--- a/charts/citrix/citrix-ingress-controller/README.md
+++ b/charts/citrix/citrix-ingress-controller/README.md
@@ -316,7 +316,7 @@ The following table lists the mandatory and optional parameters that you can con
| license.accept | Mandatory | no | Set `yes` to accept the CIC end user license agreement. |
| imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry |
| imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository |
-| imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag |
+| imageTag | Mandatory | `1.30.1` | The Citrix ingress controller image tag |
| pullPolicy | Mandatory | IfNotPresent | The CIC image pull policy. |
| imagePullSecrets | Optional | N/A | Provide list of Kubernetes secrets to be used for pulling the images from a private Docker registry or repository. For more information on how to create this secret please see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). |
| nameOverride | Optional | N/A | String to partially override deployment fullname template with a string (will prepend the release name) |
diff --git a/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml b/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
index 54c7c448d..b1c287d23 100644
--- a/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
+++ b/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml
@@ -524,7 +524,7 @@ spec:
type: array
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
header_name:
description: "HTTP header that identifies the unique API client for e.g. X-apikey"
type: string
@@ -1089,7 +1089,7 @@ spec:
type: array
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
required:
- path
expression:
@@ -1129,7 +1129,7 @@ spec:
type: array
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
claims:
description: 'authorization scopes required for selected resource saved as claims or attributes'
type: array
@@ -1170,7 +1170,6 @@ metadata:
{{- end }}
spec:
group: citrix.com
- version: null
names:
kind: Listener
plural: listeners
@@ -1447,7 +1446,6 @@ metadata:
{{- end }}
spec:
group: citrix.com
- version: null
names:
kind: HTTPRoute
plural: httproutes
@@ -1815,7 +1813,7 @@ spec:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
- type: string
+ type: object
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:
@@ -1833,7 +1831,7 @@ spec:
description: "List of http methods to inspect"
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
header:
type: array
description: "List of http headers to inspect"
@@ -1980,7 +1978,7 @@ spec:
description: "List of http methods to inspect"
items:
type: string
- enum: ['GET', 'PUT', 'POST','DELETE']
+ enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT', 'UNKNOWN_METHOD']
header:
type: array
description: "List of http headers to inspect"
diff --git a/charts/citrix/citrix-ingress-controller/templates/citrix-k8s-ingress.yaml b/charts/citrix/citrix-ingress-controller/templates/citrix-k8s-ingress.yaml
index a69534647..ac0ba09fa 100644
--- a/charts/citrix/citrix-ingress-controller/templates/citrix-k8s-ingress.yaml
+++ b/charts/citrix/citrix-ingress-controller/templates/citrix-k8s-ingress.yaml
@@ -126,7 +126,7 @@ spec:
value: {{ .Values.namespaceLabels | quote }}
{{- end }}
- name: "NS_APPS_NAME_PREFIX"
- value: {{ .Values.entityPrefix | default "k8s"}}
+ value: {{ .Values.entityPrefix | default "k8s"| quote }}
{{- if .Values.kubernetesURL }}
- name: "kubernetes_url"
value: "{{ .Values.kubernetesURL }}"
diff --git a/charts/citrix/citrix-ingress-controller/values.yaml b/charts/citrix/citrix-ingress-controller/values.yaml
index 480aab871..7c1531e05 100644
--- a/charts/citrix/citrix-ingress-controller/values.yaml
+++ b/charts/citrix/citrix-ingress-controller/values.yaml
@@ -5,7 +5,7 @@
# Citrix Ingress Controller config details
imageRegistry: quay.io
imageRepository: citrix/citrix-k8s-ingress-controller
-imageTag: 1.29.5
+imageTag: 1.30.1
image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}"
pullPolicy: IfNotPresent
imagePullSecrets: []
diff --git a/charts/codefresh/cf-runtime/Chart.yaml b/charts/codefresh/cf-runtime/Chart.yaml
index 64d2bc210..cd73f0b88 100644
--- a/charts/codefresh/cf-runtime/Chart.yaml
+++ b/charts/codefresh/cf-runtime/Chart.yaml
@@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: cf-runtime
apiVersion: v2
-appVersion: 1.9.11
+appVersion: 1.9.12
description: A Helm chart for Codefresh Runner
icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
name: cf-runtime
type: application
-version: 1.9.11
+version: 1.9.12
diff --git a/charts/codefresh/cf-runtime/templates/volume-provisioner/_helpers.tpl b/charts/codefresh/cf-runtime/templates/volume-provisioner/_helpers.tpl
index 55615599d..bc019fdbf 100644
--- a/charts/codefresh/cf-runtime/templates/volume-provisioner/_helpers.tpl
+++ b/charts/codefresh/cf-runtime/templates/volume-provisioner/_helpers.tpl
@@ -83,7 +83,7 @@ codefresh.io/application: pv-cleanup
{{- define "cf-vp.docker-image-cleanup-cron" -}}
{{- if ne .Values.dockerRegistry ""}}
-{{- .Values.dockerRegistry }}/codefresh/dind-volume-cleanup
-{{- else }}codefresh/dind-volume-cleanup
+{{- .Values.dockerRegistry }}/codefresh/dind-volume-cleanup:1.2.0
+{{- else }}codefresh/dind-volume-cleanup:1.2.0
{{- end}}
{{- end }}
diff --git a/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml b/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml
index 2e6f9c569..378b1dc52 100644
--- a/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml
+++ b/charts/codefresh/cf-runtime/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml
@@ -9,7 +9,7 @@ rules:
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
- verbs: [ "get", "list", "watch", "update" ]
+ verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
diff --git a/charts/codefresh/cf-runtime/templates/volume-provisioner/cron-job.dind-volume-cleanup.vp.yaml b/charts/codefresh/cf-runtime/templates/volume-provisioner/cron-job.dind-volume-cleanup.vp.yaml
index 3a312cade..e54b33d42 100644
--- a/charts/codefresh/cf-runtime/templates/volume-provisioner/cron-job.dind-volume-cleanup.vp.yaml
+++ b/charts/codefresh/cf-runtime/templates/volume-provisioner/cron-job.dind-volume-cleanup.vp.yaml
@@ -22,4 +22,8 @@ spec:
env:
- name: PROVISIONED_BY
value: {{ include "cf-vp.volumeProvisionerName" . }}
+ securityContext:
+ fsGroup: 3000
+ runAsGroup: 3000
+ runAsUser: 3000
{{- end }}
diff --git a/charts/codefresh/cf-runtime/values.yaml b/charts/codefresh/cf-runtime/values.yaml
index f380bb8ae..ad615e6f1 100644
--- a/charts/codefresh/cf-runtime/values.yaml
+++ b/charts/codefresh/cf-runtime/values.yaml
@@ -24,7 +24,7 @@ dockerRegistry: "quay.io" # Registry prefix for the runtime images (default quay
newRelicLicense: "" # NEWRELIC_LICENSE_KEY (for app-proxy and runner deployments)
runner: # Runner Deployment
- image: "codefresh/venona:1.9.11"
+ image: "codefresh/venona:1.9.12"
env: {}
## e.g:
# env:
diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock
index b175facec..be2c48830 100644
--- a/charts/crate/crate-operator/Chart.lock
+++ b/charts/crate/crate-operator/Chart.lock
@@ -1,6 +1,6 @@
dependencies:
- name: crate-operator-crds
repository: file://../crate-operator-crds
- version: 2.23.0
-digest: sha256:3fffe754574fad639050c4717e064e275fc0fb165dd21fc4564feb66cba406b1
-generated: "2023-02-28T11:48:10.16603821Z"
+ version: 2.24.0
+digest: sha256:c49ffbfea5a0a2668a0bf2c1f87add413268b36b82fee73c642411176c45a6c5
+generated: "2023-03-21T14:36:08.260603114Z"
diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml
index 8a244f5b1..e0e68dcf4 100644
--- a/charts/crate/crate-operator/Chart.yaml
+++ b/charts/crate/crate-operator/Chart.yaml
@@ -3,16 +3,16 @@ annotations:
catalog.cattle.io/display-name: CrateDB Operator
catalog.cattle.io/release-name: crate-operator
apiVersion: v2
-appVersion: 2.23.0
+appVersion: 2.24.0
dependencies:
- condition: crate-operator-crds.enabled
name: crate-operator-crds
repository: file://./charts/crate-operator-crds
- version: 2.23.0
+ version: 2.24.0
description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
maintainers:
- name: Crate.io
name: crate-operator
type: application
-version: 2.23.0
+version: 2.24.0
diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
index 7073c04cc..d7ae325bf 100644
--- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
+++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml
@@ -1,9 +1,9 @@
apiVersion: v2
-appVersion: 2.23.0
+appVersion: 2.24.0
description: Crate Operator CRDs - Helm chart for installing and upgrading Custom
Resource Definitions (CRDs) for the Crate Operator.
maintainers:
- name: Crate.io
name: crate-operator-crds
type: application
-version: 2.23.0
+version: 2.24.0
diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml
index b472dba5e..7a2bdae72 100644
--- a/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml
+++ b/charts/crate/crate-operator/charts/crate-operator-crds/templates/cratedbs-cloud-crate-io.yaml
@@ -28,6 +28,16 @@ spec:
jsonPath: .spec.nodes.data[?(@.name == "hot")].replicas
name: Nodes
type: number
+ - description: CPU Requests
+ jsonPath: .spec.nodes.data[?(@.name == "hot")].resources.requests.cpu
+ name: CPU_REQ
+ type: number
+ - description: CPU Limits
+ jsonPath: .spec.nodes.data[?(@.name == "hot")].resources.limits.cpu
+ name: CPU_LIM
+ type: number
+ # Only shown in wide mode (-o wide)
+ priority: 1
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
diff --git a/charts/crate/crate-operator/templates/rbac.yaml b/charts/crate/crate-operator/templates/rbac.yaml
index b0810d717..79e8617ce 100644
--- a/charts/crate/crate-operator/templates/rbac.yaml
+++ b/charts/crate/crate-operator/templates/rbac.yaml
@@ -58,6 +58,15 @@ rules:
- pods/exec
verbs:
- "*"
+# Required by kopf to scan for CRD Changes.
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - list
+ - watch
+
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md
index d2fe6e6b7..151a7fd57 100644
--- a/charts/datadog/datadog/CHANGELOG.md
+++ b/charts/datadog/datadog/CHANGELOG.md
@@ -1,5 +1,18 @@
# Datadog changelog
+# 3.20.3
+
+* Fix command script in linux init container to prevent blocking deployment in GKE Autopilot on Rapid release channel.
+* Only mount DogStatsD socket in non-Autopilot environments.
+
+# 3.20.2
+
+* Fix R/W volume mounts for CRI on Windows
+
+# 3.20.1
+
+* Fix command args in linux init container to prevent blocking deployment in GKE Autopilot.
+
# 3.20.0
* Enable CWS network detections by default.
diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml
index de290075e..ffa5b81da 100644
--- a/charts/datadog/datadog/Chart.yaml
+++ b/charts/datadog/datadog/Chart.yaml
@@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
-version: 3.20.0
+version: 3.20.3
diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md
index 82cccc2ed..ec2f991fe 100644
--- a/charts/datadog/datadog/README.md
+++ b/charts/datadog/datadog/README.md
@@ -1,6 +1,6 @@
# Datadog
- 
+ 
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
diff --git a/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml
index a5a3d80a0..fa85ce44e 100644
--- a/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml
+++ b/charts/datadog/datadog/templates/_container-cri-volumemounts.yaml
@@ -9,11 +9,9 @@
{{- if eq .Values.targetSystem "windows" }}
- name: runtimesocket
mountPath: {{ template "datadog.dockerOrCriSocketPath" . }}
- readOnly: true
{{- if not .Values.datadog.criSocketPath }}
-- name: containerdsocket
+- name: containerdsocket
mountPath: \\.\pipe\containerd-containerd
- readOnly: true
{{- end }}
{{- end }}
{{- end }}
diff --git a/charts/datadog/datadog/templates/_container-process-agent.yaml b/charts/datadog/datadog/templates/_container-process-agent.yaml
index cd78a068d..26f1747d9 100644
--- a/charts/datadog/datadog/templates/_container-process-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-process-agent.yaml
@@ -62,6 +62,9 @@
- name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth
readOnly: true
+ - name: dsdsocket
+ mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
+ readOnly: false # Need RW for UDS DSD socket
{{- end }}
- name: logdatadog
mountPath: /var/log/datadog
@@ -91,9 +94,6 @@
mountPath: /host/proc
mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
readOnly: true
- - name: dsdsocket
- mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
- readOnly: false # Need RW for UDS DSD socket
{{- if eq (include "should-enable-system-probe" .) "true" }}
- name: sysprobe-socket-dir
mountPath: /var/run/sysprobe
diff --git a/charts/datadog/datadog/templates/_container-security-agent.yaml b/charts/datadog/datadog/templates/_container-security-agent.yaml
index afd6fc22f..de63c391c 100644
--- a/charts/datadog/datadog/templates/_container-security-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-security-agent.yaml
@@ -58,6 +58,9 @@
- name: auth-token
mountPath: {{ template "datadog.confPath" . }}/auth
readOnly: true
+ - name: dsdsocket
+ mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
+ readOnly: false # Need RW for UDS DSD socket
{{- end }}
{{- if eq .Values.targetSystem "linux" }}
- name: logdatadog
@@ -66,9 +69,6 @@
- name: tmpdir
mountPath: /tmp
readOnly: false # Need RW to write to tmp directory
- - name: dsdsocket
- mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
- readOnly: false # Need RW for UDS DSD socket
{{- include "linux-container-host-release-volumemounts" . | nindent 4 }}
{{- end }}
{{- include "container-crisocket-volumemounts" . | nindent 4 }}
diff --git a/charts/datadog/datadog/templates/_containers-init-linux.yaml b/charts/datadog/datadog/templates/_containers-init-linux.yaml
index 9c70561b8..173a59cdf 100644
--- a/charts/datadog/datadog/templates/_containers-init-linux.yaml
+++ b/charts/datadog/datadog/templates/_containers-init-linux.yaml
@@ -2,12 +2,9 @@
- name: init-volume
image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
imagePullPolicy: {{ .Values.agents.image.pullPolicy }}
- command:
- - cp
+ command: ["bash", "-c"]
args:
- - -r
- - /etc/datadog-agent
- - /opt
+ - cp -r /etc/datadog-agent /opt
volumeMounts:
- name: config
mountPath: /opt/datadog-agent
@@ -21,10 +18,7 @@
- bash
- -c
args:
- - |
- for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort); do
- bash $script
- done
+ - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done
volumeMounts:
- name: logdatadog
mountPath: /var/log/datadog
diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml
index 0eefb4e39..5142bcf25 100644
--- a/charts/external-secrets/external-secrets/Chart.yaml
+++ b/charts/external-secrets/external-secrets/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: external-secrets
apiVersion: v2
-appVersion: v0.7.2
+appVersion: v0.8.1
description: External secret management for Kubernetes
home: https://github.com/external-secrets/external-secrets
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
@@ -17,4 +17,4 @@ maintainers:
name: mcavoyk
name: external-secrets
type: application
-version: 0.7.2
+version: 0.8.1
diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md
index f0ce109d2..7da27c880 100644
--- a/charts/external-secrets/external-secrets/README.md
+++ b/charts/external-secrets/external-secrets/README.md
@@ -4,7 +4,7 @@
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
- 
+ 
External secret management for Kubernetes
@@ -63,6 +63,7 @@ The command removes all the Kubernetes components associated with the chart and
| certController.replicaCount | int | `1` | |
| certController.requeueInterval | string | `"5m"` | |
| certController.resources | object | `{}` | |
+| certController.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| certController.securityContext | object | `{}` | |
| certController.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
| certController.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod |
@@ -76,6 +77,8 @@ The command removes all the Kubernetes components associated with the chart and
| certController.tolerations | list | `[]` | |
| concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. |
| controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. |
+| crds.annotations | object | `{}` | |
+| crds.conversion.enabled | bool | `true` | |
| crds.createClusterExternalSecret | bool | `true` | If true, create CRDs for Cluster External Secret. |
| crds.createClusterSecretStore | bool | `true` | If true, create CRDs for Cluster Secret Store. |
| crds.createPushSecret | bool | `true` | If true, create CRDs for Push Secret. |
@@ -83,6 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
| dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment |
| extraArgs | object | `{}` | |
+| extraContainers | list | `[]` | |
| extraEnv | list | `[]` | |
| extraVolumeMounts | list | `[]` | |
| extraVolumes | list | `[]` | |
@@ -110,6 +114,7 @@ The command removes all the Kubernetes components associated with the chart and
| rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
+| revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| scopedNamespace | string | `""` | If set external secrets are only reconciled in the provided namespace |
| scopedRBAC | bool | `false` | Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace and implicitly disable cluster stores and cluster external secrets |
| securityContext | object | `{}` | |
@@ -120,9 +125,13 @@ The command removes all the Kubernetes components associated with the chart and
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| serviceMonitor.additionalLabels | object | `{}` | Additional labels |
| serviceMonitor.enabled | bool | `false` | Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics |
+| serviceMonitor.honorLabels | bool | `false` | Let prometheus add an exported_ prefix to conflicting labels |
| serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
+| serviceMonitor.metricRelabelings | list | `[]` | Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) |
+| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) |
| serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| tolerations | list | `[]` | |
+| topologySpreadConstraints | list | `[]` | |
| webhook.affinity | object | `{}` | |
| webhook.certCheckInterval | string | `"5m"` | Specifices the time to check if the cert is valid |
| webhook.certDir | string | `"/tmp/certs"` | |
@@ -132,7 +141,7 @@ The command removes all the Kubernetes components associated with the chart and
| webhook.extraEnv | list | `[]` | |
| webhook.extraVolumeMounts | list | `[]` | |
| webhook.extraVolumes | list | `[]` | |
-| webhook.failurePolicy | string | `"Fail"` | specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore |
+| webhook.failurePolicy | string | `"Fail"` | Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore |
| webhook.fullnameOverride | string | `""` | |
| webhook.hostNetwork | bool | `false` | Specifies if webhook pod should use hostNetwork or not. |
| webhook.image.pullPolicy | string | `"IfNotPresent"` | |
@@ -158,6 +167,7 @@ The command removes all the Kubernetes components associated with the chart and
| webhook.readinessProbe.port | int | `8081` | ReadinessProbe port for kubelet |
| webhook.replicaCount | int | `1` | |
| webhook.resources | object | `{}` | |
+| webhook.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| webhook.secretAnnotations | object | `{}` | Annotations to add to Secret |
| webhook.securityContext | object | `{}` | |
| webhook.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
diff --git a/charts/external-secrets/external-secrets/templates/_helpers.tpl b/charts/external-secrets/external-secrets/templates/_helpers.tpl
index 48c9ed979..10ccbc488 100644
--- a/charts/external-secrets/external-secrets/templates/_helpers.tpl
+++ b/charts/external-secrets/external-secrets/templates/_helpers.tpl
@@ -51,6 +51,11 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
+{{- define "external-secrets-webhook-metrics.labels" -}}
+{{ include "external-secrets-webhook.selectorLabels" . }}
+app.kubernetes.io/metrics: "webhook"
+{{- end }}
+
{{- define "external-secrets-cert-controller.labels" -}}
helm.sh/chart: {{ include "external-secrets.chart" . }}
{{ include "external-secrets-cert-controller.selectorLabels" . }}
@@ -60,6 +65,11 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
+{{- define "external-secrets-cert-controller-metrics.labels" -}}
+{{ include "external-secrets-cert-controller.selectorLabels" . }}
+app.kubernetes.io/metrics: "cert-controller"
+{{- end }}
+
{{/*
Selector labels
*/}}
diff --git a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml
index 3351822a7..c8d38c2f4 100644
--- a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml
+++ b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml
@@ -12,6 +12,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.certController.replicaCount }}
+ revisionHistoryLimit: {{ .Values.certController.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "external-secrets-cert-controller.selectorLabels" . | nindent 6 }}
diff --git a/charts/external-secrets/external-secrets/templates/cert-controller-servicemonitor.yaml b/charts/external-secrets/external-secrets/templates/cert-controller-servicemonitor.yaml
deleted file mode 100644
index 78e2388c8..000000000
--- a/charts/external-secrets/external-secrets/templates/cert-controller-servicemonitor.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if and .Values.certController.create .Values.certController.serviceMonitor.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
- labels:
- {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 4 }}
-spec:
- type: ClusterIP
- ports:
- - port: 8080
- protocol: TCP
- name: metrics
- selector:
- {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 4 }}
----
-apiVersion: "monitoring.coreos.com/v1"
-kind: ServiceMonitor
-metadata:
- labels:
- {{- include "external-secrets-cert-controller.labels" . | nindent 4 }}
-{{- if .Values.certController.serviceMonitor.additionalLabels }}
-{{ toYaml .Values.certController.serviceMonitor.additionalLabels | indent 4 }}
-{{- end }}
- name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
- namespace: {{ .Release.Namespace | quote }}
-spec:
- selector:
- matchLabels:
- {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 6 }}
- namespaceSelector:
- matchNames:
- - {{ .Release.Namespace | quote }}
- endpoints:
- - port: metrics
- interval: {{ .Values.certController.serviceMonitor.interval }}
- scrapeTimeout: {{ .Values.certController.serviceMonitor.scrapeTimeout }}
-{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml
index 20ccdcda6..7e882dbe0 100644
--- a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: acraccesstokens.generators.external-secrets.io
spec:
@@ -129,6 +132,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -140,3 +144,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml
index dbfd28e9a..f48233bff 100644
--- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: clusterexternalsecrets.external-secrets.io
spec:
@@ -442,6 +445,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -453,3 +457,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml
index 1f6ac27d9..8e7ac84ba 100644
--- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: clustersecretstores.external-secrets.io
spec:
@@ -147,6 +150,32 @@ spec:
type: object
type: object
type: object
+ caBundle:
+ description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Akeyless Gateway certificate.
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
required:
- akeylessGWApiURL
- authSecretRef
@@ -1270,6 +1299,32 @@ spec:
type: object
type: object
type: object
+ caBundle:
+ description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Akeyless Gateway certificate.
+ properties:
+ key:
+ description: The key where the CA certificate can be found in the Secret or ConfigMap.
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
required:
- akeylessGWApiURL
- authSecretRef
@@ -1720,6 +1775,28 @@ spec:
required:
- auth
type: object
+ keepersecurity:
+ description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
+ properties:
+ authRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ folderID:
+ type: string
+ required:
+ - authRef
+ - folderID
+ type: object
kubernetes:
description: Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
properties:
@@ -1935,6 +2012,64 @@ spec:
- region
- vault
type: object
+ scaleway:
+ description: Scaleway
+ properties:
+ accessKey:
+ description: AccessKey is the non-secret part of the api key.
+ properties:
+ secretRef:
+ description: SecretRef references a key in a secret that will be used as value.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ value:
+ description: Value can be specified directly to set a value without using a secret.
+ type: string
+ type: object
+ apiUrl:
+ description: APIURL is the url of the api to use. Defaults to https://api.scaleway.com
+ type: string
+ projectId:
+ description: 'ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings'
+ type: string
+ region:
+ description: 'Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone'
+ type: string
+ secretKey:
+ description: SecretKey is the non-secret part of the api key.
+ properties:
+ secretRef:
+ description: SecretRef references a key in a secret that will be used as value.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ value:
+ description: Value can be specified directly to set a value without using a secret.
+ type: string
+ type: object
+ required:
+ - accessKey
+ - projectId
+ - region
+ - secretKey
+ type: object
senhasegura:
description: Senhasegura configures this store to sync secrets using senhasegura provider
properties:
@@ -2449,6 +2584,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -2460,3 +2596,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml
index 48755527f..21a92446d 100644
--- a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: ecrauthorizationtokens.generators.external-secrets.io
spec:
@@ -116,6 +119,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -127,3 +131,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml
index f77bdff11..fa91bcf90 100644
--- a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: externalsecrets.external-secrets.io
spec:
@@ -606,6 +609,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -617,3 +621,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/fake.yaml b/charts/external-secrets/external-secrets/templates/crds/fake.yaml
index 10e64bff8..624e48e24 100644
--- a/charts/external-secrets/external-secrets/templates/crds/fake.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/fake.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: fakes.generators.external-secrets.io
spec:
@@ -46,6 +49,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -57,3 +61,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml
index 6513c224a..4a7051c33 100644
--- a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: gcraccesstokens.generators.external-secrets.io
spec:
@@ -96,6 +99,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -107,3 +111,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/password.yaml b/charts/external-secrets/external-secrets/templates/crds/password.yaml
index c55259870..e5c94bcfb 100644
--- a/charts/external-secrets/external-secrets/templates/crds/password.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/password.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: passwords.generators.external-secrets.io
spec:
@@ -66,6 +69,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -77,3 +81,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml
index 0cffaaa4d..4e8b37bf6 100644
--- a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml
@@ -1,9 +1,12 @@
-{{- if .Values.installCRDs }}
+{{- if and (.Values.installCRDs) (.Values.crds.createPushSecret) }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: pushsecrets.external-secrets.io
spec:
@@ -202,6 +205,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -213,3 +217,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml
index 63149b209..99235bd5a 100644
--- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml
+++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml
@@ -3,7 +3,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: secretstores.external-secrets.io
spec:
@@ -147,6 +150,32 @@ spec:
type: object
type: object
type: object
+ caBundle:
+ description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Akeyless Gateway certificate.
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
required:
- akeylessGWApiURL
- authSecretRef
@@ -1270,6 +1299,32 @@ spec:
type: object
type: object
type: object
+ caBundle:
+ description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Akeyless Gateway certificate.
+ properties:
+ key:
+ description: The key where the CA certificate can be found in the Secret or ConfigMap.
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
required:
- akeylessGWApiURL
- authSecretRef
@@ -1720,6 +1775,28 @@ spec:
required:
- auth
type: object
+ keepersecurity:
+ description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
+ properties:
+ authRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ folderID:
+ type: string
+ required:
+ - authRef
+ - folderID
+ type: object
kubernetes:
description: Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
properties:
@@ -1935,6 +2012,64 @@ spec:
- region
- vault
type: object
+ scaleway:
+ description: Scaleway
+ properties:
+ accessKey:
+ description: AccessKey is the non-secret part of the api key.
+ properties:
+ secretRef:
+ description: SecretRef references a key in a secret that will be used as value.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ value:
+ description: Value can be specified directly to set a value without using a secret.
+ type: string
+ type: object
+ apiUrl:
+ description: APIURL is the url of the api to use. Defaults to https://api.scaleway.com
+ type: string
+ projectId:
+ description: 'ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings'
+ type: string
+ region:
+ description: 'Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone'
+ type: string
+ secretKey:
+ description: SecretKey is the non-secret part of the api key.
+ properties:
+ secretRef:
+ description: SecretRef references a key in a secret that will be used as value.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ value:
+ description: Value can be specified directly to set a value without using a secret.
+ type: string
+ type: object
+ required:
+ - accessKey
+ - projectId
+ - region
+ - secretKey
+ type: object
senhasegura:
description: Senhasegura configures this store to sync secrets using senhasegura provider
properties:
@@ -2449,6 +2584,7 @@ spec:
storage: true
subresources:
status: {}
+{{- if .Values.crds.conversion.enabled }}
conversion:
strategy: Webhook
webhook:
@@ -2460,3 +2596,4 @@ spec:
namespace: {{ .Release.Namespace | quote }}
path: /convert
{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml
new file mode 100644
index 000000000..39932a88c
--- /dev/null
+++ b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml
@@ -0,0 +1,328 @@
+{{- if .Values.installCRDs }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ {{- with .Values.crds.annotations }}
+ {{- toYaml . | nindent 4}}
+ {{- end }}
+ controller-gen.kubebuilder.io/version: v0.11.3
+ creationTimestamp: null
+ name: vaultdynamicsecrets.generators.external-secrets.io
+spec:
+ group: generators.external-secrets.io
+ names:
+ categories:
+ - vaultdynamicsecret
+ kind: VaultDynamicSecret
+ listKind: VaultDynamicSecretList
+ plural: vaultdynamicsecrets
+ shortNames:
+ - vaultdynamicsecret
+ singular: vaultdynamicsecret
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ method:
+ description: Vault API method to use (GET/POST/other)
+ type: string
+ parameters:
+ description: Parameters to pass to Vault write (for non-GET methods)
+ x-kubernetes-preserve-unknown-fields: true
+ path:
+ description: Vault path to obtain the dynamic secret from
+ type: string
+ provider:
+ description: Vault provider common spec
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the Vault server.
+ properties:
+ appRole:
+ description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+ properties:
+ path:
+ default: approle
+ description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+ type: string
+ roleId:
+ description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+ type: string
+ secretRef:
+ description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ type: object
+ cert:
+ description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+ properties:
+ clientCert:
+ description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ secretRef:
+ description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ jwt:
+ description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+ properties:
+ kubernetesServiceAccountToken:
+ description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+ properties:
+ audiences:
+ description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+ items:
+ type: string
+ type: array
+ expirationSeconds:
+ description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+ format: int64
+ type: integer
+ serviceAccountRef:
+ description: Service account field containing the name of a kubernetes ServiceAccount.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - serviceAccountRef
+ type: object
+ path:
+ default: jwt
+ description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+ type: string
+ role:
+ description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+ type: string
+ secretRef:
+ description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - path
+ type: object
+ kubernetes:
+ description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+ properties:
+ mountPath:
+ default: kubernetes
+ description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+ type: string
+ role:
+ description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+ type: string
+ secretRef:
+ description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ serviceAccountRef:
+ description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mountPath
+ - role
+ type: object
+ ldap:
+ description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+ properties:
+ path:
+ default: ldap
+ description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+ type: string
+ secretRef:
+ description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ username:
+ description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+ type: string
+ required:
+ - path
+ - username
+ type: object
+ tokenSecretRef:
+ description: TokenSecretRef authenticates with Vault by presenting a token.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ caBundle:
+ description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Vault server certificate.
+ properties:
+ key:
+ description: The key where the CA certificate can be found in the Secret or ConfigMap.
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ forwardInconsistent:
+ description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+ type: boolean
+ namespace:
+ description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+ type: string
+ path:
+ description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+ type: string
+ readYourWrites:
+ description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+ type: boolean
+ server:
+ description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
+ type: string
+ version:
+ default: v2
+ description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+ enum:
+ - v1
+ - v2
+ type: string
+ required:
+ - auth
+ - server
+ type: object
+ required:
+ - path
+ - provider
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+{{- if .Values.crds.conversion.enabled }}
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: {{ include "external-secrets.fullname" . }}-webhook
+ namespace: {{ .Release.Namespace | quote }}
+ path: /convert
+{{- end }}
+{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/deployment.yaml b/charts/external-secrets/external-secrets/templates/deployment.yaml
index 368867812..4760683dc 100644
--- a/charts/external-secrets/external-secrets/templates/deployment.yaml
+++ b/charts/external-secrets/external-secrets/templates/deployment.yaml
@@ -12,6 +12,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "external-secrets.selectorLabels" . | nindent 6 }}
@@ -94,6 +95,9 @@ spec:
volumeMounts:
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- end }}
+ {{- if .Values.extraContainers }}
+ {{ toYaml .Values.extraContainers | nindent 8}}
+ {{- end }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 8 }}
@@ -114,6 +118,10 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/rbac.yaml b/charts/external-secrets/external-secrets/templates/rbac.yaml
index 773282be3..abb795a44 100644
--- a/charts/external-secrets/external-secrets/templates/rbac.yaml
+++ b/charts/external-secrets/external-secrets/templates/rbac.yaml
@@ -49,11 +49,12 @@ rules:
- apiGroups:
- "generators.external-secrets.io"
resources:
- - "fakes"
- - "passwords"
- "acraccesstokens"
- - "gcraccesstokens"
- "ecrauthorizationtokens"
+ - "fakes"
+ - "gcraccesstokens"
+ - "passwords"
+ - "vaultdynamicsecrets"
verbs:
- "get"
- "list"
diff --git a/charts/external-secrets/external-secrets/templates/servicemonitor.yaml b/charts/external-secrets/external-secrets/templates/servicemonitor.yaml
index 950507ccc..69cbd5c88 100644
--- a/charts/external-secrets/external-secrets/templates/servicemonitor.yaml
+++ b/charts/external-secrets/external-secrets/templates/servicemonitor.yaml
@@ -36,4 +36,111 @@ spec:
- port: metrics
interval: {{ .Values.serviceMonitor.interval }}
scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
+ honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+ {{- with .Values.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.serviceMonitor.relabelings }}
+ relabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+---
+{{- if .Values.webhook.create }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "external-secrets.fullname" . }}-webhook-metrics
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "external-secrets-webhook-metrics.labels" . | nindent 4 }}
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8080
+ protocol: TCP
+ name: metrics
+ selector:
+ {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
+---
+apiVersion: "monitoring.coreos.com/v1"
+kind: ServiceMonitor
+metadata:
+ labels:
+ {{- include "external-secrets-webhook.labels" . | nindent 4 }}
+{{- if .Values.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
+{{- end }}
+ name: {{ include "external-secrets.fullname" . }}-webhook-metrics
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "external-secrets-webhook-metrics.labels" . | nindent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+ endpoints:
+ - port: metrics
+ interval: {{ .Values.serviceMonitor.interval }}
+ scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
+ honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+ {{- with .Values.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.serviceMonitor.relabelings }}
+ relabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+{{- end }}
+---
+{{- if .Values.certController.create }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- include "external-secrets-cert-controller-metrics.labels" . | nindent 4 }}
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8080
+ protocol: TCP
+ name: metrics
+ selector:
+ {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 4 }}
+---
+apiVersion: "monitoring.coreos.com/v1"
+kind: ServiceMonitor
+metadata:
+ labels:
+ {{- include "external-secrets-cert-controller.labels" . | nindent 4 }}
+{{- if .Values.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
+{{- end }}
+ name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "external-secrets-cert-controller-metrics.labels" . | nindent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace | quote }}
+ endpoints:
+ - port: metrics
+ interval: {{ .Values.serviceMonitor.interval }}
+ scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
+ honorLabels: {{ .Values.serviceMonitor.honorLabels }}
+ {{- with .Values.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.serviceMonitor.relabelings }}
+ relabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+{{- end }}
{{- end }}
diff --git a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml
index 5b8813248..853013db5 100644
--- a/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml
+++ b/charts/external-secrets/external-secrets/templates/webhook-deployment.yaml
@@ -12,6 +12,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.webhook.replicaCount }}
+ revisionHistoryLimit: {{ .Values.webhook.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "external-secrets-webhook.selectorLabels" . | nindent 6 }}
diff --git a/charts/external-secrets/external-secrets/templates/webhook-servicemonitor.yaml b/charts/external-secrets/external-secrets/templates/webhook-servicemonitor.yaml
deleted file mode 100644
index 4843406b2..000000000
--- a/charts/external-secrets/external-secrets/templates/webhook-servicemonitor.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if and .Values.webhook.create .Values.webhook.serviceMonitor.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "external-secrets.fullname" . }}-webhook-metrics
- labels:
- {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
-spec:
- type: ClusterIP
- ports:
- - port: 8080
- protocol: TCP
- name: metrics
- selector:
- {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
----
-apiVersion: "monitoring.coreos.com/v1"
-kind: ServiceMonitor
-metadata:
- labels:
- {{- include "external-secrets-webhook.labels" . | nindent 4 }}
-{{- if .Values.webhook.serviceMonitor.additionalLabels }}
-{{ toYaml .Values.webhook.serviceMonitor.additionalLabels | indent 4 }}
-{{- end }}
- name: {{ include "external-secrets.fullname" . }}-webhook-metrics
- namespace: {{ .Release.Namespace | quote }}
-spec:
- selector:
- matchLabels:
- {{- include "external-secrets-webhook.selectorLabels" . | nindent 6 }}
- namespaceSelector:
- matchNames:
- - {{ .Release.Namespace | quote }}
- endpoints:
- - port: metrics
- interval: {{ .Values.webhook.serviceMonitor.interval }}
- scrapeTimeout: {{ .Values.webhook.serviceMonitor.scrapeTimeout }}
-{{- end }}
diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap
new file mode 100644
index 000000000..e3ab59bda
--- /dev/null
+++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap
@@ -0,0 +1,38 @@
+should match snapshot of default values:
+ 1: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: external-secrets
+ app.kubernetes.io/version: v0.8.1
+ helm.sh/chart: external-secrets-0.8.1
+ name: RELEASE-NAME-external-secrets
+ namespace: NAMESPACE
+ spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: external-secrets
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/name: external-secrets
+ spec:
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --concurrent=1
+ image: ghcr.io/external-secrets/external-secrets:v0.8.1
+ imagePullPolicy: IfNotPresent
+ name: external-secrets
+ ports:
+ - containerPort: 8080
+ name: metrics
+ protocol: TCP
+ serviceAccountName: RELEASE-NAME-external-secrets
diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap
new file mode 100644
index 000000000..64664197f
--- /dev/null
+++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap
@@ -0,0 +1,2594 @@
+should match snapshot of default values:
+ 1: |
+ apiVersion: apiextensions.k8s.io/v1
+ kind: CustomResourceDefinition
+ metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.3
+ creationTimestamp: null
+ name: secretstores.external-secrets.io
+ spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ name: RELEASE-NAME-external-secrets-webhook
+ namespace: NAMESPACE
+ path: /convert
+ conversionReviewVersions:
+ - v1
+ group: external-secrets.io
+ names:
+ categories:
+ - externalsecrets
+ kind: SecretStore
+ listKind: SecretStoreList
+ plural: secretstores
+ shortNames:
+ - ss
+ singular: secretstore
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].reason
+ name: Status
+ type: string
+ deprecated: true
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SecretStoreSpec defines the desired state of SecretStore.
+ properties:
+ controller:
+ description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property'
+ type: string
+ provider:
+ description: Used to configure the provider. Only one provider may be set
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ akeyless:
+ description: Akeyless configures this store to sync secrets using Akeyless Vault provider
+ properties:
+ akeylessGWApiURL:
+ description: Akeyless GW API Url from which the secrets to be fetched from.
+ type: string
+ authSecretRef:
+ description: Auth configures how the operator authenticates with Akeyless.
+ properties:
+ kubernetesAuth:
+ description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+ properties:
+ accessID:
+ description: the Akeyless Kubernetes auth-method access-id
+ type: string
+ k8sConfName:
+ description: Kubernetes-auth configuration name in Akeyless-Gateway
+ type: string
+ secretRef:
+ description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ serviceAccountRef:
+ description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - accessID
+ - k8sConfName
+ type: object
+ secretRef:
+ description: Reference to a Secret that contains the details to authenticate with Akeyless.
+ properties:
+ accessID:
+ description: The SecretAccessID is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ accessType:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ accessTypeParam:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ caBundle:
+ description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Akeyless Gateway certificate.
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ required:
+ - akeylessGWApiURL
+ - authSecretRef
+ type: object
+ alibaba:
+ description: Alibaba configures this store to sync secrets using Alibaba Cloud provider
+ properties:
+ auth:
+ description: AlibabaAuth contains a secretRef for credentials.
+ properties:
+ secretRef:
+ description: AlibabaAuthSecretRef holds secret references for Alibaba credentials.
+ properties:
+ accessKeyIDSecretRef:
+ description: The AccessKeyID is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ accessKeySecretSecretRef:
+ description: The AccessKeySecret is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - accessKeyIDSecretRef
+ - accessKeySecretSecretRef
+ type: object
+ required:
+ - secretRef
+ type: object
+ endpoint:
+ type: string
+ regionID:
+ description: Alibaba Region to be used for the provider
+ type: string
+ required:
+ - auth
+ - regionID
+ type: object
+ aws:
+ description: AWS configures this store to sync secrets using AWS Secret Manager provider
+ properties:
+ auth:
+ description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+ properties:
+ jwt:
+ description: Authenticate against AWS using service account tokens.
+ properties:
+ serviceAccountRef:
+ description: A reference to a ServiceAccount resource.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ secretRef:
+ description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+ properties:
+ accessKeyIDSecretRef:
+ description: The AccessKeyID is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ region:
+ description: AWS Region to be used for the provider
+ type: string
+ role:
+ description: Role is a Role ARN which the SecretManager provider will assume
+ type: string
+ service:
+ description: Service defines which service should be used to fetch the secrets
+ enum:
+ - SecretsManager
+ - ParameterStore
+ type: string
+ required:
+ - region
+ - service
+ type: object
+ azurekv:
+ description: AzureKV configures this store to sync secrets using Azure Key Vault provider
+ properties:
+ authSecretRef:
+ description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.
+ properties:
+ clientId:
+ description: The Azure clientId of the service principle used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ clientSecret:
+ description: The Azure ClientSecret of the service principle used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ authType:
+ default: ServicePrincipal
+ description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+ enum:
+ - ServicePrincipal
+ - ManagedIdentity
+ - WorkloadIdentity
+ type: string
+ identityId:
+ description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
+ type: string
+ serviceAccountRef:
+ description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ tenantId:
+ description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
+ type: string
+ vaultUrl:
+ description: Vault Url from which the secrets to be fetched from.
+ type: string
+ required:
+ - vaultUrl
+ type: object
+ fake:
+ description: Fake configures a store with static key/value pairs
+ properties:
+ data:
+ items:
+ properties:
+ key:
+ type: string
+ value:
+ type: string
+ valueMap:
+ additionalProperties:
+ type: string
+ type: object
+ version:
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ required:
+ - data
+ type: object
+ gcpsm:
+ description: GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
+ properties:
+ auth:
+ description: Auth defines the information necessary to authenticate against GCP
+ properties:
+ secretRef:
+ properties:
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ workloadIdentity:
+ properties:
+ clusterLocation:
+ type: string
+ clusterName:
+ type: string
+ clusterProjectID:
+ type: string
+ serviceAccountRef:
+ description: A reference to a ServiceAccount resource.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - clusterLocation
+ - clusterName
+ - serviceAccountRef
+ type: object
+ type: object
+ projectID:
+ description: ProjectID project where secret is located
+ type: string
+ type: object
+ gitlab:
+ description: Gitlab configures this store to sync secrets using Gitlab Variables provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with a GitLab instance.
+ properties:
+ SecretRef:
+ properties:
+ accessToken:
+ description: AccessToken is used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ required:
+ - SecretRef
+ type: object
+ projectID:
+ description: ProjectID specifies a project where secrets are located.
+ type: string
+ url:
+ description: URL configures the GitLab instance URL. Defaults to https://gitlab.com/.
+ type: string
+ required:
+ - auth
+ type: object
+ ibm:
+ description: IBM configures this store to sync secrets using IBM Cloud provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the IBM secrets manager.
+ properties:
+ secretRef:
+ properties:
+ secretApiKeySecretRef:
+ description: The SecretAccessKey is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ required:
+ - secretRef
+ type: object
+ serviceUrl:
+ description: ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance
+ type: string
+ required:
+ - auth
+ type: object
+ kubernetes:
+ description: Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with a Kubernetes instance.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ cert:
+ description: has both clientCert and clientKey as secretKeySelector
+ properties:
+ clientCert:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ clientKey:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: points to a service account that should be used for authentication
+ properties:
+ serviceAccount:
+ description: A reference to a ServiceAccount resource.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ token:
+ description: use static token to authenticate with
+ properties:
+ bearerToken:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ remoteNamespace:
+ default: default
+ description: Remote namespace to fetch the secrets from
+ type: string
+ server:
+ description: configures the Kubernetes server Address.
+ properties:
+ caBundle:
+ description: CABundle is a base64-encoded CA certificate
+ format: byte
+ type: string
+ caProvider:
+ description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider'
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ url:
+ default: kubernetes.default
+ description: configures the Kubernetes server Address.
+ type: string
+ type: object
+ required:
+ - auth
+ type: object
+ oracle:
+ description: Oracle configures this store to sync secrets using Oracle Vault provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+ properties:
+ secretRef:
+ description: SecretRef to pass through sensitive information.
+ properties:
+ fingerprint:
+ description: Fingerprint is the fingerprint of the API private key.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ privatekey:
+ description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - fingerprint
+ - privatekey
+ type: object
+ tenancy:
+ description: Tenancy is the tenancy OCID where user is located.
+ type: string
+ user:
+ description: User is an access OCID specific to the account.
+ type: string
+ required:
+ - secretRef
+ - tenancy
+ - user
+ type: object
+ region:
+ description: Region is the region where vault is located.
+ type: string
+ vault:
+ description: Vault is the vault's OCID of the specific vault where secret is located.
+ type: string
+ required:
+ - region
+ - vault
+ type: object
+ vault:
+ description: Vault configures this store to sync secrets using Hashi provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the Vault server.
+ properties:
+ appRole:
+ description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+ properties:
+ path:
+ default: approle
+ description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+ type: string
+ roleId:
+ description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+ type: string
+ secretRef:
+ description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ type: object
+ cert:
+ description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+ properties:
+ clientCert:
+ description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ secretRef:
+ description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ jwt:
+ description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+ properties:
+ kubernetesServiceAccountToken:
+ description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+ properties:
+ audiences:
+ description: Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified.
+ items:
+ type: string
+ type: array
+ expirationSeconds:
+ description: Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to 10 minutes.
+ format: int64
+ type: integer
+ serviceAccountRef:
+ description: Service account field containing the name of a kubernetes ServiceAccount.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - serviceAccountRef
+ type: object
+ path:
+ default: jwt
+ description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+ type: string
+ role:
+ description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+ type: string
+ secretRef:
+ description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - path
+ type: object
+ kubernetes:
+ description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+ properties:
+ mountPath:
+ default: kubernetes
+ description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+ type: string
+ role:
+ description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+ type: string
+ secretRef:
+ description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ serviceAccountRef:
+ description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mountPath
+ - role
+ type: object
+ ldap:
+ description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+ properties:
+ path:
+ default: ldap
+ description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+ type: string
+ secretRef:
+ description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ username:
+ description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+ type: string
+ required:
+ - path
+ - username
+ type: object
+ tokenSecretRef:
+ description: TokenSecretRef authenticates with Vault by presenting a token.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ caBundle:
+ description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Vault server certificate.
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ forwardInconsistent:
+ description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+ type: boolean
+ namespace:
+ description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+ type: string
+ path:
+ description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+ type: string
+ readYourWrites:
+ description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+ type: boolean
+ server:
+ description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
+ type: string
+ version:
+ default: v2
+ description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+ enum:
+ - v1
+ - v2
+ type: string
+ required:
+ - auth
+ - server
+ type: object
+ webhook:
+ description: Webhook configures this store to sync secrets using a generic templated webhook
+ properties:
+ body:
+ description: Body
+ type: string
+ caBundle:
+ description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate webhook server certificate.
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers
+ type: object
+ method:
+ description: Webhook Method
+ type: string
+ result:
+ description: Result formatting
+ properties:
+ jsonPath:
+ description: Json path of return value
+ type: string
+ type: object
+ secrets:
+ description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+ items:
+ properties:
+ name:
+ description: Name of this secret in templates
+ type: string
+ secretRef:
+ description: Secret ref to fill in credentials
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - name
+ - secretRef
+ type: object
+ type: array
+ timeout:
+ description: Timeout
+ type: string
+ url:
+ description: Webhook url to call
+ type: string
+ required:
+ - result
+ - url
+ type: object
+ yandexlockbox:
+ description: YandexLockbox configures this store to sync secrets using Yandex Lockbox provider
+ properties:
+ apiEndpoint:
+ description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
+ type: string
+ auth:
+ description: Auth defines the information necessary to authenticate against Yandex Lockbox
+ properties:
+ authorizedKeySecretRef:
+ description: The authorized key used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ caProvider:
+ description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
+ properties:
+ certSecretRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ required:
+ - auth
+ type: object
+ type: object
+ retrySettings:
+ description: Used to configure http retries if failed
+ properties:
+ maxRetries:
+ format: int32
+ type: integer
+ retryInterval:
+ type: string
+ type: object
+ required:
+ - provider
+ type: object
+ status:
+ description: SecretStoreStatus defines the observed state of the SecretStore.
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ - jsonPath: .status.conditions[?(@.type=="Ready")].reason
+ name: Status
+ type: string
+ - jsonPath: .status.capabilities
+ name: Capabilities
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].status
+ name: Ready
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SecretStoreSpec defines the desired state of SecretStore.
+ properties:
+ conditions:
+ description: Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore
+ items:
+ description: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance.
+ properties:
+ namespaceSelector:
+ description: Choose namespace using a labelSelector
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: Choose namespaces by name
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ controller:
+ description: 'Used to select the correct KES controller (think: ingress.ingressClassName) The KES controller is instantiated with a specific controller name and filters ES based on this property'
+ type: string
+ provider:
+ description: Used to configure the provider. Only one provider may be set
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ akeyless:
+ description: Akeyless configures this store to sync secrets using Akeyless Vault provider
+ properties:
+ akeylessGWApiURL:
+ description: Akeyless GW API Url from which the secrets to be fetched from.
+ type: string
+ authSecretRef:
+ description: Auth configures how the operator authenticates with Akeyless.
+ properties:
+ kubernetesAuth:
+ description: Kubernetes authenticates with Akeyless by passing the ServiceAccount token stored in the named Secret resource.
+ properties:
+ accessID:
+ description: the Akeyless Kubernetes auth-method access-id
+ type: string
+ k8sConfName:
+ description: Kubernetes-auth configuration name in Akeyless-Gateway
+ type: string
+ secretRef:
+ description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Akeyless. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ serviceAccountRef:
+ description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Akeyless. If the service account selector is not supplied, the secretRef will be used instead.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - accessID
+ - k8sConfName
+ type: object
+ secretRef:
+ description: Reference to a Secret that contains the details to authenticate with Akeyless.
+ properties:
+ accessID:
+ description: The SecretAccessID is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ accessType:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ accessTypeParam:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ caBundle:
+ description: PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used if the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Akeyless Gateway certificate.
+ properties:
+ key:
+ description: The key where the CA certificate can be found in the Secret or ConfigMap.
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ required:
+ - akeylessGWApiURL
+ - authSecretRef
+ type: object
+ alibaba:
+ description: Alibaba configures this store to sync secrets using Alibaba Cloud provider
+ properties:
+ auth:
+ description: AlibabaAuth contains a secretRef for credentials.
+ properties:
+ secretRef:
+ description: AlibabaAuthSecretRef holds secret references for Alibaba credentials.
+ properties:
+ accessKeyIDSecretRef:
+ description: The AccessKeyID is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ accessKeySecretSecretRef:
+ description: The AccessKeySecret is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - accessKeyIDSecretRef
+ - accessKeySecretSecretRef
+ type: object
+ required:
+ - secretRef
+ type: object
+ endpoint:
+ type: string
+ regionID:
+ description: Alibaba Region to be used for the provider
+ type: string
+ required:
+ - auth
+ - regionID
+ type: object
+ aws:
+ description: AWS configures this store to sync secrets using AWS Secret Manager provider
+ properties:
+ additionalRoles:
+ description: AdditionalRoles is a chained list of Role ARNs which the SecretManager provider will sequentially assume before assuming Role
+ items:
+ type: string
+ type: array
+ auth:
+ description: 'Auth defines the information necessary to authenticate against AWS if not set aws sdk will infer credentials from your environment see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
+ properties:
+ jwt:
+ description: Authenticate against AWS using service account tokens.
+ properties:
+ serviceAccountRef:
+ description: A reference to a ServiceAccount resource.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ secretRef:
+ description: AWSAuthSecretRef holds secret references for AWS credentials both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.
+ properties:
+ accessKeyIDSecretRef:
+ description: The AccessKeyID is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ sessionTokenSecretRef:
+ description: 'The SessionToken used for authentication This must be defined if AccessKeyID and SecretAccessKey are temporary credentials see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html'
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ region:
+ description: AWS Region to be used for the provider
+ type: string
+ role:
+ description: Role is a Role ARN which the SecretManager provider will assume
+ type: string
+ service:
+ description: Service defines which service should be used to fetch the secrets
+ enum:
+ - SecretsManager
+ - ParameterStore
+ type: string
+ required:
+ - region
+ - service
+ type: object
+ azurekv:
+ description: AzureKV configures this store to sync secrets using Azure Key Vault provider
+ properties:
+ authSecretRef:
+ description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.
+ properties:
+ clientId:
+ description: The Azure clientId of the service principle used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ clientSecret:
+ description: The Azure ClientSecret of the service principle used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ authType:
+ default: ServicePrincipal
+ description: 'Auth type defines how to authenticate to the keyvault service. Valid values are: - "ServicePrincipal" (default): Using a service principal (tenantId, clientId, clientSecret) - "ManagedIdentity": Using Managed Identity assigned to the pod (see aad-pod-identity)'
+ enum:
+ - ServicePrincipal
+ - ManagedIdentity
+ - WorkloadIdentity
+ type: string
+ environmentType:
+ default: PublicCloud
+ description: 'EnvironmentType specifies the Azure cloud environment endpoints to use for connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud'
+ enum:
+ - PublicCloud
+ - USGovernmentCloud
+ - ChinaCloud
+ - GermanCloud
+ type: string
+ identityId:
+ description: If multiple Managed Identity is assigned to the pod, you can select the one to be used
+ type: string
+ serviceAccountRef:
+ description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ tenantId:
+ description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.
+ type: string
+ vaultUrl:
+ description: Vault Url from which the secrets to be fetched from.
+ type: string
+ required:
+ - vaultUrl
+ type: object
+ doppler:
+ description: Doppler configures this store to sync secrets using the Doppler provider
+ properties:
+ auth:
+ description: Auth configures how the Operator authenticates with the Doppler API
+ properties:
+ secretRef:
+ properties:
+ dopplerToken:
+ description: The DopplerToken is used for authentication. See https://docs.doppler.com/reference/api#authentication for auth token types. The Key attribute defaults to dopplerToken if not specified.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - dopplerToken
+ type: object
+ required:
+ - secretRef
+ type: object
+ config:
+ description: Doppler config (required if not using a Service Token)
+ type: string
+ format:
+ description: Format enables the downloading of secrets as a file (string)
+ enum:
+ - json
+ - dotnet-json
+ - env
+ - yaml
+ - docker
+ type: string
+ nameTransformer:
+ description: Environment variable compatible name transforms that change secret names to a different format
+ enum:
+ - upper-camel
+ - camel
+ - lower-snake
+ - tf-var
+ - dotnet-env
+ type: string
+ project:
+ description: Doppler project (required if not using a Service Token)
+ type: string
+ required:
+ - auth
+ type: object
+ fake:
+ description: Fake configures a store with static key/value pairs
+ properties:
+ data:
+ items:
+ properties:
+ key:
+ type: string
+ value:
+ type: string
+ valueMap:
+ additionalProperties:
+ type: string
+ type: object
+ version:
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ required:
+ - data
+ type: object
+ gcpsm:
+ description: GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider
+ properties:
+ auth:
+ description: Auth defines the information necessary to authenticate against GCP
+ properties:
+ secretRef:
+ properties:
+ secretAccessKeySecretRef:
+ description: The SecretAccessKey is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ workloadIdentity:
+ properties:
+ clusterLocation:
+ type: string
+ clusterName:
+ type: string
+ clusterProjectID:
+ type: string
+ serviceAccountRef:
+ description: A reference to a ServiceAccount resource.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - clusterLocation
+ - clusterName
+ - serviceAccountRef
+ type: object
+ type: object
+ projectID:
+ description: ProjectID project where secret is located
+ type: string
+ type: object
+ gitlab:
+ description: Gitlab configures this store to sync secrets using Gitlab Variables provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with a GitLab instance.
+ properties:
+ SecretRef:
+ properties:
+ accessToken:
+ description: AccessToken is used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ required:
+ - SecretRef
+ type: object
+ environment:
+ description: Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)
+ type: string
+ groupIDs:
+ description: GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.
+ items:
+ type: string
+ type: array
+ inheritFromGroups:
+ description: InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.
+ type: boolean
+ projectID:
+ description: ProjectID specifies a project where secrets are located.
+ type: string
+ url:
+ description: URL configures the GitLab instance URL. Defaults to https://gitlab.com/.
+ type: string
+ required:
+ - auth
+ type: object
+ ibm:
+ description: IBM configures this store to sync secrets using IBM Cloud provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the IBM secrets manager.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ containerAuth:
+ description: IBM Container-based auth with IAM Trusted Profile.
+ properties:
+ iamEndpoint:
+ type: string
+ profile:
+ description: the IBM Trusted Profile
+ type: string
+ tokenLocation:
+ description: Location the token is mounted on the pod
+ type: string
+ required:
+ - profile
+ type: object
+ secretRef:
+ properties:
+ secretApiKeySecretRef:
+ description: The SecretAccessKey is used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ serviceUrl:
+ description: ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance
+ type: string
+ required:
+ - auth
+ type: object
+ keepersecurity:
+ description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider
+ properties:
+ authRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ folderID:
+ type: string
+ required:
+ - authRef
+ - folderID
+ type: object
+ kubernetes:
+ description: Kubernetes configures this store to sync secrets using a Kubernetes cluster provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with a Kubernetes instance.
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ cert:
+ description: has both clientCert and clientKey as secretKeySelector
+ properties:
+ clientCert:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ clientKey:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: points to a service account that should be used for authentication
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ token:
+ description: use static token to authenticate with
+ properties:
+ bearerToken:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ type: object
+ remoteNamespace:
+ default: default
+ description: Remote namespace to fetch the secrets from
+ type: string
+ server:
+ description: configures the Kubernetes server Address.
+ properties:
+ caBundle:
+ description: CABundle is a base64-encoded CA certificate
+ format: byte
+ type: string
+ caProvider:
+ description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider'
+ properties:
+ key:
+ description: The key where the CA certificate can be found in the Secret or ConfigMap.
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ url:
+ default: kubernetes.default
+ description: configures the Kubernetes server Address.
+ type: string
+ type: object
+ required:
+ - auth
+ type: object
+ onepassword:
+ description: OnePassword configures this store to sync secrets using the 1Password Cloud provider
+ properties:
+ auth:
+ description: Auth defines the information necessary to authenticate against OnePassword Connect Server
+ properties:
+ secretRef:
+ description: OnePasswordAuthSecretRef holds secret references for 1Password credentials.
+ properties:
+ connectTokenSecretRef:
+ description: The ConnectToken is used for authentication to a 1Password Connect Server.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - connectTokenSecretRef
+ type: object
+ required:
+ - secretRef
+ type: object
+ connectHost:
+ description: ConnectHost defines the OnePassword Connect Server to connect to
+ type: string
+ vaults:
+ additionalProperties:
+ type: integer
+ description: Vaults defines which OnePassword vaults to search in which order
+ type: object
+ required:
+ - auth
+ - connectHost
+ - vaults
+ type: object
+ oracle:
+ description: Oracle configures this store to sync secrets using Oracle Vault provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth.
+ properties:
+ secretRef:
+ description: SecretRef to pass through sensitive information.
+ properties:
+ fingerprint:
+ description: Fingerprint is the fingerprint of the API private key.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ privatekey:
+ description: PrivateKey is the user's API Signing Key in PEM format, used for authentication.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - fingerprint
+ - privatekey
+ type: object
+ tenancy:
+ description: Tenancy is the tenancy OCID where user is located.
+ type: string
+ user:
+ description: User is an access OCID specific to the account.
+ type: string
+ required:
+ - secretRef
+ - tenancy
+ - user
+ type: object
+ region:
+ description: Region is the region where vault is located.
+ type: string
+ vault:
+ description: Vault is the vault's OCID of the specific vault where secret is located.
+ type: string
+ required:
+ - region
+ - vault
+ type: object
+ scaleway:
+ description: Scaleway
+ properties:
+ accessKey:
+ description: AccessKey is the non-secret part of the api key.
+ properties:
+ secretRef:
+ description: SecretRef references a key in a secret that will be used as value.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ value:
+ description: Value can be specified directly to set a value without using a secret.
+ type: string
+ type: object
+ apiUrl:
+ description: APIURL is the url of the api to use. Defaults to https://api.scaleway.com
+ type: string
+ projectId:
+ description: 'ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings'
+ type: string
+ region:
+ description: 'Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone'
+ type: string
+ secretKey:
+ description: SecretKey is the non-secret part of the api key.
+ properties:
+ secretRef:
+ description: SecretRef references a key in a secret that will be used as value.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ value:
+ description: Value can be specified directly to set a value without using a secret.
+ type: string
+ type: object
+ required:
+ - accessKey
+ - projectId
+ - region
+ - secretKey
+ type: object
+ senhasegura:
+ description: Senhasegura configures this store to sync secrets using senhasegura provider
+ properties:
+ auth:
+ description: Auth defines parameters to authenticate in senhasegura
+ properties:
+ clientId:
+ type: string
+ clientSecretSecretRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - clientId
+ - clientSecretSecretRef
+ type: object
+ ignoreSslCertificate:
+ default: false
+ description: IgnoreSslCertificate defines if SSL certificate must be ignored
+ type: boolean
+ module:
+ description: Module defines which senhasegura module should be used to get secrets
+ type: string
+ url:
+ description: URL of senhasegura
+ type: string
+ required:
+ - auth
+ - module
+ - url
+ type: object
+ vault:
+ description: Vault configures this store to sync secrets using Hashi provider
+ properties:
+ auth:
+ description: Auth configures how secret-manager authenticates with the Vault server.
+ properties:
+ appRole:
+ description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.
+ properties:
+ path:
+ default: approle
+ description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"'
+ type: string
+ roleId:
+ description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.
+ type: string
+ secretRef:
+ description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - path
+ - roleId
+ - secretRef
+ type: object
+ cert:
+ description: Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate Cert authentication method
+ properties:
+ clientCert:
+ description: ClientCert is a certificate to authenticate using the Cert Vault authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ secretRef:
+ description: SecretRef to a key in a Secret resource containing client private key to authenticate with Vault using the Cert authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ jwt:
+ description: Jwt authenticates with Vault by passing role and JWT token using the JWT/OIDC authentication method
+ properties:
+ kubernetesServiceAccountToken:
+ description: Optional ServiceAccountToken specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API.
+ properties:
+ audiences:
+ description: 'Optional audiences field that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Defaults to a single audience `vault` it not specified. Deprecated: use serviceAccountRef.Audiences instead'
+ items:
+ type: string
+ type: array
+ expirationSeconds:
+ description: 'Optional expiration time in seconds that will be used to request a temporary Kubernetes service account token for the service account referenced by `serviceAccountRef`. Deprecated: this will be removed in the future. Defaults to 10 minutes.'
+ format: int64
+ type: integer
+ serviceAccountRef:
+ description: Service account field containing the name of a kubernetes ServiceAccount.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - serviceAccountRef
+ type: object
+ path:
+ default: jwt
+ description: 'Path where the JWT authentication backend is mounted in Vault, e.g: "jwt"'
+ type: string
+ role:
+ description: Role is a JWT role to authenticate using the JWT/OIDC Vault authentication method
+ type: string
+ secretRef:
+ description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Vault using the JWT/OIDC authentication method.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - path
+ type: object
+ kubernetes:
+ description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.
+ properties:
+ mountPath:
+ default: kubernetes
+ description: 'Path where the Kubernetes authentication backend is mounted in Vault, e.g: "kubernetes"'
+ type: string
+ role:
+ description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.
+ type: string
+ secretRef:
+ description: Optional secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. If a name is specified without a key, `token` is the default. If one is not specified, the one bound to the controller will be used.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ serviceAccountRef:
+ description: Optional service account field containing the name of a kubernetes ServiceAccount. If the service account is specified, the service account secret token JWT will be used for authenticating with Vault. If the service account selector is not supplied, the secretRef will be used instead.
+ properties:
+ audiences:
+ description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list
+ items:
+ type: string
+ type: array
+ name:
+ description: The name of the ServiceAccount resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ required:
+ - name
+ type: object
+ required:
+ - mountPath
+ - role
+ type: object
+ ldap:
+ description: Ldap authenticates with Vault by passing username/password pair using the LDAP authentication method
+ properties:
+ path:
+ default: ldap
+ description: 'Path where the LDAP authentication backend is mounted in Vault, e.g: "ldap"'
+ type: string
+ secretRef:
+ description: SecretRef to a key in a Secret resource containing password for the LDAP user used to authenticate with Vault using the LDAP authentication method
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ username:
+ description: Username is a LDAP user name used to authenticate using the LDAP Vault authentication method
+ type: string
+ required:
+ - path
+ - username
+ type: object
+ tokenSecretRef:
+ description: TokenSecretRef authenticates with Vault by presenting a token.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ caBundle:
+ description: PEM encoded CA bundle used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate Vault server certificate.
+ properties:
+ key:
+ description: The key where the CA certificate can be found in the Secret or ConfigMap.
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ forwardInconsistent:
+ description: ForwardInconsistent tells Vault to forward read-after-write requests to the Vault leader instead of simply retrying within a loop. This can increase performance if the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header
+ type: boolean
+ namespace:
+ description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1". More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces'
+ type: string
+ path:
+ description: 'Path is the mount path of the Vault KV backend endpoint, e.g: "secret". The v2 KV secret engine version specific "/data" path suffix for fetching secrets from Vault is optional and will be appended if not present in specified path.'
+ type: string
+ readYourWrites:
+ description: ReadYourWrites ensures isolated read-after-write semantics by providing discovered cluster replication states in each request. More information about eventual consistency in Vault can be found here https://www.vaultproject.io/docs/enterprise/consistency
+ type: boolean
+ server:
+ description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".'
+ type: string
+ version:
+ default: v2
+ description: Version is the Vault KV secret engine version. This can be either "v1" or "v2". Version defaults to "v2".
+ enum:
+ - v1
+ - v2
+ type: string
+ required:
+ - auth
+ - server
+ type: object
+ webhook:
+ description: Webhook configures this store to sync secrets using a generic templated webhook
+ properties:
+ body:
+ description: Body
+ type: string
+ caBundle:
+ description: PEM encoded CA bundle used to validate webhook server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.
+ format: byte
+ type: string
+ caProvider:
+ description: The provider for the CA bundle to use to validate webhook server certificate.
+ properties:
+ key:
+ description: The key the value inside of the provider type to use, only used with "Secret" type
+ type: string
+ name:
+ description: The name of the object located at the provider type.
+ type: string
+ namespace:
+ description: The namespace the Provider type is in.
+ type: string
+ type:
+ description: The type of provider to use such as "Secret", or "ConfigMap".
+ enum:
+ - Secret
+ - ConfigMap
+ type: string
+ required:
+ - name
+ - type
+ type: object
+ headers:
+ additionalProperties:
+ type: string
+ description: Headers
+ type: object
+ method:
+ description: Webhook Method
+ type: string
+ result:
+ description: Result formatting
+ properties:
+ jsonPath:
+ description: Json path of return value
+ type: string
+ type: object
+ secrets:
+ description: Secrets to fill in templates These secrets will be passed to the templating function as key value pairs under the given name
+ items:
+ properties:
+ name:
+ description: Name of this secret in templates
+ type: string
+ secretRef:
+ description: Secret ref to fill in credentials
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ required:
+ - name
+ - secretRef
+ type: object
+ type: array
+ timeout:
+ description: Timeout
+ type: string
+ url:
+ description: Webhook url to call
+ type: string
+ required:
+ - result
+ - url
+ type: object
+ yandexcertificatemanager:
+ description: YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider
+ properties:
+ apiEndpoint:
+ description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
+ type: string
+ auth:
+ description: Auth defines the information necessary to authenticate against Yandex Certificate Manager
+ properties:
+ authorizedKeySecretRef:
+ description: The authorized key used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ caProvider:
+ description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
+ properties:
+ certSecretRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ required:
+ - auth
+ type: object
+ yandexlockbox:
+ description: YandexLockbox configures this store to sync secrets using Yandex Lockbox provider
+ properties:
+ apiEndpoint:
+ description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
+ type: string
+ auth:
+ description: Auth defines the information necessary to authenticate against Yandex Lockbox
+ properties:
+ authorizedKeySecretRef:
+ description: The authorized key used for authentication
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ caProvider:
+ description: The provider for the CA bundle to use to validate Yandex.Cloud server certificate.
+ properties:
+ certSecretRef:
+ description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field.
+ properties:
+ key:
+ description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.
+ type: string
+ name:
+ description: The name of the Secret resource being referred to.
+ type: string
+ namespace:
+ description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent.
+ type: string
+ type: object
+ type: object
+ required:
+ - auth
+ type: object
+ type: object
+ refreshInterval:
+ description: Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.
+ type: integer
+ retrySettings:
+ description: Used to configure http retries if failed
+ properties:
+ maxRetries:
+ format: int32
+ type: integer
+ retryInterval:
+ type: string
+ type: object
+ required:
+ - provider
+ type: object
+ status:
+ description: SecretStoreStatus defines the observed state of the SecretStore.
+ properties:
+ capabilities:
+ description: SecretStoreCapabilities defines the possible operations a SecretStore can do.
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/external-secrets/external-secrets/tests/controller_test.yaml b/charts/external-secrets/external-secrets/tests/controller_test.yaml
new file mode 100644
index 000000000..1a61e75fb
--- /dev/null
+++ b/charts/external-secrets/external-secrets/tests/controller_test.yaml
@@ -0,0 +1,34 @@
+suite: test controller deployment
+templates:
+ - deployment.yaml
+tests:
+ - it: should match snapshot of default values
+ asserts:
+ - matchSnapshot: {}
+ - it: should set imagePullPolicy to Always
+ set:
+ image.pullPolicy: Always
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].imagePullPolicy
+ value: Always
+ - it: should imagePullPolicy to be default value IfNotPresent
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].imagePullPolicy
+ value: IfNotPresent
+ - it: should override securityContext
+ set:
+ podSecurityContext:
+ runAsUser: 2000
+ securityContext:
+ runAsUser: 3000
+ asserts:
+ - equal:
+ path: spec.template.spec.securityContext
+ value:
+ runAsUser: 2000
+ - equal:
+ path: spec.template.spec.containers[0].securityContext
+ value:
+ runAsUser: 3000
diff --git a/charts/external-secrets/external-secrets/tests/crds_test.yaml b/charts/external-secrets/external-secrets/tests/crds_test.yaml
new file mode 100644
index 000000000..25a18c78a
--- /dev/null
+++ b/charts/external-secrets/external-secrets/tests/crds_test.yaml
@@ -0,0 +1,27 @@
+suite: test crds
+templates:
+ - crds/secretstore.yaml
+tests:
+ - it: should match snapshot of default values
+ asserts:
+ - matchSnapshot: {}
+ - it: should disable conversion webhook
+ set:
+ crds.conversion.enabled: false
+ asserts:
+ - isNull:
+ path: spec.conversion
+
+ - it: should add annotations
+ set:
+ crds:
+ annotations:
+ foo: bar
+ baz: bang
+ asserts:
+ - equal:
+ path: metadata.annotations.foo
+ value: bar
+ - equal:
+ path: metadata.annotations.baz
+ value: bang
diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml
index b82015bc2..852b9b317 100644
--- a/charts/external-secrets/external-secrets/values.yaml
+++ b/charts/external-secrets/external-secrets/values.yaml
@@ -1,5 +1,8 @@
replicaCount: 1
+# -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
+revisionHistoryLimit: 10
+
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent
@@ -19,6 +22,9 @@ crds:
createClusterSecretStore: true
# -- If true, create CRDs for Push Secret.
createPushSecret: true
+ annotations: {}
+ conversion:
+ enabled: true
imagePullSecrets: []
nameOverride: ""
@@ -82,6 +88,9 @@ extraVolumes: []
## -- Extra volumes to mount to the container.
extraVolumeMounts: []
+## -- Extra containers to add to the pod.
+extraContainers: []
+
# -- Annotations to add to Deployment
deploymentAnnotations: {}
@@ -126,6 +135,27 @@ serviceMonitor:
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
+ # -- Let prometheus add an exported_ prefix to conflicting labels
+ honorLabels: false
+
+ # -- Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+ metricRelabelings: []
+ # - action: replace
+ # regex: (.*)
+ # replacement: $1
+ # sourceLabels:
+ # - exported_namespace
+ # targetLabel: namespace
+
+ # -- Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
metrics:
service:
# -- Enable if you use another monitoring tool than Prometheus to scrape the metrics
@@ -141,6 +171,8 @@ nodeSelector: {}
tolerations: []
+topologySpreadConstraints: []
+
affinity: {}
# -- Pod priority class name.
@@ -160,8 +192,12 @@ webhook:
# -- Specifices the lookaheadInterval for certificate validity
lookaheadInterval: ""
replicaCount: 1
+
+ # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
+ revisionHistoryLimit: 10
+
certDir: /tmp/certs
- # -- specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore
+ # -- Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore
failurePolicy: Fail
# -- Specifies if webhook pod should use hostNetwork or not.
hostNetwork: false
@@ -287,6 +323,10 @@ certController:
create: true
requeueInterval: "5m"
replicaCount: 1
+
+ # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy)
+ revisionHistoryLimit: 10
+
image:
repository: ghcr.io/external-secrets/external-secrets
pullPolicy: IfNotPresent
diff --git a/charts/gluu/gluu/Chart.yaml b/charts/gluu/gluu/Chart.yaml
index e71af6200..21cf365b2 100644
--- a/charts/gluu/gluu/Chart.yaml
+++ b/charts/gluu/gluu/Chart.yaml
@@ -1,28 +1,28 @@
annotations:
artifacthub.io/changes: |
- - Chart 5.0.12 official release
+ - Chart 5.0.14 official release
artifacthub.io/containsSecurityUpdates: "true"
artifacthub.io/images: |
- name: auth-server
- image: janssenproject/auth-server:1.0.8-1
+ image: janssenproject/auth-server:1.0.10-1
- name: auth-server-key-rotation
- image: janssenproject/certmanager:1.0.8-1
+ image: janssenproject/certmanager:1.0.10-1
- name: configuration-manager
- image: janssenproject/configurator:1.0.8-1
+ image: janssenproject/configurator:1.0.10-1
- name: config-api
- image: janssenproject/config-api:1.0.8-1
+ image: janssenproject/config-api:1.0.10-1
- name: fido2
- image: janssenproject/fido2:1.0.8-1
+ image: janssenproject/fido2:1.0.10-1
- name: opendj
image: gluufederation/opendj:5.0.0_dev
- name: persistence
- image: janssenproject/persistence-loader:1.0.8-1
+ image: janssenproject/persistence-loader:1.0.10-1
- name: scim
- image: janssenproject/scim:1.0.8-1
+ image: janssenproject/scim:1.0.10-1
- name: casa
image: gluufederation/casa:5.0.0_dev
- name: admin-ui
- image: gluufederation/admin-ui:1.0.8-1
+ image: gluufederation/admin-ui:1.0.10-1
artifacthub.io/license: Apache-2.0
artifacthub.io/prerelease: "true"
catalog.cattle.io/certified: partner
@@ -35,59 +35,59 @@ dependencies:
- condition: global.config.enabled
name: config
repository: file://./charts/config
- version: 5.0.13
+ version: 5.0.14
- condition: global.config-api.enabled
name: config-api
repository: file://./charts/config-api
- version: 5.0.13
+ version: 5.0.14
- condition: global.opendj.enabled
name: opendj
repository: file://./charts/opendj
- version: 5.0.13
+ version: 5.0.14
- condition: global.auth-server.enabled
name: auth-server
repository: file://./charts/auth-server
- version: 5.0.13
+ version: 5.0.14
- condition: global.admin-ui.enabled
name: admin-ui
repository: file://./charts/admin-ui
- version: 5.0.13
+ version: 5.0.14
- condition: global.fido2.enabled
name: fido2
repository: file://./charts/fido2
- version: 5.0.13
+ version: 5.0.14
- condition: global.scim.enabled
name: scim
repository: file://./charts/scim
- version: 5.0.13
+ version: 5.0.14
- condition: global.nginx-ingress.enabled
name: nginx-ingress
repository: file://./charts/nginx-ingress
- version: 5.0.13
+ version: 5.0.14
- condition: global.oxshibboleth.enabled
name: oxshibboleth
repository: file://./charts/oxshibboleth
- version: 5.0.13
+ version: 5.0.14
- condition: global.oxpassport.enabled
name: oxpassport
repository: file://./charts/oxpassport
- version: 5.0.13
+ version: 5.0.14
- condition: global.casa.enabled
name: casa
repository: file://./charts/casa
- version: 5.0.13
+ version: 5.0.14
- condition: global.auth-server-key-rotation.enabled
name: auth-server-key-rotation
repository: file://./charts/auth-server-key-rotation
- version: 5.0.13
+ version: 5.0.14
- condition: global.persistence.enabled
name: persistence
repository: file://./charts/persistence
- version: 5.0.13
+ version: 5.0.14
- condition: global.istio.ingress
name: cn-istio-ingress
repository: file://./charts/cn-istio-ingress
- version: 5.0.13
+ version: 5.0.14
description: Gluu Access and Identity Management
home: https://www.gluu.org
icon: https://gluu.org/docs/gluu-server/favicon.ico
@@ -99,4 +99,4 @@ name: gluu
sources:
- https://gluu.org/docs/gluu-server
- https://github.com/GluuFederation/flex/flex-cn-setup
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/README.md b/charts/gluu/gluu/README.md
index 91846e182..d271ea8ae 100644
--- a/charts/gluu/gluu/README.md
+++ b/charts/gluu/gluu/README.md
@@ -1,6 +1,6 @@
# gluu
- 
+ 
Gluu Access and Identity Management
@@ -23,26 +23,26 @@ Kubernetes: `>=v1.21.0-0`
| Repository | Name | Version |
|------------|------|---------|
-| | admin-ui | 5.0.13 |
-| | auth-server | 5.0.13 |
-| | auth-server-key-rotation | 5.0.13 |
-| | casa | 5.0.13 |
-| | cn-istio-ingress | 5.0.13 |
-| | config | 5.0.13 |
-| | config-api | 5.0.13 |
-| | fido2 | 5.0.13 |
-| | nginx-ingress | 5.0.13 |
-| | opendj | 5.0.13 |
-| | oxpassport | 5.0.13 |
-| | oxshibboleth | 5.0.13 |
-| | persistence | 5.0.13 |
-| | scim | 5.0.13 |
+| | admin-ui | 5.0.14 |
+| | auth-server | 5.0.14 |
+| | auth-server-key-rotation | 5.0.14 |
+| | casa | 5.0.14 |
+| | cn-istio-ingress | 5.0.14 |
+| | config | 5.0.14 |
+| | config-api | 5.0.14 |
+| | fido2 | 5.0.14 |
+| | nginx-ingress | 5.0.14 |
+| | opendj | 5.0.14 |
+| | oxpassport | 5.0.14 |
+| | oxshibboleth | 5.0.14 |
+| | persistence | 5.0.14 |
+| | scim | 5.0.14 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/admin-ui","tag":"1.0.9-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server |
+| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"1.0.10-1"},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server |
| admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| admin-ui.dnsConfig | object | `{}` | Add custom dns config |
@@ -52,8 +52,8 @@ Kubernetes: `>=v1.21.0-0`
| admin-ui.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
| admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| admin-ui.image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. |
-| admin-ui.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| admin-ui.image.repository | string | `"ghcr.io/gluufederation/flex/admin-ui"` | Image to use for deploying. |
+| admin-ui.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. |
| admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
| admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. |
@@ -69,16 +69,16 @@ Kubernetes: `>=v1.21.0-0`
| admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/auth-server","tag":"1.0.9-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
-| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/certmanager","tag":"1.0.9-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
+| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.10-1"},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. |
+| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.10-1"},"keysLife":48,"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours |
| auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config |
| auth-server-key-rotation.dnsPolicy | string | `""` | Add custom dns policy |
| auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| auth-server-key-rotation.image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. |
-| auth-server-key-rotation.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/certmanager"` | Image to use for deploying. |
+| auth-server-key-rotation.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours |
| auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
| auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. |
@@ -99,8 +99,8 @@ Kubernetes: `>=v1.21.0-0`
| auth-server.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
| auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| auth-server.image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. |
-| auth-server.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| auth-server.image.repository | string | `"ghcr.io/janssenproject/jans/auth-server"` | Image to use for deploying. |
+| auth-server.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py |
| auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -117,7 +117,7 @@ Kubernetes: `>=v1.21.0-0`
| auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/casa","tag":"5.0.0-9"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. |
+| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/casa","tag":"5.0.0-10"},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. |
| casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| casa.dnsConfig | object | `{}` | Add custom dns config |
@@ -127,8 +127,8 @@ Kubernetes: `>=v1.21.0-0`
| casa.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
| casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| casa.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| casa.image.repository | string | `"gluufederation/casa"` | Image to use for deploying. |
-| casa.image.tag | string | `"5.0.0-9"` | Image tag to use for deploying. |
+| casa.image.repository | string | `"ghcr.io/gluufederation/flex/casa"` | Image to use for deploying. |
+| casa.image.tag | string | `"5.0.0-10"` | Image tag to use for deploying. |
| casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
| casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint |
| casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -146,8 +146,8 @@ Kubernetes: `>=v1.21.0-0`
| casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"janssenproject/configurator","tag":"1.0.9-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. |
-| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/config-api","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
+| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerPassPhrase":"Test1234#","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.10-1"},"ldapPassword":"P@ssw0rds","migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. |
+| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.10-1"},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). |
| config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| config-api.dnsConfig | object | `{}` | Add custom dns config |
@@ -157,8 +157,8 @@ Kubernetes: `>=v1.21.0-0`
| config-api.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
| config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| config-api.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| config-api.image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. |
-| config-api.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| config-api.image.repository | string | `"ghcr.io/janssenproject/jans/config-api"` | Image to use for deploying. |
+| config-api.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint |
| config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -221,8 +221,8 @@ Kubernetes: `>=v1.21.0-0`
| config.dnsPolicy | string | `""` | Add custom dns policy |
| config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. |
| config.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| config.image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. |
-| config.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| config.image.repository | string | `"ghcr.io/janssenproject/jans/configurator"` | Image to use for deploying. |
+| config.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. |
| config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section |
| config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE |
@@ -241,7 +241,7 @@ Kubernetes: `>=v1.21.0-0`
| config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 |
| config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/fido2","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. |
+| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.10-1"},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. |
| fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| fido2.dnsConfig | object | `{}` | Add custom dns config |
@@ -251,8 +251,8 @@ Kubernetes: `>=v1.21.0-0`
| fido2.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
| fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| fido2.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| fido2.image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. |
-| fido2.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| fido2.image.repository | string | `"ghcr.io/janssenproject/jans/fido2"` | Image to use for deploying. |
+| fido2.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. |
| fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint |
| fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
@@ -271,7 +271,7 @@ Kubernetes: `>=v1.21.0-0`
| fido2.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| fido2.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| fido2.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. |
+| global | object | `{"admin-ui":{"adminUiServiceName":"admin-ui","enabled":true,"ingress":{"adminUiEnabled":false}},"alb":{"ingress":false},"auth-server":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","authLogLevel":"INFO","authLogTarget":"STDOUT","enableStdoutLogPrefix":"true","httpLogLevel":"INFO","httpLogTarget":"FILE","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"authEncKeys":"RSA1_5 RSA-OAEP","authServerServiceName":"auth-server","authSigKeys":"RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512","enabled":true,"ingress":{"authServerEnabled":true,"authServerProtectedRegister":false,"authServerProtectedToken":false,"deviceCodeEnabled":true,"firebaseMessagingEnabled":true,"openidConfigEnabled":true,"u2fConfigEnabled":true,"uma2ConfigEnabled":true,"webdiscoveryEnabled":true,"webfingerEnabled":true}},"auth-server-key-rotation":{"enabled":false},"awsStorageType":"io1","azureStorageAccountType":"Standard_LRS","azureStorageKind":"Managed","casa":{"appLoggers":{"casaLogLevel":"INFO","casaLogTarget":"STDOUT","enableStdoutLogPrefix":"true","timerLogLevel":"INFO","timerLogTarget":"FILE"},"casaServiceName":"casa","enabled":true,"ingress":{"casaEnabled":false}},"cloud":{"testEnviroment":false},"cnAwsConfigFile":"/etc/jans/conf/aws_config_file","cnAwsSecretsReplicaRegionsFile":"/etc/jans/conf/aws_secrets_replica_regions","cnAwsSharedCredentialsFile":"/etc/jans/conf/aws_shared_credential_file","cnDocumentStoreType":"LOCAL","cnGoogleApplicationCredentials":"/etc/jans/conf/google-credentials.json","cnObExtSigningAlias":"","cnObExtSigningJwksCrt":"","cnObExtSigningJwksKey":"","cnObExtSigningJwksKeyPassPhrase":"","cnObExtSigningJwksUri":"","cnObStaticSigningKeyKid":"","cnObTransportAlias":"","cnObTransportCrt":"","cnObTransportKey":"","cnObTransportKeyPassPhrase":"","cnObTransportTrustStore":"","cnPersistenceType":"sql","cnPrometheusPort":"","config":{"enabled":true},"config-api":{"adminUiAppLoggers":{"adminUiAuditLogLevel":"INFO","adminUiAuditLogTarget":"FILE","adminUiLogLevel":"INFO","adminUiLogTarget":"FILE","enableStdoutLogPrefix":"true"},"appLoggers":{"configApiLogLevel":"INFO","configApiLogTarget":"STDOUT","enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"configApiServerServiceName":"config-api","enabled":true,"ingress":{"configApiEnabled":true}},"configAdapterName":"kubernetes","configSecretAdapter":"kubernetes","distribution":"default","fido2":{"appLoggers":{"enableStdoutLogPrefix":"true","fido2LogLevel":"INFO","fido2LogTarget":"STDOUT","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"fido2ServiceName":"fido2","ingress":{"fido2ConfigEnabled":false}},"fqdn":"demoexample.gluu.org","gcePdStorageType":"pd-standard","isFqdnRegistered":false,"istio":{"additionalAnnotations":{},"additionalLabels":{},"enabled":false,"gateways":[],"ingress":false,"namespace":"istio-system"},"jobTtlSecondsAfterFinished":300,"lbIp":"22.22.22.22","licenseSsa":"","nginx-ingress":{"enabled":true},"opendj":{"enabled":false,"ldapServiceName":"opendj"},"oxpassport":{"enabled":false,"oxPassportServiceName":"oxpassport"},"oxshibboleth":{"appLoggers":{"auditStatsLogLevel":"INFO","auditStatsLogTarget":"FILE","consentAuditLogLevel":"INFO","consentAuditLogTarget":"FILE","containerLogLevel":"","encryptionLogLevel":"","httpclientLogLevel":"","idpLogLevel":"INFO","idpLogTarget":"STDOUT","ldapLogLevel":"","messagesLogLevel":"","opensamlLogLevel":"","propsLogLevel":"","scriptLogLevel":"INFO","scriptLogTarget":"FILE","springLogLevel":"","xmlsecLogLevel":""},"enabled":false,"oxShibbolethServiceName":"oxshibboleth"},"persistence":{"enabled":true},"scim":{"appLoggers":{"enableStdoutLogPrefix":"true","ldapStatsLogLevel":"INFO","ldapStatsLogTarget":"FILE","persistenceDurationLogLevel":"INFO","persistenceDurationLogTarget":"FILE","persistenceLogLevel":"INFO","persistenceLogTarget":"FILE","scimLogLevel":"INFO","scimLogTarget":"STDOUT","scriptLogLevel":"INFO","scriptLogTarget":"FILE"},"enabled":true,"ingress":{"scimConfigEnabled":false,"scimEnabled":false},"scimServiceName":"scim"},"storageClass":{"allowVolumeExpansion":true,"allowedTopologies":[],"mountOptions":["debug"],"parameters":{},"provisioner":"microk8s.io/hostpath","reclaimPolicy":"Retain","volumeBindingMode":"WaitForFirstConsumer"},"usrEnvs":{"normal":{},"secret":{}}}` | Parameters used globally across all services helm charts. |
| global.admin-ui.adminUiServiceName | string | `"admin-ui"` | Name of the admin-ui service. Please keep it as default. |
| global.admin-ui.enabled | bool | `true` | Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin. |
| global.admin-ui.ingress.adminUiEnabled | bool | `false` | Enable Admin UI endpoints in either istio or nginx ingress depending on users choice |
@@ -386,6 +386,7 @@ Kubernetes: `>=v1.21.0-0`
| global.istio.namespace | string | `"istio-system"` | The namespace istio is deployed in. The is normally istio-system. |
| global.jobTtlSecondsAfterFinished | int | `300` | https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
| global.lbIp | string | `"22.22.22.22"` | The Loadbalancer IP created by nginx or istio on clouds that provide static IPs. This is not needed if `global.fqdn` is globally resolvable. |
+| global.licenseSsa | string | `""` | Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded. |
| global.nginx-ingress.enabled | bool | `true` | Boolean flag to enable/disable the nginx-ingress definitions chart. |
| global.opendj.enabled | bool | `false` | Boolean flag to enable/disable the OpenDJ chart. |
| global.opendj.ldapServiceName | string | `"opendj"` | Name of the OpenDJ service. Please keep it as default. |
@@ -551,15 +552,15 @@ Kubernetes: `>=v1.21.0-0`
| oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/persistence-loader","tag":"1.0.9-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. |
+| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.10-1"},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. |
| persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| persistence.dnsConfig | object | `{}` | Add custom dns config |
| persistence.dnsPolicy | string | `""` | Add custom dns policy |
| persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| persistence.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| persistence.image.repository | string | `"janssenproject/persistence-loader"` | Image to use for deploying. |
-| persistence.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| persistence.image.repository | string | `"ghcr.io/janssenproject/jans/persistence-loader"` | Image to use for deploying. |
+| persistence.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
| persistence.resources.limits.cpu | string | `"300m"` | CPU limit |
| persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. |
@@ -570,7 +571,7 @@ Kubernetes: `>=v1.21.0-0`
| persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 |
| persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers |
| persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod |
-| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"janssenproject/scim","tag":"1.0.9-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 |
+| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.10-1"},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 |
| scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} |
| scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} |
| scim.dnsConfig | object | `{}` | Add custom dns config |
@@ -580,8 +581,8 @@ Kubernetes: `>=v1.21.0-0`
| scim.hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set |
| scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| scim.image.pullSecrets | list | `[]` | Image Pull Secrets |
-| scim.image.repository | string | `"janssenproject/scim"` | Image to use for deploying. |
-| scim.image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| scim.image.repository | string | `"ghcr.io/janssenproject/jans/scim"` | Image to use for deploying. |
+| scim.image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. |
| scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint |
| scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget |
diff --git a/charts/gluu/gluu/charts/admin-ui/Chart.yaml b/charts/gluu/gluu/charts/admin-ui/Chart.yaml
index e50f6983b..ce6ab4624 100644
--- a/charts/gluu/gluu/charts/admin-ui/Chart.yaml
+++ b/charts/gluu/gluu/charts/admin-ui/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://github.com/GluuFederation/docker-gluu-admin-ui
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/admin-ui/README.md b/charts/gluu/gluu/charts/admin-ui/README.md
index 01eb7d74d..4770df26f 100644
--- a/charts/gluu/gluu/charts/admin-ui/README.md
+++ b/charts/gluu/gluu/charts/admin-ui/README.md
@@ -1,6 +1,6 @@
# admin-ui
-  
+  
Admin GUI. Requires license.
@@ -35,7 +35,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. |
| readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. |
| replicas | int | `1` | Service replica number. |
diff --git a/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml b/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml
index 2503bee46..7cac0c3ab 100644
--- a/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml
+++ b/charts/gluu/gluu/charts/admin-ui/templates/deployment.yml
@@ -77,6 +77,9 @@ spec:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
+ - mountPath: /etc/jans/conf/ssa
+ name: license-ssa
+ subPath: ssa
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
name: aws-shared-credential-file
@@ -127,6 +130,9 @@ spec:
{{- with .Values.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
+ - name: license-ssa
+ secret:
+ secretName: {{ .Release.Name }}-license-ssa
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- name: aws-shared-credential-file
secret:
diff --git a/charts/gluu/gluu/charts/admin-ui/values.yaml b/charts/gluu/gluu/charts/admin-ui/values.yaml
index 70e67e4aa..824a46b5a 100644
--- a/charts/gluu/gluu/charts/admin-ui/values.yaml
+++ b/charts/gluu/gluu/charts/admin-ui/values.yaml
@@ -27,7 +27,7 @@ image:
# -- Image to use for deploying.
repository: gluufederation/admin-ui
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml
index f49507043..8a69d7901 100644
--- a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml
+++ b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml
@@ -15,4 +15,4 @@ sources:
- https://github.com/JanssenProject/docker-jans-certmanager
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md
index 54fb1f383..d8d5c3fc1 100644
--- a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md
+++ b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md
@@ -1,6 +1,6 @@
# auth-server-key-rotation
-  
+  
Responsible for regenerating auth-keys per x hours
@@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| keysLife | int | `48` | Auth server key rotation keys life in hours |
| nodeSelector | object | `{}` | |
| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml
index 488e0e2ab..233a719d2 100644
--- a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml
+++ b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml
@@ -18,7 +18,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/certmanager
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Auth server key rotation keys life in hours
diff --git a/charts/gluu/gluu/charts/auth-server/Chart.yaml b/charts/gluu/gluu/charts/auth-server/Chart.yaml
index 3040d3f42..4b0339f18 100644
--- a/charts/gluu/gluu/charts/auth-server/Chart.yaml
+++ b/charts/gluu/gluu/charts/auth-server/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/JanssenProject/docker-jans-auth-server
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/auth-server/README.md b/charts/gluu/gluu/charts/auth-server/README.md
index 45f9159d2..2ff4f2792 100644
--- a/charts/gluu/gluu/charts/auth-server/README.md
+++ b/charts/gluu/gluu/charts/auth-server/README.md
@@ -1,6 +1,6 @@
# auth-server
-  
+  
OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing.
@@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
| readinessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the auth server if needed. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
diff --git a/charts/gluu/gluu/charts/auth-server/values.yaml b/charts/gluu/gluu/charts/auth-server/values.yaml
index ecd9065be..3abd81297 100644
--- a/charts/gluu/gluu/charts/auth-server/values.yaml
+++ b/charts/gluu/gluu/charts/auth-server/values.yaml
@@ -28,7 +28,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/auth-server
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/casa/Chart.yaml b/charts/gluu/gluu/charts/casa/Chart.yaml
index ecc921b5b..d473724b3 100644
--- a/charts/gluu/gluu/charts/casa/Chart.yaml
+++ b/charts/gluu/gluu/charts/casa/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/GluuFederation/docker-casa
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/casa/README.md b/charts/gluu/gluu/charts/casa/README.md
index 6290bcff9..d43008f15 100644
--- a/charts/gluu/gluu/charts/casa/README.md
+++ b/charts/gluu/gluu/charts/casa/README.md
@@ -1,6 +1,6 @@
# casa
-  
+  
Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server.
@@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"gluufederation/casa"` | Image to use for deploying. |
-| image.tag | string | `"5.0.0-8"` | Image tag to use for deploying. |
+| image.tag | string | `"5.0.0-10"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. |
| livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint |
| nameOverride | string | `""` | |
diff --git a/charts/gluu/gluu/charts/casa/values.yaml b/charts/gluu/gluu/charts/casa/values.yaml
index 9fc8c32b1..eaf479674 100644
--- a/charts/gluu/gluu/charts/casa/values.yaml
+++ b/charts/gluu/gluu/charts/casa/values.yaml
@@ -27,7 +27,7 @@ image:
# -- Image to use for deploying.
repository: gluufederation/casa
# -- Image tag to use for deploying.
- tag: 5.0.0-8
+ tag: 5.0.0-10
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml
index 1bdad5b3b..30b9a886b 100644
--- a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml
+++ b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml
@@ -16,4 +16,4 @@ sources:
- https://gluu.org/docs/gluu-server/
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/README.md b/charts/gluu/gluu/charts/cn-istio-ingress/README.md
index 8545c0e35..447331bc2 100644
--- a/charts/gluu/gluu/charts/cn-istio-ingress/README.md
+++ b/charts/gluu/gluu/charts/cn-istio-ingress/README.md
@@ -1,6 +1,6 @@
# cn-istio-ingress
-  
+  
Istio Gateway
diff --git a/charts/gluu/gluu/charts/config-api/Chart.yaml b/charts/gluu/gluu/charts/config-api/Chart.yaml
index b300fad62..d88bb58be 100644
--- a/charts/gluu/gluu/charts/config-api/Chart.yaml
+++ b/charts/gluu/gluu/charts/config-api/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-config-api
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/config-api/README.md b/charts/gluu/gluu/charts/config-api/README.md
index 503f1943c..adbe606cd 100644
--- a/charts/gluu/gluu/charts/config-api/README.md
+++ b/charts/gluu/gluu/charts/config-api/README.md
@@ -1,6 +1,6 @@
# config-api
-  
+  
Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS)
@@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. |
| livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py |
| nameOverride | string | `""` | |
diff --git a/charts/gluu/gluu/charts/config-api/values.yaml b/charts/gluu/gluu/charts/config-api/values.yaml
index bc8c22a68..853cc353a 100644
--- a/charts/gluu/gluu/charts/config-api/values.yaml
+++ b/charts/gluu/gluu/charts/config-api/values.yaml
@@ -33,7 +33,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/config-api
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/config/Chart.yaml b/charts/gluu/gluu/charts/config/Chart.yaml
index e50b02a1f..69fdaf413 100644
--- a/charts/gluu/gluu/charts/config/Chart.yaml
+++ b/charts/gluu/gluu/charts/config/Chart.yaml
@@ -18,4 +18,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-configurator
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/config/README.md b/charts/gluu/gluu/charts/config/README.md
index ae870bb9b..122fc1bb3 100644
--- a/charts/gluu/gluu/charts/config/README.md
+++ b/charts/gluu/gluu/charts/config/README.md
@@ -1,6 +1,6 @@
# config
-  
+  
Configuration parameters for setup and initial configuration secret and config layers used by Gluu services.
@@ -73,7 +73,7 @@ Kubernetes: `>=v1.21.0-0`
| fullNameOverride | string | `""` | |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. |
| migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section |
| migration.enabled | bool | `false` | Boolean flag to enable migration from CE |
diff --git a/charts/gluu/gluu/charts/config/templates/license-secrets.yaml b/charts/gluu/gluu/charts/config/templates/license-secrets.yaml
new file mode 100644
index 000000000..0cf764a03
--- /dev/null
+++ b/charts/gluu/gluu/charts/config/templates/license-secrets.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-license-ssa
+ labels:
+{{ include "config.labels" . | indent 4 }}
+{{- if .Values.additionalLabels }}
+{{ toYaml .Values.additionalLabels | indent 4 }}
+{{- end }}
+{{- if .Values.additionalAnnotations }}
+ annotations:
+{{ toYaml .Values.additionalAnnotations | indent 4 }}
+{{- end }}
+ namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+ ssa: {{ required "global.licenseSsa is required in chart values. This is a base64 string provided by Gluu to activate your license." .Values.global.licenseSsa }}
\ No newline at end of file
diff --git a/charts/gluu/gluu/charts/config/values.yaml b/charts/gluu/gluu/charts/config/values.yaml
index 31c329d9b..56754498e 100644
--- a/charts/gluu/gluu/charts/config/values.yaml
+++ b/charts/gluu/gluu/charts/config/values.yaml
@@ -106,7 +106,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/configurator
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- LDAP admin password if OpennDJ is used for persistence.
diff --git a/charts/gluu/gluu/charts/fido2/Chart.yaml b/charts/gluu/gluu/charts/fido2/Chart.yaml
index 3d06ae090..e5a75f795 100644
--- a/charts/gluu/gluu/charts/fido2/Chart.yaml
+++ b/charts/gluu/gluu/charts/fido2/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-fido2
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/fido2/README.md b/charts/gluu/gluu/charts/fido2/README.md
index 1bee8d96a..eb9dbd899 100644
--- a/charts/gluu/gluu/charts/fido2/README.md
+++ b/charts/gluu/gluu/charts/fido2/README.md
@@ -1,6 +1,6 @@
# fido2
-  
+  
FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments.
@@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. |
| livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint |
| readinessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the readiness healthcheck for the fido2 if needed. |
diff --git a/charts/gluu/gluu/charts/fido2/values.yaml b/charts/gluu/gluu/charts/fido2/values.yaml
index 1415b7d0d..7950f6d43 100644
--- a/charts/gluu/gluu/charts/fido2/values.yaml
+++ b/charts/gluu/gluu/charts/fido2/values.yaml
@@ -29,7 +29,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/fido2
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml
index 85abcb2ea..b001a6138 100644
--- a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml
+++ b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://kubernetes.io/docs/concepts/services-networking/ingress/
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/nginx-ingress/README.md b/charts/gluu/gluu/charts/nginx-ingress/README.md
index e6e23517d..1032c2954 100644
--- a/charts/gluu/gluu/charts/nginx-ingress/README.md
+++ b/charts/gluu/gluu/charts/nginx-ingress/README.md
@@ -1,6 +1,6 @@
# nginx-ingress
-  
+  
Nginx ingress definitions chart
diff --git a/charts/gluu/gluu/charts/opendj/Chart.yaml b/charts/gluu/gluu/charts/opendj/Chart.yaml
index db5c2f7ab..91e5c2b7d 100644
--- a/charts/gluu/gluu/charts/opendj/Chart.yaml
+++ b/charts/gluu/gluu/charts/opendj/Chart.yaml
@@ -19,4 +19,4 @@ sources:
- https://github.com/GluuFederation/docker-opendj
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/opendj/README.md b/charts/gluu/gluu/charts/opendj/README.md
index 7e7cc1d93..aa54042d1 100644
--- a/charts/gluu/gluu/charts/opendj/README.md
+++ b/charts/gluu/gluu/charts/opendj/README.md
@@ -1,6 +1,6 @@
# opendj
-  
+  
OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.
diff --git a/charts/gluu/gluu/charts/oxpassport/Chart.yaml b/charts/gluu/gluu/charts/oxpassport/Chart.yaml
index af197fb29..18da36c1e 100644
--- a/charts/gluu/gluu/charts/oxpassport/Chart.yaml
+++ b/charts/gluu/gluu/charts/oxpassport/Chart.yaml
@@ -18,4 +18,4 @@ sources:
- https://github.com/GluuFederation/docker-oxpassport
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/oxpassport/README.md b/charts/gluu/gluu/charts/oxpassport/README.md
index 509945113..a26466620 100644
--- a/charts/gluu/gluu/charts/oxpassport/README.md
+++ b/charts/gluu/gluu/charts/oxpassport/README.md
@@ -1,6 +1,6 @@
# oxpassport
-  
+  
Gluu interface to Passport.js to support social login and inbound identity.
diff --git a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml
index f3ada6726..ede42741f 100644
--- a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml
+++ b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://github.com/GluuFederation/docker-oxshibboleth
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/oxshibboleth/README.md b/charts/gluu/gluu/charts/oxshibboleth/README.md
index b33196163..baccec292 100644
--- a/charts/gluu/gluu/charts/oxshibboleth/README.md
+++ b/charts/gluu/gluu/charts/oxshibboleth/README.md
@@ -1,6 +1,6 @@
# oxshibboleth
-  
+  
Shibboleth project for the Gluu Server's SAML IDP functionality.
diff --git a/charts/gluu/gluu/charts/persistence/Chart.yaml b/charts/gluu/gluu/charts/persistence/Chart.yaml
index 46b831ac4..d5f888845 100644
--- a/charts/gluu/gluu/charts/persistence/Chart.yaml
+++ b/charts/gluu/gluu/charts/persistence/Chart.yaml
@@ -15,4 +15,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-persistence-loader
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/persistence/README.md b/charts/gluu/gluu/charts/persistence/README.md
index a7a918956..7b3ecfdf6 100644
--- a/charts/gluu/gluu/charts/persistence/README.md
+++ b/charts/gluu/gluu/charts/persistence/README.md
@@ -1,6 +1,6 @@
# persistence
-  
+  
Job to generate data and initial config for Gluu Server persistence layer.
@@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"gluufederation/persistence"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| imagePullSecrets | list | `[]` | |
| nameOverride | string | `""` | |
| resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. |
diff --git a/charts/gluu/gluu/charts/persistence/values.yaml b/charts/gluu/gluu/charts/persistence/values.yaml
index 425dcaa37..dacdefe83 100644
--- a/charts/gluu/gluu/charts/persistence/values.yaml
+++ b/charts/gluu/gluu/charts/persistence/values.yaml
@@ -18,7 +18,7 @@ image:
# -- Image to use for deploying.
repository: gluufederation/persistence
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
diff --git a/charts/gluu/gluu/charts/scim/Chart.yaml b/charts/gluu/gluu/charts/scim/Chart.yaml
index 67fccea07..810275c6c 100644
--- a/charts/gluu/gluu/charts/scim/Chart.yaml
+++ b/charts/gluu/gluu/charts/scim/Chart.yaml
@@ -17,4 +17,4 @@ sources:
- https://github.com/JanssenProject/jans/docker-jans-scim
- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim
type: application
-version: 5.0.13
+version: 5.0.14
diff --git a/charts/gluu/gluu/charts/scim/README.md b/charts/gluu/gluu/charts/scim/README.md
index daa7fee22..7efe3a02a 100644
--- a/charts/gluu/gluu/charts/scim/README.md
+++ b/charts/gluu/gluu/charts/scim/README.md
@@ -1,6 +1,6 @@
# scim
-  
+  
System for Cross-domain Identity Management (SCIM) version 2.0
@@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0`
| image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. |
| image.pullSecrets | list | `[]` | Image Pull Secrets |
| image.repository | string | `"janssenproject/scim"` | Image to use for deploying. |
-| image.tag | string | `"1.0.9-1"` | Image tag to use for deploying. |
+| image.tag | string | `"1.0.10-1"` | Image tag to use for deploying. |
| livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. |
| livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint |
| readinessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the readiness healthcheck for the SCIM if needed. |
diff --git a/charts/gluu/gluu/charts/scim/values.yaml b/charts/gluu/gluu/charts/scim/values.yaml
index 96dacae15..cc39b2415 100644
--- a/charts/gluu/gluu/charts/scim/values.yaml
+++ b/charts/gluu/gluu/charts/scim/values.yaml
@@ -28,7 +28,7 @@ image:
# -- Image to use for deploying.
repository: janssenproject/scim
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/gluu/gluu/openbanking-values.yaml b/charts/gluu/gluu/openbanking-values.yaml
index 476055199..9ede5d8f7 100644
--- a/charts/gluu/gluu/openbanking-values.yaml
+++ b/charts/gluu/gluu/openbanking-values.yaml
@@ -28,7 +28,7 @@ auth-server:
# -- Image to use for deploying.
repository: janssenproject/auth-server
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -167,7 +167,7 @@ config:
# -- Image to use for deploying.
repository: janssenproject/configurator
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Organization name. Used for certificate creation.
@@ -231,7 +231,7 @@ config-api:
# -- Image to use for deploying.
repository: janssenproject/config-api
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -674,7 +674,7 @@ persistence:
# -- Image to use for deploying.
repository: janssenproject/persistence-loader
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
diff --git a/charts/gluu/gluu/values.schema.json b/charts/gluu/gluu/values.schema.json
index 8529ffcaa..11b96aa7c 100644
--- a/charts/gluu/gluu/values.schema.json
+++ b/charts/gluu/gluu/values.schema.json
@@ -237,8 +237,7 @@
"properties":{
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -321,6 +320,11 @@
"description":"Parameters used globally across all services helm charts.",
"type":"object",
"properties":{
+ "licenseSsa":{
+ "description":"Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded.",
+ "type":"string",
+ "pattern":"^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$"
+ },
"alb":{
"type":"object",
"properties":{
@@ -1221,8 +1225,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -1361,8 +1364,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -1470,8 +1472,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -1615,8 +1616,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -1756,8 +1756,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -1858,8 +1857,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -2136,8 +2134,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -2395,8 +2392,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -2547,8 +2543,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -2671,8 +2666,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
@@ -2809,8 +2803,7 @@
},
"repository":{
"description":"Image to use for deploying",
- "type":"string",
- "pattern":"^[a-z0-9-_/]+$"
+ "type":"string"
},
"tag":{
"description":"Image tag to use for deploying.",
diff --git a/charts/gluu/gluu/values.yaml b/charts/gluu/gluu/values.yaml
index bb20f8e53..ea6800a03 100644
--- a/charts/gluu/gluu/values.yaml
+++ b/charts/gluu/gluu/values.yaml
@@ -104,9 +104,9 @@ admin-ui:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: gluufederation/admin-ui
+ repository: ghcr.io/gluufederation/flex/admin-ui
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -195,9 +195,9 @@ auth-server:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: janssenproject/auth-server
+ repository: ghcr.io/janssenproject/jans/auth-server
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -262,9 +262,9 @@ auth-server-key-rotation:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: janssenproject/certmanager
+ repository: ghcr.io/janssenproject/jans/certmanager
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Auth server key rotation keys life in hours
@@ -337,9 +337,9 @@ casa:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: gluufederation/casa
+ repository: ghcr.io/gluufederation/flex/casa
# -- Image tag to use for deploying.
- tag: 5.0.0-9
+ tag: 5.0.0-10
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -510,9 +510,9 @@ config:
email: support@gluu.org
image:
# -- Image to use for deploying.
- repository: janssenproject/configurator
+ repository: ghcr.io/janssenproject/jans/configurator
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- LDAP admin password if OpenDJ is used for persistence.
@@ -604,9 +604,9 @@ config-api:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: janssenproject/config-api
+ repository: ghcr.io/janssenproject/jans/config-api
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -696,9 +696,9 @@ fido2:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: janssenproject/fido2
+ repository: ghcr.io/janssenproject/jans/fido2
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
@@ -760,7 +760,8 @@ global:
alb:
# -- Activates ALB ingress
ingress: false
-
+ # -- Your organization needs to register with Gluu to trial Flex, after which you are issued a JWT placed here in which you can use to install. This must be base64 encoded.
+ licenseSsa: ""
admin-ui:
# -- Boolean flag to enable/disable the admin-ui chart and admin ui config api plugin.
enabled: true
@@ -1554,9 +1555,9 @@ persistence:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: janssenproject/persistence-loader
+ repository: ghcr.io/janssenproject/jans/persistence-loader
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Resource specs.
@@ -1627,9 +1628,9 @@ scim:
# -- Image pullPolicy to use for deploying.
pullPolicy: IfNotPresent
# -- Image to use for deploying.
- repository: janssenproject/scim
+ repository: ghcr.io/janssenproject/jans/scim
# -- Image tag to use for deploying.
- tag: 1.0.9-1
+ tag: 1.0.10-1
# -- Image Pull Secrets
pullSecrets: [ ]
# -- Service replica number.
diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md
index ed00630c2..af015d705 100644
--- a/charts/jenkins/jenkins/CHANGELOG.md
+++ b/charts/jenkins/jenkins/CHANGELOG.md
@@ -12,6 +12,11 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
The change log until v1.5.7 was auto-generated based on git commits.
Those entries include a reference to the git commit to be able to get more details.
+## 4.3.9
+
+Document `.Values.agent.directConnection` in README.
+Add default value for `.Values.agent.directConnection` to `values.yaml`
+
## 4.3.8
Added `.Values.agent.directConnection` to allow agents to be configured to connect direct to the JNLP port on the
diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml
index cebc2c6b8..e1e745835 100644
--- a/charts/jenkins/jenkins/Chart.yaml
+++ b/charts/jenkins/jenkins/Chart.yaml
@@ -41,4 +41,4 @@ sources:
- https://github.com/jenkinsci/docker-inbound-agent
- https://github.com/maorfr/kube-tasks
- https://github.com/jenkinsci/configuration-as-code-plugin
-version: 4.3.8
+version: 4.3.9
diff --git a/charts/jenkins/jenkins/README.md b/charts/jenkins/jenkins/README.md
index e2a4e06cd..efef48802 100644
--- a/charts/jenkins/jenkins/README.md
+++ b/charts/jenkins/jenkins/README.md
@@ -964,6 +964,16 @@ awsSecurityGroupPolicies:
- jenkins-controller
```
+### Agent Direct Connection
+
+Set `directConnection` to `true` to allow agents to connect directly to a given TCP port without having to negotiate a HTTP(S) connection. This can allow you to have agent connections without an external HTTP(S) port. Example:
+
+```yaml
+agent:
+ jenkinsTunnel: "jenkinsci-agent:50000"
+ directConnection: true
+```
+
## Migration Guide
### From stable repo
diff --git a/charts/jenkins/jenkins/values.yaml b/charts/jenkins/jenkins/values.yaml
index 9ba852b66..885ff5684 100644
--- a/charts/jenkins/jenkins/values.yaml
+++ b/charts/jenkins/jenkins/values.yaml
@@ -634,6 +634,7 @@ agent:
imagePullSecretName:
componentName: "jenkins-agent"
websocket: false
+ directConnection: false
privileged: false
runAsUser:
runAsGroup:
diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml
index 40504cbdf..73637b369 100644
--- a/charts/jfrog/artifactory-ha/Chart.yaml
+++ b/charts/jfrog/artifactory-ha/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
-appVersion: 7.55.7
+appVersion: 7.55.8
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.55.7
+version: 107.55.8
diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md
index 69187942a..ba67451de 100644
--- a/charts/jfrog/artifactory-jcr/CHANGELOG.md
+++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md
@@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
-## [107.55.7] - Aug 25, 2022
+## [107.55.8] - Aug 25, 2022
* Included event service as mandatory and remove the flag from values.yaml
## [107.41.0] - Jul 22, 2022
diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml
index dcabd17c1..647f08df9 100644
--- a/charts/jfrog/artifactory-jcr/Chart.yaml
+++ b/charts/jfrog/artifactory-jcr/Chart.yaml
@@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
-appVersion: 7.55.7
+appVersion: 7.55.8
dependencies:
- name: artifactory
repository: file://./charts/artifactory
- version: 107.55.7
+ version: 107.55.8
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.55.7
+version: 107.55.8
diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
index 50aa786c8..72db36d37 100644
--- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
+++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 7.55.7
+appVersion: 7.55.8
dependencies:
- condition: postgresql.enabled
name: postgresql
@@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
-version: 107.55.7
+version: 107.55.8
diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml
index 24482592f..73521d7c6 100644
--- a/charts/kubecost/cost-analyzer/Chart.yaml
+++ b/charts/kubecost/cost-analyzer/Chart.yaml
@@ -7,7 +7,7 @@ annotations:
catalog.cattle.io/featured: "2"
catalog.cattle.io/release-name: cost-analyzer
apiVersion: v2
-appVersion: 1.101.2
+appVersion: 1.101.3
dependencies:
- condition: global.grafana.enabled
name: grafana
@@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni
cloud costs.
icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
name: cost-analyzer
-version: 1.101.2
+version: 1.101.3
diff --git a/charts/loft/loft/Chart.yaml b/charts/loft/loft/Chart.yaml
index 24c26ae9b..f663426c6 100644
--- a/charts/loft/loft/Chart.yaml
+++ b/charts/loft/loft/Chart.yaml
@@ -28,4 +28,4 @@ name: loft
sources:
- https://github.com/loft-sh/loft
type: application
-version: 3.0.0
+version: 3.0.1
diff --git a/charts/percona/psmdb-operator/Chart.yaml b/charts/percona/psmdb-operator/Chart.yaml
index 90264d31c..cff8ebec4 100644
--- a/charts/percona/psmdb-operator/Chart.yaml
+++ b/charts/percona/psmdb-operator/Chart.yaml
@@ -16,4 +16,4 @@ maintainers:
- email: sergey.pronin@percona.com
name: spron-in
name: psmdb-operator
-version: 1.14.0
+version: 1.14.1
diff --git a/charts/percona/psmdb-operator/README.md b/charts/percona/psmdb-operator/README.md
index 78bc4420c..2eb08c9b2 100644
--- a/charts/percona/psmdb-operator/README.md
+++ b/charts/percona/psmdb-operator/README.md
@@ -34,8 +34,11 @@ The chart can be customized using the following configurable parameters:
| `tolerations` | List of node taints to tolerate | `[]` |
| `resources` | Resource requests and limits | `{}` |
| `nodeSelector` | Labels for Pod assignment | `{}` |
+| `podAnnotations` | Annotations for pod | `{}` |
+| `podSecurityContext` | Pod Security Context | `{}` |
| `watchNamespace` | Set when a different from default namespace is needed to watch | `""` |
| `rbac.create` | If false RBAC will not be created. RBAC resources will need to be created manually | `true` |
+| `securityContext` | Container Security Context | `{}` |
| `serviceAccount.create` | If false the ServiceAccounts will not be created. The ServiceAccounts must be created manually | `true` |
Specify parameters using `--set key=value[,key=value]` argument to `helm install`
diff --git a/charts/percona/psmdb-operator/templates/deployment.yaml b/charts/percona/psmdb-operator/templates/deployment.yaml
index 4a744c170..2d8445f7c 100644
--- a/charts/percona/psmdb-operator/templates/deployment.yaml
+++ b/charts/percona/psmdb-operator/templates/deployment.yaml
@@ -12,17 +12,25 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
labels:
app.kubernetes.io/name: {{ include "psmdb-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
serviceAccountName: {{ include "psmdb-operator.fullname" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
diff --git a/charts/percona/psmdb-operator/values.yaml b/charts/percona/psmdb-operator/values.yaml
index 97057392b..49f838425 100644
--- a/charts/percona/psmdb-operator/values.yaml
+++ b/charts/percona/psmdb-operator/values.yaml
@@ -26,6 +26,25 @@ serviceAccount:
# serviceAccount.create: Whether to create the Service Accounts or not
create: true
+podAnnotations: {}
+ # prometheus.io/scrape: "true"
+ # prometheus.io/port: "8080"
+
+podSecurityContext: {}
+ # runAsNonRoot: true
+ # runAsUser: 2
+ # runAsGroup: 2
+ # fsGroup: 2
+ # fsGroupChangePolicy: "OnRootMismatch"
+
+securityContext: {}
+ # allowPrivilegeEscalation: false
+ # capabilities:
+ # drop:
+ # - ALL
+ # seccompProfile:
+ # type: RuntimeDefault
+
# set if you want to use a different operator name
# defaults to `percona-server-mongodb-operator`
# operatorName:
diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml
index 14e07c62c..8962e70fd 100644
--- a/charts/redpanda/redpanda/Chart.yaml
+++ b/charts/redpanda/redpanda/Chart.yaml
@@ -31,4 +31,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
-version: 3.0.3
+version: 3.0.6
diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml
index 2bcb18b7e..dcfe3ca42 100644
--- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml
+++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml
@@ -159,6 +159,5 @@ spec:
secretName: {{ $sasl.secretRef }}
optional: false
{{- end }}
- securityContext: {{ include "container-security-context" . | nindent 8 }}
serviceAccountName: {{ include "redpanda.serviceAccountName" . }}
{{- end -}}
diff --git a/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml b/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml
new file mode 100644
index 000000000..cea9af664
--- /dev/null
+++ b/charts/redpanda/redpanda/templates/tests/test-rpk-debug-bundle.yaml
@@ -0,0 +1,117 @@
+{{/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+{{- $sasl := .Values.auth.sasl }}
+{{- $useSaslSecret := and $sasl.enabled (not (empty $sasl.secretRef )) }}
+{{- if .Values.rbac.enabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "redpanda.fullname" . }}-test-rpk-debug-bundle
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+{{- with include "full.labels" . }}
+ {{- . | nindent 4 }}
+{{- end }}
+ annotations:
+ "helm.sh/hook": test
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+ restartPolicy: Never
+ securityContext:
+ fsGroup: 101
+ affinity:
+ podAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ statefulset.kubernetes.io/pod-name: {{ include "redpanda.fullname" . }}-0
+ topologyKey: kubernetes.io/hostname
+ initContainers:
+ - name: {{ template "redpanda.name" . }}
+ image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }}
+ volumeMounts:
+ - name: shared-data
+ mountPath: /usr/share/redpanda/test
+ - name: config
+ mountPath: /etc/redpanda
+ - name: datadir
+ mountPath: /var/lib/redpanda/data
+{{- if (include "tls-enabled" . | fromJson).bool -}}
+ {{- range $name, $cert := .Values.tls.certs }}
+ - name: redpanda-{{ $name }}-cert
+ mountPath: {{ printf "/etc/tls/certs/%s" $name }}
+ {{- end }}
+{{- end }}
+{{- if $useSaslSecret }}
+ - name: {{ $sasl.secretRef }}
+ mountPath: "/etc/secrets/users"
+ readOnly: true
+{{- end}}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ set -e
+ rpk debug bundle -o /usr/share/redpanda/test/debug-test.zip -n {{ .Release.Namespace }} {{ include "rpk-common-flags" . }}
+ containers:
+ - name: {{ template "redpanda.name" . }}-tester
+ image: busybox:latest
+ volumeMounts:
+ - name: shared-data
+ mountPath: /test
+ command:
+ - /bin/ash
+ - -c
+ - |
+ set -e
+ unzip /test/debug-test.zip -d /tmp/bundle
+
+ test -f /tmp/bundle/logs/{{ .Release.Namespace }}-0.txt
+ test -f /tmp/bundle/logs/{{ .Release.Namespace }}-1.txt
+ test -f /tmp/bundle/logs/{{ .Release.Namespace }}-2.txt
+
+ test -d /tmp/bundle/controller
+
+ test -f /tmp/bundle/k8s/pods.json
+ test -f /tmp/bundle/k8s/configmaps.json
+ volumes:
+ - name: shared-data
+ emptyDir: {}
+ - name: config
+ emptyDir: {}
+ - name: {{ template "redpanda.fullname" . }}
+ configMap:
+ name: {{ template "redpanda.fullname" . }}
+ - name: datadir
+ persistentVolumeClaim:
+ claimName: datadir-{{ include "redpanda.fullname" . }}-0
+{{- if $useSaslSecret }}
+ - name: {{ $sasl.secretRef }}
+ secret:
+ secretName: {{ $sasl.secretRef }}
+ optional: false
+{{- end }}
+{{- if (include "tls-enabled" . | fromJson).bool }}
+ {{- range $name, $cert := .Values.tls.certs }}
+ - name: redpanda-{{ $name }}-cert
+ secret:
+ defaultMode: 0644
+ secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert
+ {{- end }}
+{{- end -}}
+
+{{- end -}}
diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml
index 5a4d40f70..7b339bf42 100644
--- a/charts/redpanda/redpanda/values.yaml
+++ b/charts/redpanda/redpanda/values.yaml
@@ -112,7 +112,7 @@ tls:
# To allow you to enable TLS for individual listeners,
# certificates in auth.tls.certs are always loaded, even if tls.enabled is false.
# See listeners..tls.enabled.
- enabled: false
+ enabled: true
# List all Certificates here, then you can reference a specific Certificate's name in each listener's listeners..tls.cert setting.
certs:
# This is the Certificate name.
@@ -334,11 +334,11 @@ storage:
cloud_storage_secret_key: ""
cloud_storage_api_endpoint: ""
# Required for ABS.
- cloud_storage_azure_container: ""
+ cloud_storage_azure_container: null
# Required for ABS.
- cloud_storage_azure_storage_account: ""
+ cloud_storage_azure_storage_account: null
# Required for ABS.
- cloud_storage_azure_shared_key: ""
+ cloud_storage_azure_shared_key: null
# Available starting from 22.3.X
# Required for AWS and GCS authentication with IAM roles.
cloud_storage_credentials_source: config_file
diff --git a/index.yaml b/index.yaml
index 49339a965..e40d6daf9 100644
--- a/index.yaml
+++ b/index.yaml
@@ -80,6 +80,51 @@ entries:
- assets/datawiza/access-broker-0.1.1.tgz
version: 0.1.1
airflow:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Airflow
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: airflow
+ category: WorkFlow
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 2.5.2
+ created: "2023-03-21T16:28:40.324525921Z"
+ dependencies:
+ - condition: redis.enabled
+ name: redis
+ repository: file://./charts/redis
+ version: 17.x.x
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 12.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Airflow is a tool to express and execute workflows as directed
+ acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task
+ progress and handle task dependencies.
+ digest: fea9abc08eb93b94f571aa3408ab907a088fefb48a16103358940f3ecc47e729
+ home: https://github.com/bitnami/charts/tree/main/bitnami/airflow
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg
+ keywords:
+ - apache
+ - airflow
+ - workflow
+ - dag
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: airflow
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/airflow
+ - https://airflow.apache.org/
+ urls:
+ - assets/bitnami/airflow-14.0.16.tgz
+ version: 14.0.16
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Airflow
@@ -781,6 +826,42 @@ entries:
- assets/ambassador/ambassador-6.7.1100.tgz
version: 6.7.1100
argo-cd:
+ - annotations:
+ artifacthub.io/changes: |
+ - kind: changed
+ description: Upgrade Argo CD to v2.6.6
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Argo CD
+ catalog.cattle.io/kube-version: '>=1.22.0-0'
+ catalog.cattle.io/release-name: argo-cd
+ apiVersion: v2
+ appVersion: v2.6.6
+ created: "2023-03-21T16:28:39.787735896Z"
+ dependencies:
+ - condition: redis-ha.enabled
+ name: redis-ha
+ repository: file://./charts/redis-ha
+ version: 4.22.4
+ description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery
+ tool for Kubernetes.
+ digest: 524cd8102ec2c0a35fc39762004cab29fa3880ea341a1745c08c9cb46192f843
+ home: https://github.com/argoproj/argo-helm
+ icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
+ keywords:
+ - argoproj
+ - argocd
+ - gitops
+ kubeVersion: '>=1.22.0-0'
+ maintainers:
+ - name: argoproj
+ url: https://argoproj.github.io/
+ name: argo-cd
+ sources:
+ - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
+ - https://github.com/argoproj/argo-cd
+ urls:
+ - assets/argo/argo-cd-5.27.1.tgz
+ version: 5.27.1
- annotations:
artifacthub.io/changes: |
- kind: added
@@ -2141,6 +2222,39 @@ entries:
- assets/argo/argo-cd-5.8.0.tgz
version: 5.8.0
artifactory-ha:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: JFrog Artifactory HA
+ catalog.cattle.io/kube-version: '>= 1.14.0-0'
+ catalog.cattle.io/release-name: artifactory-ha
+ apiVersion: v2
+ appVersion: 7.55.8
+ created: "2023-03-21T16:28:43.208482341Z"
+ dependencies:
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: file://./charts/postgresql
+ version: 10.3.18
+ description: Universal Repository Manager supporting all major packaging formats,
+ build tools and CI servers.
+ digest: f50b0a123fee8b4c2ef82cda4f8a17f3b5ce0763e8ab71823dde9789e043f7e5
+ home: https://www.jfrog.com/artifactory/
+ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png
+ keywords:
+ - artifactory
+ - jfrog
+ - devops
+ kubeVersion: '>= 1.14.0-0'
+ maintainers:
+ - email: installers@jfrog.com
+ name: Chart Maintainers at JFrog
+ name: artifactory-ha
+ sources:
+ - https://github.com/jfrog/charts
+ type: application
+ urls:
+ - assets/jfrog/artifactory-ha-107.55.8.tgz
+ version: 107.55.8
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Artifactory HA
@@ -2795,6 +2909,40 @@ entries:
- assets/jfrog/artifactory-ha-3.0.1400.tgz
version: 3.0.1400
artifactory-jcr:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: JFrog Container Registry
+ catalog.cattle.io/kube-version: '>= 1.14.0-0'
+ catalog.cattle.io/release-name: artifactory-jcr
+ apiVersion: v2
+ appVersion: 7.55.8
+ created: "2023-03-21T16:28:43.428676953Z"
+ dependencies:
+ - name: artifactory
+ repository: file://./charts/artifactory
+ version: 107.55.8
+ description: JFrog Container Registry
+ digest: 0f734ff0002f5ab04e5904c255a4817af3db2a610292615319a06f3c81cd4257
+ home: https://jfrog.com/container-registry/
+ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
+ keywords:
+ - artifactory
+ - jfrog
+ - container
+ - registry
+ - devops
+ - jfrog-container-registry
+ kubeVersion: '>= 1.14.0-0'
+ maintainers:
+ - email: helm@jfrog.com
+ name: Chart Maintainers at JFrog
+ name: artifactory-jcr
+ sources:
+ - https://github.com/jfrog/charts
+ type: application
+ urls:
+ - assets/jfrog/artifactory-jcr-107.55.8.tgz
+ version: 107.55.8
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: JFrog Container Registry
@@ -5197,6 +5345,22 @@ entries:
- assets/cert-manager/cert-manager-1.10.0.tgz
version: 1.10.0
cf-runtime:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Codefresh
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: cf-runtime
+ apiVersion: v2
+ appVersion: 1.9.12
+ created: "2023-03-21T16:28:41.526667283Z"
+ description: A Helm chart for Codefresh Runner
+ digest: eb7fe39b64b75b3365eb20348e33203358260d5878a6299dc98ce75a4b4ce6a1
+ icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
+ name: cf-runtime
+ type: application
+ urls:
+ - assets/codefresh/cf-runtime-1.9.12.tgz
+ version: 1.9.12
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
@@ -5550,6 +5714,31 @@ entries:
- assets/citrix/citrix-cpx-istio-sidecar-injector-1.11.0.tgz
version: 1.11.0
citrix-cpx-with-ingress-controller:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller
+ catalog.cattle.io/kube-version: '>=v1.16.0-0'
+ catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller
+ apiVersion: v2
+ appVersion: 1.30.1
+ created: "2023-03-21T16:28:41.471190884Z"
+ description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running
+ as sidecar.
+ digest: 308454271cadf829f623f1f77d65d045fa7368b50841d8b837aef608b67325db
+ home: https://www.cloud.com
+ icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
+ kubeVersion: '>=v1.16.0-0'
+ maintainers:
+ - email: priyanka.sharma@cloud.com
+ name: priyankash-citrix
+ - email: subash.dangol@cloud.com
+ name: subashd
+ name: citrix-cpx-with-ingress-controller
+ sources:
+ - https://github.com/citrix/citrix-k8s-ingress-controller
+ urls:
+ - assets/citrix/citrix-cpx-with-ingress-controller-1.30.1.tgz
+ version: 1.30.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller
@@ -5648,6 +5837,30 @@ entries:
- assets/citrix/citrix-cpx-with-ingress-controller-1.8.2800.tgz
version: 1.8.2800
citrix-ingress-controller:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Citrix Ingress Controller
+ catalog.cattle.io/kube-version: '>=v1.16.0-0'
+ catalog.cattle.io/release-name: citrix-ingress-controller
+ apiVersion: v2
+ appVersion: 1.30.1
+ created: "2023-03-21T16:28:41.480551583Z"
+ description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX.
+ digest: 237c89c729a9d25e43564e02aabece169795beff9d44c03efba7c06da9aa79a5
+ home: https://www.cloud.com
+ icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png
+ kubeVersion: '>=v1.16.0-0'
+ maintainers:
+ - email: priyanka.sharma@cloud.com
+ name: priyankash-citrix
+ - email: subash.dangol@cloud.com
+ name: subashd
+ name: citrix-ingress-controller
+ sources:
+ - https://github.com/citrix/citrix-k8s-ingress-controller
+ urls:
+ - assets/citrix/citrix-ingress-controller-1.30.1.tgz
+ version: 1.30.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Citrix Ingress Controller
@@ -6677,8 +6890,8 @@ entries:
catalog.cattle.io/featured: "2"
catalog.cattle.io/release-name: cost-analyzer
apiVersion: v2
- appVersion: 1.101.2
- created: "2023-03-14T21:07:53.575401283Z"
+ appVersion: 1.101.3
+ created: "2023-03-21T16:28:51.351709029Z"
dependencies:
- condition: global.grafana.enabled
name: grafana
@@ -6694,7 +6907,38 @@ entries:
version: ~0.29.0
description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor
cloud costs.
- digest: d3d6fc291cb802551938b9acdf3e94d51d8955481d23010ab3246b72cbad6d22
+ digest: 3a5f0fc78f1956221b7ded022437a557e7a4fb8c0a987fd50a0fa2255ac2fd95
+ icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
+ name: cost-analyzer
+ urls:
+ - assets/kubecost/cost-analyzer-1.101.3.tgz
+ version: 1.101.3
+ - annotations:
+ artifacthub.io/links: |
+ - name: Homepage
+ url: https://www.kubecost.com
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Kubecost
+ catalog.cattle.io/release-name: cost-analyzer
+ apiVersion: v2
+ appVersion: 1.101.2
+ created: "2023-03-21T16:28:43.93697894Z"
+ dependencies:
+ - condition: global.grafana.enabled
+ name: grafana
+ repository: file://./charts/grafana
+ version: ~1.17.2
+ - condition: global.prometheus.enabled
+ name: prometheus
+ repository: file://./charts/prometheus
+ version: ~11.0.2
+ - condition: global.thanos.enabled
+ name: thanos
+ repository: file://./charts/thanos
+ version: ~0.29.0
+ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor
+ cloud costs.
+ digest: 8814875a588335ffe38cc7d246a0dc1a27da14d237b4cdf53bd30bede397657e
icon: https://partner-charts.rancher.io/assets/logos/kubecost.png
name: cost-analyzer
urls:
@@ -6951,6 +7195,28 @@ entries:
- assets/kubecost/cost-analyzer-1.70.000.tgz
version: 1.70.000
crate-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: CrateDB Operator
+ catalog.cattle.io/release-name: crate-operator
+ apiVersion: v2
+ appVersion: 2.24.0
+ created: "2023-03-21T16:28:41.56935172Z"
+ dependencies:
+ - condition: crate-operator-crds.enabled
+ name: crate-operator-crds
+ repository: file://./charts/crate-operator-crds
+ version: 2.24.0
+ description: Crate Operator - Helm chart for installing and upgrading Crate Operator.
+ digest: c75c55efd3961c77be58ccd71743c6fc2b5c182b4e2bb97180c00aa4d166f129
+ icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg
+ maintainers:
+ - name: Crate.io
+ name: crate-operator
+ type: application
+ urls:
+ - assets/crate/crate-operator-2.24.0.tgz
+ version: 2.24.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: CrateDB Operator
@@ -7394,6 +7660,43 @@ entries:
- assets/weka/csi-wekafsplugin-0.6.400.tgz
version: 0.6.400
datadog:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Datadog
+ catalog.cattle.io/kube-version: '>=1.10-0'
+ catalog.cattle.io/release-name: datadog
+ apiVersion: v1
+ appVersion: "7"
+ created: "2023-03-21T16:28:41.697408531Z"
+ dependencies:
+ - condition: clusterAgent.metricsProvider.useDatadogMetrics
+ name: datadog-crds
+ repository: https://helm.datadoghq.com
+ tags:
+ - install-crds
+ version: 0.4.7
+ - condition: datadog.kubeStateMetricsEnabled
+ name: kube-state-metrics
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 2.13.2
+ description: Datadog Agent
+ digest: 970a9e2de6b89bd0ac0591e997c0c27f5f2747a727c4cc93d2a0c7cc7fb46fb7
+ home: https://www.datadoghq.com
+ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png
+ keywords:
+ - monitoring
+ - alerting
+ - metric
+ maintainers:
+ - email: support@datadoghq.com
+ name: Datadog
+ name: datadog
+ sources:
+ - https://app.datadoghq.com/account/settings#agent/kubernetes
+ - https://github.com/DataDog/datadog-agent
+ urls:
+ - assets/datadog/datadog-3.20.3.tgz
+ version: 3.20.3
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Datadog
@@ -8990,6 +9293,30 @@ entries:
- assets/elastic/elasticsearch-7.17.3.tgz
version: 7.17.3
external-secrets:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: External Secrets Operator
+ catalog.cattle.io/kube-version: '>= 1.19.0-0'
+ catalog.cattle.io/release-name: external-secrets
+ apiVersion: v2
+ appVersion: v0.8.1
+ created: "2023-03-21T16:28:41.90675046Z"
+ description: External secret management for Kubernetes
+ digest: 42f8bc8294a9d797f46561fb02f1e6257ac01af147ac3e0bbaec1443cacb0fb7
+ home: https://github.com/external-secrets/external-secrets
+ icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png
+ keywords:
+ - kubernetes-external-secrets
+ - secrets
+ kubeVersion: '>= 1.19.0-0'
+ maintainers:
+ - email: kellinmcavoy@gmail.com
+ name: mcavoyk
+ name: external-secrets
+ type: application
+ urls:
+ - assets/external-secrets/external-secrets-0.8.1.tgz
+ version: 0.8.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: External Secrets Operator
@@ -11046,6 +11373,112 @@ entries:
- assets/gitlab/gitlab-6.5.1.tgz
version: 6.5.1
gluu:
+ - annotations:
+ artifacthub.io/changes: |
+ - Chart 5.0.14 official release
+ artifacthub.io/containsSecurityUpdates: "true"
+ artifacthub.io/images: |
+ - name: auth-server
+ image: janssenproject/auth-server:1.0.10-1
+ - name: auth-server-key-rotation
+ image: janssenproject/certmanager:1.0.10-1
+ - name: configuration-manager
+ image: janssenproject/configurator:1.0.10-1
+ - name: config-api
+ image: janssenproject/config-api:1.0.10-1
+ - name: fido2
+ image: janssenproject/fido2:1.0.10-1
+ - name: opendj
+ image: gluufederation/opendj:5.0.0_dev
+ - name: persistence
+ image: janssenproject/persistence-loader:1.0.10-1
+ - name: scim
+ image: janssenproject/scim:1.0.10-1
+ - name: casa
+ image: gluufederation/casa:5.0.0_dev
+ - name: admin-ui
+ image: gluufederation/admin-ui:1.0.10-1
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/prerelease: "true"
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management
+ catalog.cattle.io/kube-version: '>=v1.21.0-0'
+ catalog.cattle.io/release-name: gluu
+ apiVersion: v2
+ appVersion: 5.0.0
+ created: "2023-03-21T16:28:42.746933447Z"
+ dependencies:
+ - condition: global.config.enabled
+ name: config
+ repository: file://./charts/config
+ version: 5.0.14
+ - condition: global.config-api.enabled
+ name: config-api
+ repository: file://./charts/config-api
+ version: 5.0.14
+ - condition: global.opendj.enabled
+ name: opendj
+ repository: file://./charts/opendj
+ version: 5.0.14
+ - condition: global.auth-server.enabled
+ name: auth-server
+ repository: file://./charts/auth-server
+ version: 5.0.14
+ - condition: global.admin-ui.enabled
+ name: admin-ui
+ repository: file://./charts/admin-ui
+ version: 5.0.14
+ - condition: global.fido2.enabled
+ name: fido2
+ repository: file://./charts/fido2
+ version: 5.0.14
+ - condition: global.scim.enabled
+ name: scim
+ repository: file://./charts/scim
+ version: 5.0.14
+ - condition: global.nginx-ingress.enabled
+ name: nginx-ingress
+ repository: file://./charts/nginx-ingress
+ version: 5.0.14
+ - condition: global.oxshibboleth.enabled
+ name: oxshibboleth
+ repository: file://./charts/oxshibboleth
+ version: 5.0.14
+ - condition: global.oxpassport.enabled
+ name: oxpassport
+ repository: file://./charts/oxpassport
+ version: 5.0.14
+ - condition: global.casa.enabled
+ name: casa
+ repository: file://./charts/casa
+ version: 5.0.14
+ - condition: global.auth-server-key-rotation.enabled
+ name: auth-server-key-rotation
+ repository: file://./charts/auth-server-key-rotation
+ version: 5.0.14
+ - condition: global.persistence.enabled
+ name: persistence
+ repository: file://./charts/persistence
+ version: 5.0.14
+ - condition: global.istio.ingress
+ name: cn-istio-ingress
+ repository: file://./charts/cn-istio-ingress
+ version: 5.0.14
+ description: Gluu Access and Identity Management
+ digest: ccb675378d482060ea69ca11f5625f0b64158158c1afbce1df97dbf3136cf3da
+ home: https://www.gluu.org
+ icon: https://gluu.org/docs/gluu-server/favicon.ico
+ kubeVersion: '>=v1.21.0-0'
+ maintainers:
+ - email: support@gluu.org
+ name: moabu
+ name: gluu
+ sources:
+ - https://gluu.org/docs/gluu-server
+ - https://github.com/GluuFederation/flex/flex-cn-setup
+ urls:
+ - assets/gluu/gluu-5.0.14.tgz
+ version: 5.0.14
- annotations:
artifacthub.io/changes: |
- Chart 5.0.12 official release
@@ -12840,6 +13273,54 @@ entries:
- assets/jaeger/jaeger-operator-2.36.0.tgz
version: 2.36.0
jenkins:
+ - annotations:
+ artifacthub.io/images: |
+ - name: jenkins
+ image: jenkins/jenkins:2.387.1-jdk11
+ - name: k8s-sidecar
+ image: kiwigrid/k8s-sidecar:1.15.0
+ - name: inbound-agent
+ image: jenkins/inbound-agent:4.11.2-4
+ - name: backup
+ image: maorfr/kube-tasks:0.2.0
+ artifacthub.io/links: |
+ - name: Chart Source
+ url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins
+ - name: Jenkins
+ url: https://www.jenkins.io/
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Jenkins
+ catalog.cattle.io/kube-version: '>=1.14-0'
+ catalog.cattle.io/release-name: jenkins
+ apiVersion: v2
+ appVersion: 2.387.1
+ created: "2023-03-21T16:28:43.028201397Z"
+ description: Jenkins - Build great things at any scale! The leading open source
+ automation server, Jenkins provides hundreds of plugins to support building,
+ deploying and automating any project.
+ digest: 237694a7357a222520edf0757fcaae6557cf8acbb61d09170a20617eaaa3f7b3
+ home: https://jenkins.io/
+ icon: https://get.jenkins.io/art/jenkins-logo/logo.svg
+ maintainers:
+ - email: maor.friedman@redhat.com
+ name: maorfr
+ - email: mail@torstenwalter.de
+ name: torstenwalter
+ - email: garridomota@gmail.com
+ name: mogaal
+ - email: wmcdona89@gmail.com
+ name: wmcdona89
+ - email: timjacomb1@gmail.com
+ name: timja
+ name: jenkins
+ sources:
+ - https://github.com/jenkinsci/jenkins
+ - https://github.com/jenkinsci/docker-inbound-agent
+ - https://github.com/maorfr/kube-tasks
+ - https://github.com/jenkinsci/configuration-as-code-plugin
+ urls:
+ - assets/jenkins/jenkins-4.3.9.tgz
+ version: 4.3.9
- annotations:
artifacthub.io/images: |
- name: jenkins
@@ -16657,6 +17138,41 @@ entries:
- assets/linkerd/linkerd2-2.11.0.tgz
version: 2.11.0
loft:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Loft
+ catalog.cattle.io/kube-version: '>=1.22-0'
+ catalog.cattle.io/release-name: loft
+ apiVersion: v2
+ created: "2023-03-21T16:28:51.448080595Z"
+ description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual
+ Clusters
+ digest: da2b5ec0d2db51f454bd03fb2e4d5cd392f8a4d0426c9a1e4a5e0f978aacb646
+ home: https://loft.sh
+ icon: https://static.loft.sh/loft/logo/loft-logo.svg
+ keywords:
+ - developer
+ - development
+ - sharing
+ - share
+ - multi-tenancy
+ - tenancy
+ - cluster
+ - space
+ - namespace
+ - vcluster
+ - vclusters
+ maintainers:
+ - email: info@loft.sh
+ name: Loft Labs, Inc.
+ url: https://twitter.com/loft_sh
+ name: loft
+ sources:
+ - https://github.com/loft-sh/loft
+ type: application
+ urls:
+ - assets/loft/loft-3.0.1.tgz
+ version: 3.0.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Loft
@@ -16841,6 +17357,45 @@ entries:
- assets/elastic/logstash-7.17.3.tgz
version: 7.17.3
mariadb:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: MariaDB
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: mariadb
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 10.6.12
+ created: "2023-03-21T16:28:40.705940784Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: MariaDB is an open source, community-developed SQL database server
+ that is widely in use around the world due to its enterprise features, flexibility,
+ and collaboration with leading tech firms.
+ digest: b4831a6447d12b02448c76e7f757a86db722a250817327965e16646e68d25734
+ home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb
+ icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png
+ keywords:
+ - mariadb
+ - mysql
+ - database
+ - sql
+ - prometheus
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: mariadb
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/mariadb
+ - https://github.com/prometheus/mysqld_exporter
+ - https://mariadb.org
+ urls:
+ - assets/bitnami/mariadb-11.5.4.tgz
+ version: 11.5.4
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: MariaDB
@@ -20608,6 +21163,45 @@ entries:
- assets/portworx/portworx-essentials-2.9.100.tgz
version: 2.9.100
postgresql:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: PostgreSQL
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: postgresql
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 15.2.0
+ created: "2023-03-21T16:28:40.838866642Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: PostgreSQL (Postgres) is an open source object-relational database
+ known for reliability and data integrity. ACID-compliant, it supports foreign
+ keys, joins, views, triggers and stored procedures.
+ digest: 48a37a71824176be369e580cf81f694788e2e69e9236f5b53d26824a5f598ea2
+ home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
+ icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg
+ keywords:
+ - postgresql
+ - postgres
+ - database
+ - sql
+ - replication
+ - cluster
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: postgresql
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/postgresql
+ - https://www.postgresql.org/
+ urls:
+ - assets/bitnami/postgresql-12.2.5.tgz
+ version: 12.2.5
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: PostgreSQL
@@ -21406,6 +22000,29 @@ entries:
- assets/percona/psmdb-db-1.13.0.tgz
version: 1.13.0
psmdb-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Percona Operator for MongoDB
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: psmdb-operator
+ apiVersion: v2
+ appVersion: 1.14.0
+ created: "2023-03-21T16:28:51.770963667Z"
+ description: A Helm chart for deploying the Percona Operator for MongoDB
+ digest: 525ab299d8efc4a9c16e3ceff73d2958f87ee7cfcdabc3c521864902a4aef4a9
+ home: https://docs.percona.com/percona-operator-for-mongodb/
+ icon: https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/operator.png
+ maintainers:
+ - email: ivan.pylypenko@percona.com
+ name: cap1984
+ - email: tomislav.plavcic@percona.com
+ name: tplavcic
+ - email: sergey.pronin@percona.com
+ name: spron-in
+ name: psmdb-operator
+ urls:
+ - assets/percona/psmdb-operator-1.14.1.tgz
+ version: 1.14.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Percona Operator for MongoDB
@@ -21650,6 +22267,41 @@ entries:
- assets/quobyte/quobyte-cluster-0.1.5.tgz
version: 0.1.5
redis:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Redis
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: redis
+ category: Database
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 7.0.10
+ created: "2023-03-21T16:28:40.977211942Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Redis(R) is an open source, advanced key-value store. It is often
+ referred to as a data structure server since keys can contain strings, hashes,
+ lists, sets and sorted sets.
+ digest: c11a3e4af57d7f07e6f42bae358ddc910f576cd912d6474675a625980cdc0123
+ home: https://github.com/bitnami/charts/tree/main/bitnami/redis
+ icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png
+ keywords:
+ - redis
+ - keyvalue
+ - database
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: redis
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/redis
+ urls:
+ - assets/bitnami/redis-17.8.7.tgz
+ version: 17.8.7
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Redis
@@ -22408,6 +23060,44 @@ entries:
- assets/bitnami/redis-17.3.7.tgz
version: 17.3.7
redpanda:
+ - annotations:
+ artifacthub.io/images: |
+ - name: redpanda
+ image: vectorized/redpanda:v23.1.1
+ - name: busybox
+ image: busybox:latest
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/links: |
+ - name: Documentation
+ url: https://docs.redpanda.com
+ - name: "Helm (>= 3.6.0)"
+ url: https://helm.sh/docs/intro/install/
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Redpanda
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: redpanda
+ apiVersion: v2
+ appVersion: v23.1.1
+ created: "2023-03-21T16:28:51.931292314Z"
+ dependencies:
+ - condition: console.enabled
+ name: console
+ repository: file://./charts/console
+ version: '>=0.5 <1.0'
+ description: Redpanda is the real-time engine for modern apps.
+ digest: 01e5e65c88d48756b073257b1f8b77b9081b0d16fcf0ae90bfc9910e73b14936
+ icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
+ kubeVersion: '>=1.21-0'
+ maintainers:
+ - name: redpanda-data
+ url: https://github.com/orgs/redpanda-data/people
+ name: redpanda
+ sources:
+ - https://github.com/redpanda-data/helm-charts
+ type: application
+ urls:
+ - assets/redpanda/redpanda-3.0.6.tgz
+ version: 3.0.6
- annotations:
artifacthub.io/images: |
- name: redpanda
@@ -24172,6 +24862,41 @@ entries:
- assets/shipa/shipa-1.4.0.tgz
version: 1.4.0
spark:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Spark
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: spark
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.3.2
+ created: "2023-03-21T16:28:41.021093066Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Spark is a high-performance engine for large-scale computing
+ tasks, such as data processing, machine learning and real-time data streaming.
+ It includes APIs for Java, Python, Scala and R.
+ digest: 4e28283da69cc8ea910d62ffae6a00813e4da4c0e5fc63c95bc1735f94fdb51b
+ home: https://github.com/bitnami/charts/tree/main/bitnami/spark
+ icon: https://www.apache.org/logos/res/spark/default.png
+ keywords:
+ - apache
+ - spark
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: spark
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/spark
+ - https://spark.apache.org/
+ urls:
+ - assets/bitnami/spark-6.4.1.tgz
+ version: 6.4.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Spark
@@ -26060,6 +26785,45 @@ entries:
- assets/intel/tcs-issuer-0.1.0.tgz
version: 0.1.0
tomcat:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Tomcat
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: tomcat
+ category: ApplicationServer
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 10.1.7
+ created: "2023-03-21T16:28:41.054160407Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache Tomcat is an open-source web server designed to host and run
+ Java-based web applications. It is a lightweight server with a good performance
+ for applications running in production environments.
+ digest: 6222f9a243bf92da1369fb4e987927d4da4217454ad047a17dac9120429c52ca
+ home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg
+ keywords:
+ - tomcat
+ - java
+ - http
+ - web
+ - application server
+ - jsp
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: tomcat
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/tomcat
+ - http://tomcat.apache.org
+ urls:
+ - assets/bitnami/tomcat-10.5.20.tgz
+ version: 10.5.20
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Tomcat
@@ -27903,6 +28667,54 @@ entries:
- assets/hashicorp/vault-0.22.0.tgz
version: 0.22.0
wordpress:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: WordPress
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: wordpress
+ category: CMS
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 6.1.1
+ created: "2023-03-21T16:28:41.365411232Z"
+ dependencies:
+ - condition: memcached.enabled
+ name: memcached
+ repository: file://./charts/memcached
+ version: 6.x.x
+ - condition: mariadb.enabled
+ name: mariadb
+ repository: file://./charts/mariadb
+ version: 11.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: WordPress is the world's most popular blogging and content management
+ platform. Powerful yet simple, everyone from students to global corporations
+ use it to build beautiful, functional websites.
+ digest: 371df704ca788435f5a2a79b6ea6f27fc04dab722b1632811dcdb8ec8d816607
+ home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress
+ icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png
+ keywords:
+ - application
+ - blog
+ - cms
+ - http
+ - php
+ - web
+ - wordpress
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: wordpress
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/wordpress
+ - https://wordpress.org/
+ urls:
+ - assets/bitnami/wordpress-15.2.56.tgz
+ version: 15.2.56
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: WordPress
@@ -29665,6 +30477,39 @@ entries:
- assets/netfoundry/ziti-host-1.5.1.tgz
version: 1.5.1
zookeeper:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Zookeeper
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: zookeeper
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.8.1
+ created: "2023-03-21T16:28:41.435202475Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache ZooKeeper provides a reliable, centralized register of configuration
+ data and services for distributed applications.
+ digest: 792b573661057e52b7dc9cd03afd7869d6a0417d3e0f61f7b7f9df1bfc178cf4
+ home: https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg
+ keywords:
+ - zookeeper
+ maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+ name: zookeeper
+ sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
+ - https://zookeeper.apache.org/
+ urls:
+ - assets/bitnami/zookeeper-11.1.5.tgz
+ version: 11.1.5
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Zookeeper