Merge pull request #871 from nflondo/main-source

Charts CI
pull/873/head
alex-isv 2023-08-30 13:44:54 -06:00 committed by GitHub
commit dc731a8a3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
151 changed files with 1301 additions and 2410 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
assets/kuma/kuma-2.4.0.tgz Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,9 +1,9 @@
dependencies: dependencies:
- name: zookeeper - name: zookeeper
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 12.1.0 version: 12.1.1
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.9.0 version: 2.9.1
digest: sha256:a54db8d2946ff889eaa08317cdc9eccbfe55722b08c147ee0799925cd1b43c93 digest: sha256:d80576ab604d6ae40689f985ffff711a95525fd2e04df86f7524300fb5c7b6de
generated: "2023-08-23T10:11:09.64327+02:00" generated: "2023-08-30T12:23:35.3141937Z"

View File

@ -6,15 +6,15 @@ annotations:
category: Infrastructure category: Infrastructure
images: | images: |
- name: jmx-exporter - name: jmx-exporter
image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r49 image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r57
- name: kafka-exporter - name: kafka-exporter
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r85 image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r93
- name: kafka - name: kafka
image: docker.io/bitnami/kafka:3.5.1-debian-11-r25 image: docker.io/bitnami/kafka:3.5.1-debian-11-r35
- name: kubectl - name: kubectl
image: docker.io/bitnami/kubectl:1.25.12-debian-11-r29 image: docker.io/bitnami/kubectl:1.25.13-debian-11-r5
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r43 image: docker.io/bitnami/os-shell:11-debian-11-r51
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 3.5.1 appVersion: 3.5.1
@ -45,4 +45,4 @@ maintainers:
name: kafka name: kafka
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka - https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 25.1.2 version: 25.1.4

View File

@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Kafka image registry | `docker.io` | | `image.registry` | Kafka image registry | `docker.io` |
| `image.repository` | Kafka image repository | `bitnami/kafka` | | `image.repository` | Kafka image repository | `bitnami/kafka` |
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r25` | | `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r35` |
| `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -365,73 +365,73 @@ The command removes all the Kubernetes components associated with the chart and
### Traffic Exposure parameters ### Traffic Exposure parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `service.type` | Kubernetes Service type | `ClusterIP` | | `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.client` | Kafka svc port for client connections | `9092` | | `service.ports.client` | Kafka svc port for client connections | `9092` |
| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` | | `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` |
| `service.ports.interbroker` | Kafka svc port for inter-broker connections | `9094` | | `service.ports.interbroker` | Kafka svc port for inter-broker connections | `9094` |
| `service.ports.external` | Kafka svc port for external connections | `9095` | | `service.ports.external` | Kafka svc port for external connections | `9095` |
| `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` | | `service.extraPorts` | Extra ports to expose in the Kafka service (normally used with the `sidecar` value) | `[]` |
| `service.nodePorts.client` | Node port for the Kafka client connections | `""` | | `service.nodePorts.client` | Node port for the Kafka client connections | `""` |
| `service.nodePorts.external` | Node port for the Kafka external connections | `""` | | `service.nodePorts.external` | Node port for the Kafka external connections | `""` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | | `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `service.clusterIP` | Kafka service Cluster IP | `""` | | `service.clusterIP` | Kafka service Cluster IP | `""` |
| `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` | | `service.loadBalancerIP` | Kafka service Load Balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` | | `service.loadBalancerSourceRanges` | Kafka service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` | | `service.externalTrafficPolicy` | Kafka service external traffic policy | `Cluster` |
| `service.annotations` | Additional custom annotations for Kafka service | `{}` | | `service.annotations` | Additional custom annotations for Kafka service | `{}` |
| `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` | | `service.headless.controller.annotations` | Annotations for the controller-eligible headless service. | `{}` |
| `service.headless.controller.labels` | Labels for the controller-eligible headless service. | `{}` | | `service.headless.controller.labels` | Labels for the controller-eligible headless service. | `{}` |
| `service.headless.broker.annotations` | Annotations for the broker-only headless service. | `{}` | | `service.headless.broker.annotations` | Annotations for the broker-only headless service. | `{}` |
| `service.headless.broker.labels` | Labels for the broker-only headless service. | `{}` | | `service.headless.broker.labels` | Labels for the broker-only headless service. | `{}` |
| `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` | | `externalAccess.enabled` | Enable Kubernetes external cluster access to Kafka brokers | `false` |
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | | `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` |
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | | `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | | `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` |
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.12-debian-11-r29` | | `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.13-debian-11-r5` |
| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | | `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
| `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` | | `externalAccess.autoDiscovery.resources.limits` | The resources limits for the auto-discovery init container | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` | | `externalAccess.autoDiscovery.resources.requests` | The requested resources for the auto-discovery init container | `{}` |
| `externalAccess.controller.forceExpose` | If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes | `false` | | `externalAccess.controller.forceExpose` | If set to true, force exposing controller-eligible nodes although they are configured as controller-only nodes | `false` |
| `externalAccess.controller.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | | `externalAccess.controller.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.controller.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | | `externalAccess.controller.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.controller.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | | `externalAccess.controller.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | | `externalAccess.controller.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | | `externalAccess.controller.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.controller.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | | `externalAccess.controller.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.controller.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | | `externalAccess.controller.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.controller.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | | `externalAccess.controller.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.controller.service.labels` | Service labels for external access | `{}` | | `externalAccess.controller.service.labels` | Service labels for external access | `{}` |
| `externalAccess.controller.service.annotations` | Service annotations for external access | `{}` | | `externalAccess.controller.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.controller.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | | `externalAccess.controller.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `externalAccess.broker.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` | | `externalAccess.broker.service.type` | Kubernetes Service type for external access. It can be NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.broker.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` | | `externalAccess.broker.service.ports.external` | Kafka port used for external access when service type is LoadBalancer | `9094` |
| `externalAccess.broker.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.loadBalancerIPs` | Array of load balancer IPs for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.loadBalancerNames` | Array of load balancer Names for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.loadBalancerAnnotations` | Array of load balancer annotations for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | | `externalAccess.broker.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.nodePorts` | Array of node ports used for each Kafka broker. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` | | `externalAccess.broker.service.externalIPs` | Use distinct service host IPs to configure Kafka external listener when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` | | `externalAccess.broker.service.useHostIPs` | Use service host IPs to configure Kafka external listener when service type is NodePort | `false` |
| `externalAccess.broker.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` | | `externalAccess.broker.service.usePodIPs` | using the MY_POD_IP address for external access. | `false` |
| `externalAccess.broker.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` | | `externalAccess.broker.service.domain` | Domain or external ip used to configure Kafka external listener when service type is NodePort or ClusterIP | `""` |
| `externalAccess.broker.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` | | `externalAccess.broker.service.publishNotReadyAddresses` | Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready | `false` |
| `externalAccess.broker.service.labels` | Service labels for external access | `{}` | | `externalAccess.broker.service.labels` | Service labels for external access | `{}` |
| `externalAccess.broker.service.annotations` | Service annotations for external access | `{}` | | `externalAccess.broker.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.broker.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` | | `externalAccess.broker.service.extraPorts` | Extra ports to expose in the Kafka external service | `[]` |
| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` | | `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | | `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | | `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
| `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` | | `networkPolicy.externalAccess.from` | customize the from section for External Access on tcp-external port | `[]` |
| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | | `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` |
### Volume Permissions parameters ### Volume Permissions parameters
@ -440,7 +440,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r43` | | `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r51` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -465,7 +465,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` |
| `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` |
| `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` |
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r85` | | `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r93` |
| `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` |
| `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -519,7 +519,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.kafkaJmxPort` | JMX port where the exporter will collect metrics, exposed in the Kafka container. | `5555` | | `metrics.jmx.kafkaJmxPort` | JMX port where the exporter will collect metrics, exposed in the Kafka container. | `5555` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r49` | | `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r57` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -1087,6 +1087,10 @@ This guide is an adaptation from upstream documentation: [Migrate from ZooKeeper
## Upgrading ## Upgrading
### To 25.0.0
This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200).
### To 24.0.0 ### To 24.0.0
This major version is a refactor of the Kafka chart and its architecture, to better adapt to Kraft features introduced in version 22.0.0. This major version is a refactor of the Kafka chart and its architecture, to better adapt to Kraft features introduced in version 22.0.0.
@ -1209,10 +1213,6 @@ kubectl apply -f $NEW_PVC_MANIFEST_FILE
Repeat this process for each replica you had in your Kafka cluster. Once completed, upgrade the cluster and the new Statefulset should reuse the existing PVCs. Repeat this process for each replica you had in your Kafka cluster. Once completed, upgrade the cluster and the new Statefulset should reuse the existing PVCs.
### To 25.0.0
This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200).
### To 23.0.0 ### To 23.0.0
This major updates Kafka to its newest version, 3.5.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/35/documentation.html#upgrade). This major updates Kafka to its newest version, 3.5.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/35/documentation.html#upgrade).
@ -1424,4 +1424,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.

View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.9.0 appVersion: 2.9.1
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.9.0 version: 2.9.1

View File

@ -60,12 +60,13 @@ Return a topologyKey definition
{{/* {{/*
Return a soft podAffinity/podAntiAffinity definition Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} {{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}} */}}
{{- define "common.affinities.pods.soft" -}} {{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}} {{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}} {{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm: - podAffinityTerm:
labelSelector: labelSelector:
@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution:
{{- end }} {{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1 weight: 1
{{- range $extraPodAffinityTerms }}
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: {{ .weight | default 1 -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return a hard podAffinity/podAntiAffinity definition Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} {{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}} */}}
{{- define "common.affinities.pods.hard" -}} {{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}} {{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}} {{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector: - labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution:
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
{{- end }} {{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- range $extraPodAffinityTerms }}
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*

View File

@ -26,4 +26,4 @@ maintainers:
name: zookeeper name: zookeeper
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
version: 12.1.0 version: 12.1.1

View File

@ -423,6 +423,10 @@ Find more information about how to deal with common errors related to Bitnami's
## Upgrading ## Upgrading
### To 12.0.0
This new version of the chart includes the new ZooKeeper major version 3.9.x. For more information, please refer to [Zookeeper 3.9.0 Release Notes](https://zookeeper.apache.org/doc/r3.9.0/releasenotes.html)
### To 11.0.0 ### To 11.0.0
This major version removes `commonAnnotations` and `commonLabels` from `volumeClaimTemplates`. Now annotations and labels can be set in volume claims using `persistence.annotations` and `persistence.labels` values. If the previous deployment has already set `commonAnnotations` and/or `commonLabels` values, to ensure a clean upgrade from previous version without loosing data, please set `persistence.annotations` and/or `persistence.labels` values with the same content as the common values. This major version removes `commonAnnotations` and `commonLabels` from `volumeClaimTemplates`. Now annotations and labels can be set in volume claims using `persistence.annotations` and `persistence.labels` values. If the previous deployment has already set `commonAnnotations` and/or `commonLabels` values, to ensure a clean upgrade from previous version without loosing data, please set `persistence.annotations` and/or `persistence.labels` values with the same content as the common values.

View File

@ -61,8 +61,8 @@ spec:
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.broker.affinity "context" $) | nindent 8 }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.broker.affinity "context" $) | nindent 8 }}
{{- else }} {{- else }}
affinity: affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }} podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.broker.nodeAffinityPreset.type "key" .Values.broker.nodeAffinityPreset.key "values" .Values.broker.nodeAffinityPreset.values) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.broker.nodeAffinityPreset.type "key" .Values.broker.nodeAffinityPreset.key "values" .Values.broker.nodeAffinityPreset.values) | nindent 10 }}
{{- end }} {{- end }}
{{- if .Values.broker.nodeSelector }} {{- if .Values.broker.nodeSelector }}

View File

@ -61,8 +61,8 @@ spec:
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }}
{{- else }} {{- else }}
affinity: affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }} podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }}
{{- end }} {{- end }}
{{- if .Values.controller.nodeSelector }} {{- if .Values.controller.nodeSelector }}

View File

@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
{{- $releaseNamespace := include "common.names.namespace" . -}} {{- $releaseNamespace := include "common.names.namespace" . -}}
{{- $clusterDomain := .Values.clusterDomain -}} {{- $clusterDomain := .Values.clusterDomain -}}
{{- $fullname := include "common.names.fullname" . -}} {{- $fullname := include "common.names.fullname" . -}}
{{- $servicePort := int .Values.service.ports.client -}} {{- $containerPort := int .Values.listeners.client.containerPort -}}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment kind: Deployment
metadata: metadata:
@ -40,8 +40,8 @@ spec:
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.affinity "context" $) | nindent 8 }} affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.affinity "context" $) | nindent 8 }}
{{- else }} {{- else }}
affinity: affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "metrics" "customLabels" $podLabels "context" $) | nindent 10 }} podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "cluster-metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "metrics" "customLabels" $podLabels "context" $) | nindent 10 }} podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "cluster-metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.kafka.nodeAffinityPreset.type "key" .Values.metrics.kafka.nodeAffinityPreset.key "values" .Values.metrics.kafka.nodeAffinityPreset.values) | nindent 10 }} nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.kafka.nodeAffinityPreset.type "key" .Values.metrics.kafka.nodeAffinityPreset.key "values" .Values.metrics.kafka.nodeAffinityPreset.values) | nindent 10 }}
{{- end }} {{- end }}
{{- if .Values.metrics.kafka.nodeSelector }} {{- if .Values.metrics.kafka.nodeSelector }}
@ -92,10 +92,10 @@ spec:
- | - |
kafka_exporter \ kafka_exporter \
{{- range $i := until (int .Values.controller.replicaCount) }} {{- range $i := until (int .Values.controller.replicaCount) }}
--kafka.server={{ $fullname }}-controller-{{ $i }}.{{ $fullname }}-controller-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }} \ --kafka.server={{ $fullname }}-controller-{{ $i }}.{{ $fullname }}-controller-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $containerPort }} \
{{- end }} {{- end }}
{{- range $i := until (int .Values.broker.replicaCount) }} {{- range $i := until (int .Values.broker.replicaCount) }}
--kafka.server={{ $fullname }}-broker-{{ $i }}.{{ $fullname }}-broker-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }} \ --kafka.server={{ $fullname }}-broker-{{ $i }}.{{ $fullname }}-broker-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $containerPort }} \
{{- end }} {{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }} {{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }}
--sasl.enabled \ --sasl.enabled \

View File

@ -80,7 +80,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/kafka repository: bitnami/kafka
tag: 3.5.1-debian-11-r25 tag: 3.5.1-debian-11-r35
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1254,7 +1254,7 @@ externalAccess:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/kubectl repository: bitnami/kubectl
tag: 1.25.12-debian-11-r29 tag: 1.25.13-debian-11-r5
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1504,7 +1504,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r43 tag: 11-debian-11-r51
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -1586,7 +1586,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/kafka-exporter repository: bitnami/kafka-exporter
tag: 1.7.0-debian-11-r85 tag: 1.7.0-debian-11-r93
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1840,7 +1840,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/jmx-exporter repository: bitnami/jmx-exporter
tag: 0.19.0-debian-11-r49 tag: 0.19.0-debian-11-r57
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

View File

@ -4,9 +4,9 @@ dependencies:
version: 6.6.0 version: 6.6.0
- name: mariadb - name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 13.1.0 version: 13.1.2
- name: common - name: common
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 2.9.0 version: 2.9.1
digest: sha256:19433d22b87927464569967e128b716709f4b8e8c99e59c5b6d00b6c61ed98f4 digest: sha256:5df6e862af69422cc6e287bf9dd560b3a1e56d3b49b4bc81132b0db10903cd80
generated: "2023-08-23T12:48:27.768104+02:00" generated: "2023-08-30T09:41:25.351778314Z"

View File

@ -6,14 +6,14 @@ annotations:
category: CMS category: CMS
images: | images: |
- name: apache-exporter - name: apache-exporter
image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r23 image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r29
- name: os-shell - name: os-shell
image: docker.io/bitnami/os-shell:11-debian-11-r45 image: docker.io/bitnami/os-shell:11-debian-11-r51
- name: wordpress - name: wordpress
image: docker.io/bitnami/wordpress:6.3.0-debian-11-r13 image: docker.io/bitnami/wordpress:6.3.1-debian-11-r0
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 6.3.0 appVersion: 6.3.1
dependencies: dependencies:
- condition: memcached.enabled - condition: memcached.enabled
name: memcached name: memcached
@ -47,4 +47,4 @@ maintainers:
name: wordpress name: wordpress
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
version: 17.1.3 version: 17.1.4

View File

@ -78,15 +78,15 @@ The command removes all the Kubernetes components associated with the chart and
### WordPress Image parameters ### WordPress Image parameters
| Name | Description | Value | | Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | WordPress image registry | `docker.io` | | `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` | | `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.0-debian-11-r13` | | `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.1-debian-11-r0` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` | | `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` | | `image.debug` | Specify if debug values should be set | `false` |
### WordPress Configuration parameters ### WordPress Configuration parameters
@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` |
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` |
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r45` | | `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r51` |
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r23` | | `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r29` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |

View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure category: Infrastructure
licenses: Apache-2.0 licenses: Apache-2.0
apiVersion: v2 apiVersion: v2
appVersion: 2.9.0 appVersion: 2.9.1
description: A Library Helm Chart for grouping common logic between bitnami charts. description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself. This chart is not deployable by itself.
home: https://bitnami.com home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources: sources:
- https://github.com/bitnami/charts - https://github.com/bitnami/charts
type: library type: library
version: 2.9.0 version: 2.9.1

View File

@ -60,12 +60,13 @@ Return a topologyKey definition
{{/* {{/*
Return a soft podAffinity/podAntiAffinity definition Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} {{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}} */}}
{{- define "common.affinities.pods.soft" -}} {{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}} {{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}} {{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
preferredDuringSchedulingIgnoredDuringExecution: preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm: - podAffinityTerm:
labelSelector: labelSelector:
@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution:
{{- end }} {{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1 weight: 1
{{- range $extraPodAffinityTerms }}
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: {{ .weight | default 1 -}}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*
Return a hard podAffinity/podAntiAffinity definition Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} {{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}} */}}
{{- define "common.affinities.pods.hard" -}} {{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}} {{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}} {{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector: - labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution:
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
{{- end }} {{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- range $extraPodAffinityTerms }}
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{- end -}} {{- end -}}
{{/* {{/*

View File

@ -33,4 +33,4 @@ maintainers:
name: mariadb name: mariadb
sources: sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb - https://github.com/bitnami/charts/tree/main/bitnami/mariadb
version: 13.1.0 version: 13.1.2

View File

@ -27,7 +27,7 @@ spec:
externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }}
{{- end }} {{- end }}
{{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }}
{{ end }} {{ end }}
{{- if (and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP))) }} {{- if (and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }}

View File

@ -28,7 +28,7 @@ spec:
externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }} externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }}
{{- end }} {{- end }}
{{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }} {{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{ .Values.secondary.service.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }}
{{ end }} {{ end }}
{{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerIP)) }} {{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }} loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }}

View File

@ -76,7 +76,7 @@ diagnosticMode:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/wordpress repository: bitnami/wordpress
tag: 6.3.0-debian-11-r13 tag: 6.3.1-debian-11-r0
digest: "" digest: ""
## Specify a imagePullPolicy ## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -766,7 +766,7 @@ volumePermissions:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/os-shell repository: bitnami/os-shell
tag: 11-debian-11-r45 tag: 11-debian-11-r51
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
@ -860,7 +860,7 @@ metrics:
image: image:
registry: docker.io registry: docker.io
repository: bitnami/apache-exporter repository: bitnami/apache-exporter
tag: 1.0.1-debian-11-r23 tag: 1.0.1-debian-11-r29
digest: "" digest: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.

View File

@ -12,4 +12,4 @@ maintainers:
- email: robertb@fairwinds.com - email: robertb@fairwinds.com
name: rbren name: rbren
name: polaris name: polaris
version: 5.13.0 version: 5.14.0

View File

@ -79,6 +79,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
| webhook.validate | bool | `true` | Enables the Validating Webhook, to reject resources with issues | | webhook.validate | bool | `true` | Enables the Validating Webhook, to reject resources with issues |
| webhook.mutate | bool | `false` | Enables the Mutating Webhook, to modify resources with issues | | webhook.mutate | bool | `false` | Enables the Mutating Webhook, to modify resources with issues |
| webhook.replicas | int | `2` | Number of replicas | | webhook.replicas | int | `2` | Number of replicas |
| webhook.logLevel | string | `"info"` | Set the logging level for the Webhook command |
| webhook.nodeSelector | object | `{}` | Webhook pod nodeSelector | | webhook.nodeSelector | object | `{}` | Webhook pod nodeSelector |
| webhook.tolerations | list | `[]` | Webhook pod tolerations | | webhook.tolerations | list | `[]` | Webhook pod tolerations |
| webhook.affinity | object | `{}` | Webhook pods affinity | | webhook.affinity | object | `{}` | Webhook pods affinity |

View File

@ -52,6 +52,9 @@ spec:
{{- end }} {{- end }}
- --validate={{ .Values.webhook.validate }} - --validate={{ .Values.webhook.validate }}
- --mutate={{ .Values.webhook.mutate }} - --mutate={{ .Values.webhook.mutate }}
{{- if .Values.webhook.logLevel }}
- --log-level={{ .Values.webhook.logLevel }}
{{- end }}
image: '{{.Values.image.repository}}:{{.Values.image.tag | default .Chart.AppVersion }}' image: '{{.Values.image.repository}}:{{.Values.image.tag | default .Chart.AppVersion }}'
imagePullPolicy: '{{.Values.image.pullPolicy}}' imagePullPolicy: '{{.Values.image.pullPolicy}}'
ports: ports:

View File

@ -139,6 +139,8 @@ webhook:
mutate: false mutate: false
# webhook.replicas -- Number of replicas # webhook.replicas -- Number of replicas
replicas: 2 replicas: 2
# webhook.logLevel -- Set the logging level for the Webhook command
logLevel: info
# webhook.nodeSelector -- Webhook pod nodeSelector # webhook.nodeSelector -- Webhook pod nodeSelector
nodeSelector: {} nodeSelector: {}
# webhook.tolerations -- Webhook pod tolerations # webhook.tolerations -- Webhook pod tolerations

View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>=1.20-0' catalog.cattle.io/kube-version: '>=1.20-0'
catalog.cattle.io/release-name: harbor catalog.cattle.io/release-name: harbor
apiVersion: v1 apiVersion: v1
appVersion: 2.8.4 appVersion: 2.9.0
description: An open source trusted cloud native registry that stores, signs, and description: An open source trusted cloud native registry that stores, signs, and
scans content scans content
home: https://goharbor.io home: https://goharbor.io
icon: https://raw.githubusercontent.com/goharbor/website/master/static/img/logos/harbor-icon-color.png icon: https://raw.githubusercontent.com/goharbor/website/main/static/img/logos/harbor-icon-color.png
keywords: keywords:
- docker - docker
- registry - registry
@ -24,4 +24,4 @@ name: harbor
sources: sources:
- https://github.com/goharbor/harbor - https://github.com/goharbor/harbor
- https://github.com/goharbor/harbor-helm - https://github.com/goharbor/harbor-helm
version: 1.12.4 version: 1.13.0

View File

@ -1,6 +1,6 @@
# Helm Chart for Harbor # Helm Chart for Harbor
**Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be find [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment. **Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be found [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment.
This repository, including the issues, focuses on deploying Harbor chart via helm. For functionality issues or Harbor questions, please open issues on [goharbor/harbor](https://github.com/goharbor/harbor) This repository, including the issues, focuses on deploying Harbor chart via helm. For functionality issues or Harbor questions, please open issues on [goharbor/harbor](https://github.com/goharbor/harbor)
@ -38,7 +38,7 @@ The following items can be set via `--set` flag during installation or configure
The external URL for Harbor core service is used to: The external URL for Harbor core service is used to:
1. populate the docker/helm commands showed on portal 1. populate the docker/helm commands showed on portal
2. populate the token service URL returned to docker/notary client 2. populate the token service URL returned to docker client
Format: `protocol://domain[:port]`. Usually: Format: `protocol://domain[:port]`. Usually:
@ -83,37 +83,30 @@ The following table lists the configurable parameters of the Harbor chart and th
| `expose.tls.certSource` | The source of the TLS certificate. Set as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the TLS certificate automatically 2) secret: read the TLS certificate from the specified secret. The TLS certificate can be generated manually or by cert manager 3) none: configure no TLS certificate for the ingress. If the default TLS certificate is configured in the ingress controller, choose this option | `auto` | | `expose.tls.certSource` | The source of the TLS certificate. Set as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the TLS certificate automatically 2) secret: read the TLS certificate from the specified secret. The TLS certificate can be generated manually or by cert manager 3) none: configure no TLS certificate for the ingress. If the default TLS certificate is configured in the ingress controller, choose this option | `auto` |
| `expose.tls.auto.commonName` | The common name used to generate the certificate, it's necessary when the type isn't `ingress` | | | `expose.tls.auto.commonName` | The common name used to generate the certificate, it's necessary when the type isn't `ingress` | |
| `expose.tls.secret.secretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key | | | `expose.tls.secret.secretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key | |
| `expose.tls.secret.notarySecretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key. Only needed when the `expose.type` is `ingress` | |
| `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` | | `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` |
| `expose.ingress.hosts.notary` | The host of Harbor Notary service in ingress rule | `notary.harbor.domain` |
| `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce`, `alb`, `f5-bigip` and `ncp` | `default` | | `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce`, `alb`, `f5-bigip` and `ncp` | `default` |
| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | | | `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | |
| `expose.ingress.annotations` | The annotations used commonly for ingresses | | | `expose.ingress.annotations` | The annotations used commonly for ingresses | |
| `expose.ingress.harbor.annotations` | The annotations specific to harbor ingress | {} | | `expose.ingress.harbor.annotations` | The annotations specific to harbor ingress | {} |
| `expose.ingress.harbor.labels` | The labels specific to harbor ingress | {} | | `expose.ingress.harbor.labels` | The labels specific to harbor ingress | {} |
| `expose.ingress.notary.annotations` | The annotations specific to notary ingress | {} |
| `expose.ingress.notary.labels` | The labels specific to notary ingress | {} |
| `expose.clusterIP.name` | The name of ClusterIP service | `harbor` | | `expose.clusterIP.name` | The name of ClusterIP service | `harbor` |
| `expose.clusterIP.annotations` | The annotations attached to the ClusterIP service | {} | | `expose.clusterIP.annotations` | The annotations attached to the ClusterIP service | {} |
| `expose.clusterIP.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` | | `expose.clusterIP.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` |
| `expose.clusterIP.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `443` | | `expose.clusterIP.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `443` |
| `expose.clusterIP.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `4443` |
| `expose.nodePort.name` | The name of NodePort service | `harbor` | | `expose.nodePort.name` | The name of NodePort service | `harbor` |
| `expose.nodePort.ports.http.port` | The service port Harbor listens on when serving HTTP | `80` | | `expose.nodePort.ports.http.port` | The service port Harbor listens on when serving HTTP | `80` |
| `expose.nodePort.ports.http.nodePort` | The node port Harbor listens on when serving HTTP | `30002` | | `expose.nodePort.ports.http.nodePort` | The node port Harbor listens on when serving HTTP | `30002` |
| `expose.nodePort.ports.https.port` | The service port Harbor listens on when serving HTTPS | `443` | | `expose.nodePort.ports.https.port` | The service port Harbor listens on when serving HTTPS | `443` |
| `expose.nodePort.ports.https.nodePort` | The node port Harbor listens on when serving HTTPS | `30003` | | `expose.nodePort.ports.https.nodePort` | The node port Harbor listens on when serving HTTPS | `30003` |
| `expose.nodePort.ports.notary.port` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `4443` |
| `expose.nodePort.ports.notary.nodePort` | The node port Notary listens on. Only needed when `notary.enabled` is set to `true` | `30004` |
| `expose.loadBalancer.name` | The name of service | `harbor` | | `expose.loadBalancer.name` | The name of service | `harbor` |
| `expose.loadBalancer.IP` | The IP of the loadBalancer. It only works when loadBalancer supports assigning IP | `""` | | `expose.loadBalancer.IP` | The IP of the loadBalancer. It only works when loadBalancer supports assigning IP | `""` |
| `expose.loadBalancer.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` | | `expose.loadBalancer.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` |
| `expose.loadBalancer.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `30002` | | `expose.loadBalancer.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `30002` |
| `expose.loadBalancer.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | |
| `expose.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} | | `expose.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} |
| `expose.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] | | `expose.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] |
| **Internal TLS** | | | | **Internal TLS** | | |
| `internalTLS.enabled` | Enable TLS for the components (core, jobservice, portal, registry, trivy) | `false` | | `internalTLS.enabled` | Enable TLS for the components (core, jobservice, portal, registry, trivy) | `false` |
| `internalTLS.strong_ssl_ciphers` | Enable strong ssl ciphers for nginx and portal | `false`
| `internalTLS.certSource` | Method to provide TLS for the components, options are `auto`, `manual`, `secret`. | `auto` | | `internalTLS.certSource` | Method to provide TLS for the components, options are `auto`, `manual`, `secret`. | `auto` |
| `internalTLS.trustCa` | The content of trust CA, only available when `certSource` is `manual`. **Note**: all the internal certificates of the components must be issued by this CA | | | `internalTLS.trustCa` | The content of trust CA, only available when `certSource` is `manual`. **Note**: all the internal certificates of the components must be issued by this CA | |
| `internalTLS.core.secretName` | The secret name for core component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | | | `internalTLS.core.secretName` | The secret name for core component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
@ -201,6 +194,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `nginx.nodeSelector` | Node labels for pod assignment | `{}` | | `nginx.nodeSelector` | Node labels for pod assignment | `{}` |
| `nginx.tolerations` | Tolerations for pod assignment | `[]` | | `nginx.tolerations` | Tolerations for pod assignment | `[]` |
| `nginx.affinity` | Node/Pod affinities | `{}` | | `nginx.affinity` | Node/Pod affinities | `{}` |
| `nginx.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `nginx.podAnnotations` | Annotations to add to the nginx pod | `{}` | | `nginx.podAnnotations` | Annotations to add to the nginx pod | `{}` |
| `nginx.priorityClassName` | The priority class to run the pod as | | | `nginx.priorityClassName` | The priority class to run the pod as | |
| **Portal** | | | | **Portal** | | |
@ -213,6 +207,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `portal.nodeSelector` | Node labels for pod assignment | `{}` | | `portal.nodeSelector` | Node labels for pod assignment | `{}` |
| `portal.tolerations` | Tolerations for pod assignment | `[]` | | `portal.tolerations` | Tolerations for pod assignment | `[]` |
| `portal.affinity` | Node/Pod affinities | `{}` | | `portal.affinity` | Node/Pod affinities | `{}` |
| `portal.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `portal.podAnnotations` | Annotations to add to the portal pod | `{}` | | `portal.podAnnotations` | Annotations to add to the portal pod | `{}` |
| `portal.priorityClassName` | The priority class to run the pod as | | | `portal.priorityClassName` | The priority class to run the pod as | |
| **Core** | | | | **Core** | | |
@ -226,8 +221,11 @@ The following table lists the configurable parameters of the Harbor chart and th
| `core.nodeSelector` | Node labels for pod assignment | `{}` | | `core.nodeSelector` | Node labels for pod assignment | `{}` |
| `core.tolerations` | Tolerations for pod assignment | `[]` | | `core.tolerations` | Tolerations for pod assignment | `[]` |
| `core.affinity` | Node/Pod affinities | `{}` | | `core.affinity` | Node/Pod affinities | `{}` |
| `core.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `core.podAnnotations` | Annotations to add to the core pod | `{}` | | `core.podAnnotations` | Annotations to add to the core pod | `{}` |
| `core.serviceAnnotations` | Annotations to add to the core service | `{}` | | `core.serviceAnnotations` | Annotations to add to the core service | `{}` |
| `core.configureUserSettings` | A JSON string to set in the environment variable `CONFIG_OVERWRITE_JSON` to configure user settings. See the [official docs](https://goharbor.io/docs/latest/install-config/configure-user-settings-cli/#configure-users-settings-using-an-environment-variable). | |
| `core.quotaUpdateProvider` | The provider for updating project quota(usage), there are 2 options, redis or db. By default it is implemented by db but you can configure it to redis which can improve the performance of high concurrent pushing to the same project, and reduce the database connections spike and occupies. Using redis will bring up some delay for quota usage updation for display, so only suggest switch provider to redis if you were ran into the db connections spike around the scenario of high concurrent pushing to same project, no improvment for other scenes. | `db` |
| `core.secret` | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | | | `core.secret` | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| `core.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain keys named: `tls.crt` - the certificate and `tls.key` - the private key. The default key pair will be used if it isn't set | | | `core.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain keys named: `tls.crt` - the certificate and `tls.key` - the private key. The default key pair will be used if it isn't set | |
| `core.tokenKey` | PEM-formatted RSA private key used to sign service tokens. Only used if `core.secretName` is unset. If set, `core.tokenCert` MUST also be set. | | | `core.tokenKey` | PEM-formatted RSA private key used to sign service tokens. Only used if `core.secretName` is unset. If set, `core.tokenCert` MUST also be set. | |
@ -253,6 +251,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `jobservice.nodeSelector` | Node labels for pod assignment | `{}` | | `jobservice.nodeSelector` | Node labels for pod assignment | `{}` |
| `jobservice.tolerations` | Tolerations for pod assignment | `[]` | | `jobservice.tolerations` | Tolerations for pod assignment | `[]` |
| `jobservice.affinity` | Node/Pod affinities | `{}` | | `jobservice.affinity` | Node/Pod affinities | `{}` |
| `jobservice.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `jobservice.podAnnotations` | Annotations to add to the jobservice pod | `{}` | | `jobservice.podAnnotations` | Annotations to add to the jobservice pod | `{}` |
| `jobservice.priorityClassName` | The priority class to run the pod as | | | `jobservice.priorityClassName` | The priority class to run the pod as | |
| `jobservice.secret` | Secret is used when job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | | | `jobservice.secret` | Secret is used when job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
@ -269,12 +268,13 @@ The following table lists the configurable parameters of the Harbor chart and th
| `registry.automountServiceAccountToken` | Mount serviceAccountToken? | `false` | | `registry.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `registry.tolerations` | Tolerations for pod assignment | `[]` | | `registry.tolerations` | Tolerations for pod assignment | `[]` |
| `registry.affinity` | Node/Pod affinities | `{}` | | `registry.affinity` | Node/Pod affinities | `{}` |
| `registry.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `registry.middleware` | Middleware is used to add support for a CDN between backend storage and `docker pull` recipient. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#middleware). | | | `registry.middleware` | Middleware is used to add support for a CDN between backend storage and `docker pull` recipient. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#middleware). | |
| `registry.podAnnotations` | Annotations to add to the registry pod | `{}` | | `registry.podAnnotations` | Annotations to add to the registry pod | `{}` |
| `registry.priorityClassName` | The priority class to run the pod as | | | `registry.priorityClassName` | The priority class to run the pod as | |
| `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | | | `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| `registry.credentials.username` | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` | | `registry.credentials.username` | The username that harbor core uses internally to access the registry instance. Together with the `registry.credentials.password`, a htpasswd  is created. This is an alternative to providing `registry.credentials.htpasswdString`. For more details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
| `registry.credentials.password` | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` | | `registry.credentials.password` | The password that harbor core uses internally to access the registry instance. Together with the `registry.credentials.username`, a htpasswd  is created. This is an alternative to providing `registry.credentials.htpasswdString`. For more details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_PASSWD` | `""` | | `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_PASSWD` | `""` |
| `registry.credentials.htpasswdString` | Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. | undefined | | `registry.credentials.htpasswdString` | Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. | undefined |
| `registry.relativeurls` | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | `false` | | `registry.relativeurls` | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | `false` |
@ -300,26 +300,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `trivy.timeout` | The duration to wait for scan completion | `5m0s` | | `trivy.timeout` | The duration to wait for scan completion | `5m0s` |
| `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | | | `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | |
| `trivy.priorityClassName` | The priority class to run the pod as | | | `trivy.priorityClassName` | The priority class to run the pod as | |
| **Notary** | | | | `trivy.topologySpreadConstraints` | The priority class to run the pod as | |
| `notary.enabled` | Enable Notary? | `true` |
| `notary.server.image.repository` | Repository for notary server image | `goharbor/notary-server-photon` |
| `notary.server.image.tag` | Tag for notary server image | `dev` |
| `notary.server.replicas` | The replica count | `1` |
| `notary.server.resources` | The [resources] to allocate for container | undefined |
| `notary.server.priorityClassName` | The priority class to run the pod as | |
| `notary.server.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `notary.signer.image.repository` | Repository for notary signer image | `goharbor/notary-signer-photon` |
| `notary.signer.image.tag` | Tag for notary signer image | `dev` |
| `notary.signer.replicas` | The replica count | `1` |
| `notary.signer.resources` | The [resources] to allocate for container | undefined |
| `notary.signer.priorityClassName` | The priority class to run the pod as | |
| `notary.signer.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `notary.nodeSelector` | Node labels for pod assignment | `{}` |
| `notary.tolerations` | Tolerations for pod assignment | `[]` |
| `notary.affinity` | Node/Pod affinities | `{}` |
| `notary.podAnnotations` | Annotations to add to the notary pod | `{}` |
| `notary.serviceAnnotations` | Annotations to add to the notary service | `{}` |
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `ca.crt`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
| **Database** | | | | **Database** | | |
| `database.type` | If external database is used, set it to `external` | `internal` | | `database.type` | If external database is used, set it to `external` | `internal` |
| `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` | | `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` |
@ -341,8 +322,6 @@ The following table lists the configurable parameters of the Harbor chart and th
| `database.external.username` | The username of external database | `user` | | `database.external.username` | The username of external database | `user` |
| `database.external.password` | The password of external database | `password` | | `database.external.password` | The password of external database | `password` |
| `database.external.coreDatabase` | The database used by core service | `registry` | | `database.external.coreDatabase` | The database used by core service | `registry` |
| `database.external.notaryServerDatabase` | The database used by Notary server | `notary_server` |
| `database.external.notarySignerDatabase` | The database used by Notary signer | `notary_signer` |
| `database.external.existingSecret` | An existing password containing the database password. the key must be `password`. | `""` | | `database.external.existingSecret` | An existing password containing the database password. the key must be `password`. | `""` |
| `database.external.sslmode` | Connection method of external database (require, verify-full, verify-ca, disable) | `disable` | | `database.external.sslmode` | Connection method of external database (require, verify-full, verify-ca, disable) | `disable` |
| `database.maxIdleConns` | The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. | `50` | | `database.maxIdleConns` | The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. | `50` |
@ -384,6 +363,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `exporter.nodeSelector` | Node labels for pod assignment | `{}` | | `exporter.nodeSelector` | Node labels for pod assignment | `{}` |
| `exporter.tolerations` | Tolerations for pod assignment | `[]` | | `exporter.tolerations` | Tolerations for pod assignment | `[]` |
| `exporter.affinity` | Node/Pod affinities | `{}` | | `exporter.affinity` | Node/Pod affinities | `{}` |
| `exporter.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
| `exporter.automountServiceAccountToken` | Mount serviceAccountToken? | `false` | | `exporter.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `exporter.cacheDuration` | the cache duration for information that exporter collected from Harbor | `30` | | `exporter.cacheDuration` | the cache duration for information that exporter collected from Harbor | `30` |
| `exporter.cacheCleanInterval` | cache clean interval for information that exporter collected from Harbor | `14400` | | `exporter.cacheCleanInterval` | cache clean interval for information that exporter collected from Harbor | `14400` |

View File

@ -1,28 +0,0 @@
{
"server": {
"http_addr": ":4443"
},
"trust_service": {
"type": "remote",
"hostname": "{{ template "harbor.notary-signer" . }}",
"port": "7899",
"tls_ca_file": "/etc/ssl/notary/ca.crt",
"key_algorithm": "ecdsa"
},
"logging": {
"level": "{{ .Values.logLevel }}"
},
"storage": {
"backend": "postgres",
"db_url": "{{ template "harbor.database.notaryServer" . }}"
},
"auth": {
"type": "token",
"options": {
"realm": "{{ .Values.externalURL }}/service/token",
"service": "harbor-notary",
"issuer": "harbor-token-issuer",
"rootcertbundle": "/root.crt"
}
}
}

View File

@ -1,15 +0,0 @@
{
"server": {
"grpc_addr": ":7899",
"tls_cert_file": "/etc/ssl/notary/tls.crt",
"tls_key_file": "/etc/ssl/notary/tls.key"
},
"logging": {
"level": "{{ .Values.logLevel }}"
},
"storage": {
"backend": "postgres",
"db_url": "{{ template "harbor.database.notarySigner" . }}",
"default_alias": "defaultalias"
}
}

View File

@ -111,22 +111,6 @@ app: "{{ template "harbor.name" . }}"
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "harbor.database.notaryServerDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "notaryserver" -}}
{{- else -}}
{{- .Values.database.external.notaryServerDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.notarySignerDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "notarysigner" -}}
{{- else -}}
{{- .Values.database.external.notarySignerDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.sslmode" -}} {{- define "harbor.database.sslmode" -}}
{{- if eq .Values.database.type "internal" -}} {{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "disable" -}} {{- printf "%s" "disable" -}}
@ -135,14 +119,6 @@ app: "{{ template "harbor.name" . }}"
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "harbor.database.notaryServer" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.database.notarySigner" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.redis.scheme" -}} {{- define "harbor.redis.scheme" -}}
{{- with .Values.redis }} {{- with .Values.redis }}
{{- ternary "redis+sentinel" "redis" (and (eq .type "external" ) (not (not .external.sentinelMasterSet))) }} {{- ternary "redis+sentinel" "redis" (and (eq .type "external" ) (not (not .external.sentinelMasterSet))) }}
@ -263,14 +239,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- printf "%s-trivy" (include "harbor.fullname" .) -}} {{- printf "%s-trivy" (include "harbor.fullname" .) -}}
{{- end -}} {{- end -}}
{{- define "harbor.notary-server" -}}
{{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.notary-signer" -}}
{{- printf "%s-notary-signer" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.nginx" -}} {{- define "harbor.nginx" -}}
{{- printf "%s-nginx" (include "harbor.fullname" .) -}} {{- printf "%s-nginx" (include "harbor.fullname" .) -}}
{{- end -}} {{- end -}}
@ -283,12 +251,8 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- printf "%s-ingress" (include "harbor.fullname" .) -}} {{- printf "%s-ingress" (include "harbor.fullname" .) -}}
{{- end -}} {{- end -}}
{{- define "harbor.ingress-notary" -}}
{{- printf "%s-ingress-notary" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.noProxy" -}} {{- define "harbor.noProxy" -}}
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}} {{- printf "%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
{{- end -}} {{- end -}}
{{- define "harbor.caBundleVolume" -}} {{- define "harbor.caBundleVolume" -}}
@ -303,7 +267,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
subPath: ca.crt subPath: ca.crt
{{- end -}} {{- end -}}
{{/* scheme for all components except notary because it only support http mode */}} {{/* scheme for all components because it only support http mode */}}
{{- define "harbor.component.scheme" -}} {{- define "harbor.component.scheme" -}}
{{- if .Values.internalTLS.enabled -}} {{- if .Values.internalTLS.enabled -}}
{{- printf "https" -}} {{- printf "https" -}}
@ -506,16 +470,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- define "harbor.tlsNotarySecretForIngress" -}}
{{- if eq .Values.expose.tls.certSource "none" -}}
{{- printf "" -}}
{{- else if eq .Values.expose.tls.certSource "secret" -}}
{{- .Values.expose.tls.secret.notarySecretName -}}
{{- else -}}
{{- include "harbor.ingress" . -}}
{{- end -}}
{{- end -}}
{{- define "harbor.tlsSecretForNginx" -}} {{- define "harbor.tlsSecretForNginx" -}}
{{- if eq .Values.expose.tls.certSource "secret" -}} {{- if eq .Values.expose.tls.certSource "secret" -}}
{{- .Values.expose.tls.secret.secretName -}} {{- .Values.expose.tls.secret.secretName -}}
@ -537,7 +491,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
TRACE_SAMPLE_RATE: "{{ .Values.trace.sample_rate }}" TRACE_SAMPLE_RATE: "{{ .Values.trace.sample_rate }}"
TRACE_NAMESPACE: "{{ .Values.trace.namespace }}" TRACE_NAMESPACE: "{{ .Values.trace.namespace }}"
{{- if .Values.trace.attributes }} {{- if .Values.trace.attributes }}
TRACE_ATTRIBUTES: "{{ .Values.trace.attributes | toJson }}" TRACE_ATTRIBUTES: {{ .Values.trace.attributes | toJson | squote }}
{{- end }} {{- end }}
{{- if eq .Values.trace.provider "jaeger" }} {{- if eq .Values.trace.provider "jaeger" }}
TRACE_JAEGER_ENDPOINT: "{{ .Values.trace.jaeger.endpoint }}" TRACE_JAEGER_ENDPOINT: "{{ .Values.trace.jaeger.endpoint }}"

View File

@ -26,8 +26,6 @@ data:
JOBSERVICE_URL: "{{ template "harbor.jobserviceURL" . }}" JOBSERVICE_URL: "{{ template "harbor.jobserviceURL" . }}"
REGISTRY_URL: "{{ template "harbor.registryURL" . }}" REGISTRY_URL: "{{ template "harbor.registryURL" . }}"
TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}" TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}"
WITH_NOTARY: "{{ .Values.notary.enabled }}"
NOTARY_URL: "http://{{ template "harbor.notary-server" . }}:4443"
CORE_LOCAL_URL: "{{ ternary "https://127.0.0.1:8443" "http://127.0.0.1:8080" .Values.internalTLS.enabled }}" CORE_LOCAL_URL: "{{ ternary "https://127.0.0.1:8443" "http://127.0.0.1:8080" .Values.internalTLS.enabled }}"
WITH_TRIVY: {{ .Values.trivy.enabled | quote }} WITH_TRIVY: {{ .Values.trivy.enabled | quote }}
TRIVY_ADAPTER_URL: "{{ template "harbor.trivyAdapterURL" . }}" TRIVY_ADAPTER_URL: "{{ template "harbor.trivyAdapterURL" . }}"
@ -83,3 +81,7 @@ data:
CACHE_ENABLED: "true" CACHE_ENABLED: "true"
CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}" CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}"
{{- end }} {{- end }}
{{- if .Values.core.quotaUpdateProvider }}
QUOTA_UPDATE_PROVIDER: "{{ .Values.core.quotaUpdateProvider }}"
{{- end }}

View File

@ -17,6 +17,9 @@ spec:
labels: labels:
{{ include "harbor.matchLabels" . | indent 8 }} {{ include "harbor.matchLabels" . | indent 8 }}
component: core component: core
{{- if .Values.core.podLabels }}
{{ toYaml .Values.core.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }} checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
@ -42,6 +45,16 @@ spec:
{{- end }} {{- end }}
automountServiceAccountToken: {{ .Values.core.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.core.automountServiceAccountToken | default false }}
terminationGracePeriodSeconds: 120 terminationGracePeriodSeconds: 120
{{- with .Values.core.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: core
{{- end }}
{{- end }}
containers: containers:
- name: core - name: core
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }} image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
@ -117,6 +130,9 @@ spec:
name: {{ .Values.registry.credentials.existingSecret }} name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD key: REGISTRY_PASSWD
{{- end }} {{- end }}
{{- with .Values.core.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
ports: ports:
- containerPort: {{ template "harbor.core.containerPort" . }} - containerPort: {{ template "harbor.core.containerPort" . }}
volumeMounts: volumeMounts:

View File

@ -25,4 +25,7 @@ data:
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
{{- end }} {{- end }}
CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }} CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }}
{{- if .Values.core.configureUserSettings }}
CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }}
{{- end }}
{{- template "harbor.traceJaegerPassword" . }} {{- template "harbor.traceJaegerPassword" . }}

View File

@ -19,6 +19,9 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: database component: database
{{- if .Values.database.podLabels }}
{{ toYaml .Values.database.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
checksum/secret: {{ include (print $.Template.BasePath "/database/database-secret.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/database/database-secret.yaml") . | sha256sum }}
{{- if .Values.database.podAnnotations }} {{- if .Values.database.podAnnotations }}
@ -102,6 +105,9 @@ spec:
# more detail refer to https://github.com/goharbor/harbor-helm/issues/756 # more detail refer to https://github.com/goharbor/harbor-helm/issues/756
- name: PGDATA - name: PGDATA
value: "/var/lib/postgresql/data/pgdata" value: "/var/lib/postgresql/data/pgdata"
{{- with .Values.database.internal.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts: volumeMounts:
- name: database-data - name: database-data
mountPath: /var/lib/postgresql/data mountPath: /var/lib/postgresql/data

View File

@ -18,7 +18,15 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: exporter component: exporter
{{- if .Values.exporter.podLabels }}
{{ toYaml .Values.exporter.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
checksum/tls: {{ include (print $.Template.BasePath "/core/core-tls.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.exporter.podAnnotations }} {{- if .Values.exporter.podAnnotations }}
{{ toYaml .Values.exporter.podAnnotations | indent 8 }} {{ toYaml .Values.exporter.podAnnotations | indent 8 }}
{{- end }} {{- end }}
@ -34,6 +42,16 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
automountServiceAccountToken: {{ .Values.exporter.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.exporter.automountServiceAccountToken | default false }}
{{- with .Values.exporter.topologySpreadConstraints }}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: exporter
{{- end }}
{{- end }}
containers: containers:
- name: exporter - name: exporter
image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }} image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
@ -74,6 +92,10 @@ spec:
{{- if .Values.exporter.resources }} {{- if .Values.exporter.resources }}
resources: resources:
{{ toYaml .Values.exporter.resources | indent 10 }} {{ toYaml .Values.exporter.resources | indent 10 }}
{{- end }}
{{- with .Values.exporter.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
ports: ports:
- containerPort: {{ template "harbor.core.containerPort" . }} - containerPort: {{ template "harbor.core.containerPort" . }}

View File

@ -8,7 +8,6 @@
{{- $_ := set . "v2_path" "/v2/*" -}} {{- $_ := set . "v2_path" "/v2/*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/*" -}} {{- $_ := set . "chartrepo_path" "/chartrepo/*" -}}
{{- $_ := set . "controller_path" "/c/*" -}} {{- $_ := set . "controller_path" "/c/*" -}}
{{- $_ := set . "notary_path" "/" -}}
{{- else if eq .Values.expose.ingress.controller "ncp" }} {{- else if eq .Values.expose.ingress.controller "ncp" }}
{{- $_ := set . "portal_path" "/.*" -}} {{- $_ := set . "portal_path" "/.*" -}}
{{- $_ := set . "api_path" "/api/.*" -}} {{- $_ := set . "api_path" "/api/.*" -}}
@ -16,7 +15,6 @@
{{- $_ := set . "v2_path" "/v2/.*" -}} {{- $_ := set . "v2_path" "/v2/.*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}} {{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}}
{{- $_ := set . "controller_path" "/c/.*" -}} {{- $_ := set . "controller_path" "/c/.*" -}}
{{- $_ := set . "notary_path" "/.*" -}}
{{- else }} {{- else }}
{{- $_ := set . "portal_path" "/" -}} {{- $_ := set . "portal_path" "/" -}}
{{- $_ := set . "api_path" "/api/" -}} {{- $_ := set . "api_path" "/api/" -}}
@ -24,7 +22,6 @@
{{- $_ := set . "v2_path" "/v2/" -}} {{- $_ := set . "v2_path" "/v2/" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/" -}} {{- $_ := set . "chartrepo_path" "/chartrepo/" -}}
{{- $_ := set . "controller_path" "/c/" -}} {{- $_ := set . "controller_path" "/c/" -}}
{{- $_ := set . "notary_path" "/" -}}
{{- end }} {{- end }}
--- ---
@ -145,65 +142,4 @@ spec:
host: {{ $ingress.hosts.core }} host: {{ $ingress.hosts.core }}
{{- end }} {{- end }}
{{- if .Values.notary.enabled }}
---
{{- if semverCompare "<1.14-0" (include "harbor.ingress.kubeVersion" .) }}
apiVersion: extensions/v1beta1
{{- else if semverCompare "<1.19-0" (include "harbor.ingress.kubeVersion" .) }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: networking.k8s.io/v1
{{- end }}
kind: Ingress
metadata:
name: "{{ template "harbor.ingress-notary" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if $ingress.notary.labels }}
{{ toYaml $ingress.notary.labels | indent 4 }}
{{- end }}
annotations:
{{ toYaml $ingress.annotations | indent 4 }}
{{- if eq .Values.expose.ingress.controller "ncp" }}
ncp/use-regex: "true"
{{- if $tls.enabled }}
ncp/http-redirect: "true"
{{- end }}
{{- end }}
{{- if $ingress.notary.annotations }}
{{ toYaml $ingress.notary.annotations | indent 4 }}
{{- end }}
spec:
{{- if $ingress.className }}
ingressClassName: {{ $ingress.className }}
{{- end }}
{{- if $tls.enabled }}
tls:
- secretName: {{ template "harbor.tlsNotarySecretForIngress" . }}
{{- if $ingress.hosts.notary }}
hosts:
- {{ $ingress.hosts.notary }}
{{- end }}
{{- end }}
rules:
- http:
paths:
- path: {{ .notary_path }}
{{- if semverCompare "<1.19-0" (include "harbor.ingress.kubeVersion" .) }}
backend:
serviceName: {{ template "harbor.notary-server" . }}
servicePort: 4443
{{- else }}
pathType: Prefix
backend:
service:
name: {{ template "harbor.notary-server" . }}
port:
number: 4443
{{- end -}}
{{- if $ingress.hosts.notary }}
host: {{ $ingress.hosts.notary }}
{{- end }}
{{- end }}
{{- end }} {{- end }}

View File

@ -1,6 +1,6 @@
{{- if eq (include "harbor.autoGenCertForIngress" .) "true" }} {{- if eq (include "harbor.autoGenCertForIngress" .) "true" }}
{{- $ca := genCA "harbor-ca" 365 }} {{- $ca := genCA "harbor-ca" 365 }}
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core .Values.expose.ingress.hosts.notary) 365 $ca }} {{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:

View File

@ -22,6 +22,9 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: jobservice component: jobservice
{{- if .Values.jobservice.podLabels }}
{{ toYaml .Values.jobservice.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm.yaml") . | sha256sum }} checksum/configmap: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm.yaml") . | sha256sum }}
checksum/configmap-env: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm-env.yaml") . | sha256sum }} checksum/configmap-env: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm-env.yaml") . | sha256sum }}
@ -48,6 +51,16 @@ spec:
{{- end }} {{- end }}
automountServiceAccountToken: {{ .Values.jobservice.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.jobservice.automountServiceAccountToken | default false }}
terminationGracePeriodSeconds: 120 terminationGracePeriodSeconds: 120
{{- with .Values.jobservice.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: jobservice
{{- end }}
{{- end }}
containers: containers:
- name: jobservice - name: jobservice
image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }} image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
@ -93,6 +106,9 @@ spec:
name: {{ .Values.registry.credentials.existingSecret }} name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD key: REGISTRY_PASSWD
{{- end }} {{- end }}
{{- with .Values.jobservice.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: "{{ template "harbor.jobservice" . }}-env" name: "{{ template "harbor.jobservice" . }}-env"

View File

@ -1,4 +1,4 @@
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:

View File

@ -36,12 +36,6 @@ data:
server "{{ template "harbor.portal" . }}:{{ template "harbor.portal.servicePort" . }}"; server "{{ template "harbor.portal" . }}:{{ template "harbor.portal.servicePort" . }}";
} }
{{- if .Values.notary.enabled }}
upstream notary-server {
server {{ template "harbor.notary-server" . }}:4443;
}
{{- end }}
log_format timed_combined '[$time_local]:$remote_addr - ' log_format timed_combined '[$time_local]:$remote_addr - '
'"$request" $status $body_bytes_sent ' '"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" ' '"$http_referer" "$http_user_agent" '
@ -54,47 +48,6 @@ data:
"" $scheme; "" $scheme;
} }
{{- if .Values.notary.enabled }}
server {
{{- if .Values.ipFamily.ipv4.enabled }}
listen 4443 ssl;
{{- end}}
{{- if .Values.ipFamily.ipv6.enabled}}
listen [::]:4443 ssl;
{{- end }}
server_tokens off;
# ssl
ssl_certificate /etc/nginx/cert/tls.crt;
ssl_certificate_key /etc/nginx/cert/tls.key;
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
ssl_protocols tlsv1.2;
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:ssl:10m;
# disable any limits to avoid http 413 for large image uploads
client_max_body_size 0;
# required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2/ {
proxy_pass http://notary-server/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_buffering off;
proxy_request_buffering off;
proxy_send_timeout 900;
proxy_read_timeout 900;
}
}
{{- end }}
server { server {
{{- if .Values.ipFamily.ipv4.enabled }} {{- if .Values.ipFamily.ipv4.enabled }}
listen 8443 ssl; listen 8443 ssl;
@ -109,8 +62,12 @@ data:
ssl_certificate_key /etc/nginx/cert/tls.key; ssl_certificate_key /etc/nginx/cert/tls.key;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2 TLSv1.3;
{{- if .Values.internalTLS.strong_ssl_ciphers }}
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
{{ else }}
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
{{- end }}
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;

View File

@ -18,6 +18,9 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: nginx component: nginx
{{- if .Values.nginx.podLabels }}
{{ toYaml .Values.nginx.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
{{- if not .Values.expose.tls.enabled }} {{- if not .Values.expose.tls.enabled }}
checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }} checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }}
@ -42,6 +45,16 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken | default false }}
{{- with .Values.nginx.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: nginx
{{- end }}
{{- end }}
containers: containers:
- name: nginx - name: nginx
image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
@ -69,6 +82,10 @@ spec:
{{- if .Values.nginx.resources }} {{- if .Values.nginx.resources }}
resources: resources:
{{ toYaml .Values.nginx.resources | indent 10 }} {{ toYaml .Values.nginx.resources | indent 10 }}
{{- end }}
{{- with .Values.nginx.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
ports: ports:
- containerPort: 8080 - containerPort: 8080

View File

@ -22,11 +22,6 @@ spec:
port: {{ $clusterIP.ports.httpsPort }} port: {{ $clusterIP.ports.httpsPort }}
targetPort: 8443 targetPort: 8443
{{- end }} {{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $clusterIP.ports.notaryPort }}
targetPort: 4443
{{- end }}
{{- else if eq .Values.expose.type "nodePort" }} {{- else if eq .Values.expose.type "nodePort" }}
{{- $nodePort := .Values.expose.nodePort }} {{- $nodePort := .Values.expose.nodePort }}
name: {{ $nodePort.name }} name: {{ $nodePort.name }}
@ -49,14 +44,6 @@ spec:
nodePort: {{ $nodePort.ports.https.nodePort }} nodePort: {{ $nodePort.ports.https.nodePort }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $nodePort.ports.notary.port }}
targetPort: 4443
{{- if $nodePort.ports.notary.nodePort }}
nodePort: {{ $nodePort.ports.notary.nodePort }}
{{- end }}
{{- end }}
{{- else if eq .Values.expose.type "loadBalancer" }} {{- else if eq .Values.expose.type "loadBalancer" }}
{{- $loadBalancer := .Values.expose.loadBalancer }} {{- $loadBalancer := .Values.expose.loadBalancer }}
name: {{ $loadBalancer.name }} name: {{ $loadBalancer.name }}
@ -84,11 +71,6 @@ spec:
port: {{ $loadBalancer.ports.httpsPort }} port: {{ $loadBalancer.ports.httpsPort }}
targetPort: 8443 targetPort: 8443
{{- end }} {{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $loadBalancer.ports.notaryPort }}
targetPort: 4443
{{- end }}
{{- end }} {{- end }}
selector: selector:
{{ include "harbor.matchLabels" . | indent 4 }} {{ include "harbor.matchLabels" . | indent 4 }}

View File

@ -1,22 +0,0 @@
{{- if and .Values.notary.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.notary-server" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: notary
type: Opaque
data:
{{- if not .Values.notary.secretName }}
{{- $ca := genCA "harbor-notary-ca" 365 }}
{{- $cert := genSignedCert (include "harbor.notary-signer" .) nil (list (include "harbor.notary-signer" .)) 365 $ca }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
{{- end }}
server.json: {{ tpl (.Files.Get "conf/notary-server.json") . | b64enc }}
signer.json: {{ tpl (.Files.Get "conf/notary-signer.json") . | b64enc }}
NOTARY_SERVER_DB_URL: {{ include "harbor.database.notaryServer" . | b64enc }}
NOTARY_SIGNER_DB_URL: {{ include "harbor.database.notarySigner" . | b64enc }}
{{- end }}

View File

@ -1,111 +0,0 @@
{{ if .Values.notary.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.notary-server" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: notary-server
spec:
replicas: {{ .Values.notary.server.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: notary-server
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: notary-server
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if .Values.notary.server.podAnnotations }}
{{ toYaml .Values.notary.server.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
{{- if .Values.notary.server.serviceAccountName }}
serviceAccountName: {{ .Values.notary.server.serviceAccountName }}
{{- end -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.notary.server.automountServiceAccountToken | default false }}
containers:
- name: notary-server
image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /_notary_server/health
scheme: "HTTP"
port: 4443
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /_notary_server/health
scheme: "HTTP"
port: 4443
initialDelaySeconds: 20
periodSeconds: 10
{{- if .Values.notary.server.resources }}
resources:
{{ toYaml .Values.notary.server.resources | indent 10 }}
{{- end }}
env:
- name: MIGRATIONS_PATH
value: migrations/server/postgresql
- name: DB_URL
valueFrom:
secretKeyRef:
name: {{ template "harbor.notary-server" . }}
key: NOTARY_SERVER_DB_URL
volumeMounts:
- name: config
mountPath: /etc/notary/server-config.postgres.json
subPath: server.json
- name: token-service-certificate
mountPath: /root.crt
subPath: tls.crt
- name: signer-certificate
mountPath: /etc/ssl/notary/ca.crt
subPath: ca.crt
volumes:
- name: config
secret:
secretName: "{{ template "harbor.notary-server" . }}"
- name: token-service-certificate
secret:
{{- if .Values.core.secretName }}
secretName: {{ .Values.core.secretName }}
{{- else }}
secretName: {{ template "harbor.core" . }}
{{- end }}
- name: signer-certificate
secret:
{{- if .Values.notary.secretName }}
secretName: {{ .Values.notary.secretName }}
{{- else }}
secretName: {{ template "harbor.notary-server" . }}
{{- end }}
{{- with .Values.notary.server.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.server.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.server.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.notary.server.priorityClassName }}
priorityClassName: {{ .Values.notary.server.priorityClassName }}
{{- end }}
{{ end }}

View File

@ -1,105 +0,0 @@
{{ if .Values.notary.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.notary-signer" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: notary-signer
spec:
replicas: {{ .Values.notary.signer.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: notary-signer
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: notary-signer
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }}
{{- if .Values.notary.signer.podAnnotations }}
{{ toYaml .Values.notary.signer.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
{{- if .Values.notary.signer.serviceAccountName }}
serviceAccountName: {{ .Values.notary.signer.serviceAccountName }}
{{- end -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.notary.signer.automountServiceAccountToken | default false }}
containers:
- name: notary-signer
image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /
scheme: "HTTPS"
port: 7899
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /
scheme: "HTTPS"
port: 7899
initialDelaySeconds: 20
periodSeconds: 10
{{- if .Values.notary.signer.resources }}
resources:
{{ toYaml .Values.notary.signer.resources | indent 10 }}
{{- end }}
env:
- name: MIGRATIONS_PATH
value: migrations/signer/postgresql
- name: DB_URL
valueFrom:
secretKeyRef:
name: {{ template "harbor.notary-server" . }}
key: NOTARY_SIGNER_DB_URL
- name: NOTARY_SIGNER_DEFAULTALIAS
value: defaultalias
volumeMounts:
- name: config
mountPath: /etc/notary/signer-config.postgres.json
subPath: signer.json
- name: signer-certificate
mountPath: /etc/ssl/notary/tls.crt
subPath: tls.crt
- name: signer-certificate
mountPath: /etc/ssl/notary/tls.key
subPath: tls.key
volumes:
- name: config
secret:
secretName: "{{ template "harbor.notary-server" . }}"
- name: signer-certificate
secret:
{{- if .Values.notary.secretName }}
secretName: {{ .Values.notary.secretName }}
{{- else }}
secretName: {{ template "harbor.notary-server" . }}
{{- end }}
{{- with .Values.notary.signer.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.signer.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.notary.signer.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.notary.signer.priorityClassName }}
priorityClassName: {{ .Values.notary.signer.priorityClassName }}
{{- end }}
{{ end }}

View File

@ -1,35 +0,0 @@
{{ if .Values.notary.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.notary-server" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- with .Values.notary.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }}
type: NodePort
{{- end }}
ports:
- port: 4443
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: notary-server
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.notary-signer" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- port: 7899
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: notary-signer
{{ end }}

View File

@ -30,8 +30,12 @@ data:
ssl_certificate_key /etc/harbor/ssl/portal/tls.key; ssl_certificate_key /etc/harbor/ssl/portal/tls.key;
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2 TLSv1.3;
{{- if .Values.internalTLS.strong_ssl_ciphers }}
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
{{ else }}
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
{{- end }}
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
{{- else }} {{- else }}

View File

@ -17,6 +17,9 @@ spec:
labels: labels:
{{ include "harbor.matchLabels" . | indent 8 }} {{ include "harbor.matchLabels" . | indent 8 }}
component: portal component: portal
{{- if .Values.portal.podLabels }}
{{ toYaml .Values.portal.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }} checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
@ -39,6 +42,16 @@ spec:
serviceAccountName: {{ .Values.portal.serviceAccountName }} serviceAccountName: {{ .Values.portal.serviceAccountName }}
{{- end }} {{- end }}
automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }}
{{- with .Values.portal.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: portal
{{- end }}
{{- end }}
containers: containers:
- name: portal - name: portal
image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }} image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
@ -46,6 +59,10 @@ spec:
{{- if .Values.portal.resources }} {{- if .Values.portal.resources }}
resources: resources:
{{ toYaml .Values.portal.resources | indent 10 }} {{ toYaml .Values.portal.resources | indent 10 }}
{{- end }}
{{- with .Values.portal.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
livenessProbe: livenessProbe:
httpGet: httpGet:

View File

@ -19,6 +19,9 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: redis component: redis
{{- if .Values.redis.podLabels }}
{{ toYaml .Values.redis.podLabels | indent 8 }}
{{- end }}
{{- if .Values.redis.podAnnotations }} {{- if .Values.redis.podAnnotations }}
annotations: annotations:
{{ toYaml .Values.redis.podAnnotations | indent 8 }} {{ toYaml .Values.redis.podAnnotations | indent 8 }}
@ -53,6 +56,10 @@ spec:
{{- if .Values.redis.internal.resources }} {{- if .Values.redis.internal.resources }}
resources: resources:
{{ toYaml .Values.redis.internal.resources | indent 10 }} {{ toYaml .Values.redis.internal.resources | indent 10 }}
{{- end }}
{{- with .Values.redis.internal.extraEnvVars }}
env:
{{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
volumeMounts: volumeMounts:
- name: data - name: data

View File

@ -24,6 +24,9 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: registry component: registry
{{- if .Values.registry.podLabels }}
{{ toYaml .Values.registry.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }} checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }}
@ -51,6 +54,16 @@ spec:
{{- end }} {{- end }}
automountServiceAccountToken: {{ .Values.registry.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.registry.automountServiceAccountToken | default false }}
terminationGracePeriodSeconds: 120 terminationGracePeriodSeconds: 120
{{- with .Values.registry.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: registry
{{- end }}
{{- end }}
containers: containers:
- name: registry - name: registry
image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }} image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
@ -107,6 +120,9 @@ spec:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }} name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
key: AZURE_STORAGE_ACCESS_KEY key: AZURE_STORAGE_ACCESS_KEY
{{- end }} {{- end }}
{{- with .Values.registry.registry.extraEnvVars }}
{{- toYaml . | nindent 8 }}
{{- end }}
ports: ports:
- containerPort: {{ template "harbor.registry.containerPort" . }} - containerPort: {{ template "harbor.registry.containerPort" . }}
- containerPort: 5001 - containerPort: 5001
@ -172,6 +188,10 @@ spec:
name: "{{ template "harbor.registry" . }}" name: "{{ template "harbor.registry" . }}"
- secretRef: - secretRef:
name: "{{ template "harbor.registryCtl" . }}" name: "{{ template "harbor.registryCtl" . }}"
{{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
- secretRef:
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
{{- end }}
env: env:
- name: CORE_SECRET - name: CORE_SECRET
valueFrom: valueFrom:
@ -215,6 +235,9 @@ spec:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }} name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
key: AZURE_STORAGE_ACCESS_KEY key: AZURE_STORAGE_ACCESS_KEY
{{- end }} {{- end }}
{{- with .Values.registry.controller.extraEnvVars }}
{{- toYaml . | nindent 8 }}
{{- end }}
ports: ports:
- containerPort: {{ template "harbor.registryctl.containerPort" . }} - containerPort: {{ template "harbor.registryctl.containerPort" . }}
volumeMounts: volumeMounts:

View File

@ -19,6 +19,9 @@ spec:
labels: labels:
{{ include "harbor.labels" . | indent 8 }} {{ include "harbor.labels" . | indent 8 }}
component: trivy component: trivy
{{- if .Values.trivy.podLabels }}
{{ toYaml .Values.trivy.podLabels | indent 8 }}
{{- end }}
annotations: annotations:
checksum/secret: {{ include (print $.Template.BasePath "/trivy/trivy-secret.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/trivy/trivy-secret.yaml") . | sha256sum }}
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
@ -41,6 +44,16 @@ spec:
runAsUser: 10000 runAsUser: 10000
fsGroup: 10000 fsGroup: 10000
automountServiceAccountToken: {{ .Values.trivy.automountServiceAccountToken | default false }} automountServiceAccountToken: {{ .Values.trivy.automountServiceAccountToken | default false }}
{{- with .Values.trivy.topologySpreadConstraints}}
topologySpreadConstraints:
{{- range . }}
- {{ . | toYaml | indent 8 | trim }}
labelSelector:
matchLabels:
{{ include "harbor.matchLabels" $ | indent 12 }}
component: trivy
{{- end }}
{{- end }}
containers: containers:
- name: trivy - name: trivy
image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }} image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}
@ -111,6 +124,9 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ template "harbor.trivy" . }} name: {{ template "harbor.trivy" . }}
key: redisURL key: redisURL
{{- with .Values.trivy.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports: ports:
- name: api-server - name: api-server
containerPort: {{ template "harbor.trivy.containerPort" . }} containerPort: {{ template "harbor.trivy.containerPort" . }}

View File

@ -26,15 +26,9 @@ expose:
# "tls.crt" - the certificate # "tls.crt" - the certificate
# "tls.key" - the private key # "tls.key" - the private key
secretName: "" secretName: ""
# The name of secret which contains keys named:
# "tls.crt" - the certificate
# "tls.key" - the private key
# Only needed when the "expose.type" is "ingress".
notarySecretName: ""
ingress: ingress:
hosts: hosts:
core: core.harbor.domain core: core.harbor.domain
notary: notary.harbor.domain
# set to the type of ingress controller if it has specific requirements. # set to the type of ingress controller if it has specific requirements.
# leave as `default` for most ingress controllers. # leave as `default` for most ingress controllers.
# set to `gce` if using the GCE ingress controller # set to `gce` if using the GCE ingress controller
@ -52,11 +46,6 @@ expose:
ingress.kubernetes.io/proxy-body-size: "0" ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0"
notary:
# notary ingress-specific annotations
annotations: {}
# notary ingress-specific labels
labels: {}
harbor: harbor:
# harbor ingress-specific annotations # harbor ingress-specific annotations
annotations: {} annotations: {}
@ -71,10 +60,6 @@ expose:
# The service port Harbor listens on when serving HTTP # The service port Harbor listens on when serving HTTP
httpPort: 80 httpPort: 80
# The service port Harbor listens on when serving HTTPS # The service port Harbor listens on when serving HTTPS
httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
notaryPort: 4443
nodePort: nodePort:
# The name of NodePort service # The name of NodePort service
name: harbor name: harbor
@ -89,12 +74,6 @@ expose:
port: 443 port: 443
# The node port Harbor listens on when serving HTTPS # The node port Harbor listens on when serving HTTPS
nodePort: 30003 nodePort: 30003
# Only needed when notary.enabled is set to true
notary:
# The service port Notary listens on
port: 4443
# The node port Notary listens on
nodePort: 30004
loadBalancer: loadBalancer:
# The name of LoadBalancer service # The name of LoadBalancer service
name: harbor name: harbor
@ -105,15 +84,12 @@ expose:
httpPort: 80 httpPort: 80
# The service port Harbor listens on when serving HTTPS # The service port Harbor listens on when serving HTTPS
httpsPort: 443 httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
notaryPort: 4443
annotations: {} annotations: {}
sourceRanges: [] sourceRanges: []
# The external URL for Harbor core service. It is used to # The external URL for Harbor core service. It is used to
# 1) populate the docker/helm commands showed on portal # 1) populate the docker/helm commands showed on portal
# 2) populate the token service URL returned to docker/notary client # 2) populate the token service URL returned to docker client
# #
# Format: protocol://domain[:port]. Usually: # Format: protocol://domain[:port]. Usually:
# 1) if "expose.type" is "ingress", the "domain" should be # 1) if "expose.type" is "ingress", the "domain" should be
@ -127,10 +103,12 @@ expose:
externalURL: https://core.harbor.domain externalURL: https://core.harbor.domain
# The internal TLS used for harbor components secure communicating. In order to enable https # The internal TLS used for harbor components secure communicating. In order to enable https
# in each components tls cert files need to provided in advance. # in each component tls cert files need to provided in advance.
internalTLS: internalTLS:
# If internal TLS enabled # If internal TLS enabled
enabled: false enabled: false
# enable strong ssl ciphers (default: false)
strong_ssl_ciphers: false
# There are three ways to provide tls # There are three ways to provide tls
# 1) "auto" will generate cert automatically # 1) "auto" will generate cert automatically
# 2) "manual" need provide cert file manually in following value # 2) "manual" need provide cert file manually in following value
@ -249,14 +227,14 @@ persistence:
annotations: {} annotations: {}
# Define which storage backend is used for registry to store # Define which storage backend is used for registry to store
# images and charts. Refer to # images and charts. Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage # https://github.com/distribution/distribution/blob/main/docs/configuration.md#storage
# for the detail. # for the detail.
imageChartStorage: imageChartStorage:
# Specify whether to disable `redirect` for images and chart storage, for # Specify whether to disable `redirect` for images and chart storage, for
# backends which not supported it (such as using minio for `s3` storage type), please disable # backends which not supported it (such as using minio for `s3` storage type), please disable
# it. To disable redirects, simply set `disableredirect` to `true` instead. # it. To disable redirects, simply set `disableredirect` to `true` instead.
# Refer to # Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect # https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
# for the detail. # for the detail.
disableredirect: false disableredirect: false
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate. # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
@ -284,7 +262,7 @@ persistence:
encodedkey: base64-encoded-json-key-file encodedkey: base64-encoded-json-key-file
#rootdirectory: /gcs/object/name/prefix #rootdirectory: /gcs/object/name/prefix
#chunksize: "5242880" #chunksize: "5242880"
# To use existing secret, the key must be gcs-key.json # To use existing secret, the key must be GCS_KEY_DATA
existingSecret: "" existingSecret: ""
useWorkloadIdentity: false useWorkloadIdentity: false
s3: s3:
@ -400,7 +378,7 @@ enableMigrateHelmHook: false
nginx: nginx:
image: image:
repository: goharbor/nginx-photon repository: goharbor/nginx-photon
tag: v2.8.4 tag: v2.9.0
# set the service account to be used, default if left empty # set the service account to be used, default if left empty
serviceAccountName: "" serviceAccountName: ""
# mount the service account token # mount the service account token
@ -411,18 +389,27 @@ nginx:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as ## The priority class to run the pod as
priorityClassName: priorityClassName:
portal: portal:
image: image:
repository: goharbor/harbor-portal repository: goharbor/harbor-portal
tag: v2.8.4 tag: v2.9.0
# set the service account to be used, default if left empty # set the service account to be used, default if left empty
serviceAccountName: "" serviceAccountName: ""
# mount the service account token # mount the service account token
@ -433,18 +420,27 @@ portal:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as ## The priority class to run the pod as
priorityClassName: priorityClassName:
core: core:
image: image:
repository: goharbor/harbor-core repository: goharbor/harbor-core
tag: v2.8.4 tag: v2.9.0
# set the service account to be used, default if left empty # set the service account to be used, default if left empty
serviceAccountName: "" serviceAccountName: ""
# mount the service account token # mount the service account token
@ -459,18 +455,37 @@ core:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
## Additional service annotations ## Additional service annotations
serviceAnnotations: {} serviceAnnotations: {}
## User settings configuration json string
configureUserSettings:
# The provider for updating project quota(usage), there are 2 options, redis or db.
# By default it is implemented by db but you can configure it to redis which
# can improve the performance of high concurrent pushing to the same project,
# and reduce the database connections spike and occupies.
# Using redis will bring up some delay for quota usage updation for display, so only
# suggest switch provider to redis if you were ran into the db connections spike around
# the scenario of high concurrent pushing to same project, no improvment for other scenes.
quotaUpdateProvider: db # Or redis
# Secret is used when core server communicates with other components. # Secret is used when core server communicates with other components.
# If a secret key is not specified, Helm will generate one. # If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars. # Must be a string of 16 chars.
secret: "" secret: ""
# Fill the name of a kubernetes secret if you want to use your own # Fill in the name of a kubernetes secret if you want to use your own
# TLS certificate and private key for token encryption/decryption. # TLS certificate and private key for token encryption/decryption.
# The secret must contain keys named: # The secret must contain keys named:
# "tls.key" - the private key # "tls.key" - the private key
@ -497,7 +512,7 @@ core:
jobservice: jobservice:
image: image:
repository: goharbor/harbor-jobservice repository: goharbor/harbor-jobservice
tag: v2.8.4 tag: v2.9.0
replicas: 1 replicas: 1
revisionHistoryLimit: 10 revisionHistoryLimit: 10
# set the service account to be used, default if left empty # set the service account to be used, default if left empty
@ -525,11 +540,20 @@ jobservice:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints:
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
# Secret is used when job service communicates with other components. # Secret is used when job service communicates with other components.
# If a secret key is not specified, Helm will generate one. # If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars. # Must be a string of 16 chars.
@ -545,32 +569,42 @@ registry:
registry: registry:
image: image:
repository: goharbor/registry-photon repository: goharbor/registry-photon
tag: v2.8.4 tag: v2.9.0
# resources: # resources:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
controller: controller:
image: image:
repository: goharbor/harbor-registryctl repository: goharbor/harbor-registryctl
tag: v2.8.4 tag: v2.9.0
# resources: # resources:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
replicas: 1 replicas: 1
revisionHistoryLimit: 10 revisionHistoryLimit: 10
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as ## The priority class to run the pod as
priorityClassName: priorityClassName:
# Secret is used to secure the upload state from client # Secret is used to secure the upload state from client
# and registry storage backend. # and registry storage backend.
# See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http # See: https://github.com/distribution/distribution/blob/main/docs/configuration.md#http
# If a secret key is not specified, Helm will generate one. # If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars. # Must be a string of 16 chars.
secret: "" secret: ""
@ -610,7 +644,7 @@ trivy:
# repository the repository for Trivy adapter image # repository the repository for Trivy adapter image
repository: goharbor/trivy-adapter-photon repository: goharbor/trivy-adapter-photon
# tag the tag for Trivy adapter image # tag the tag for Trivy adapter image
tag: v2.8.4 tag: v2.9.0
# set the service account to be used, default if left empty # set the service account to be used, default if left empty
serviceAccountName: "" serviceAccountName: ""
# mount the service account token # mount the service account token
@ -668,66 +702,23 @@ trivy:
limits: limits:
cpu: 1 cpu: 1
memory: 1Gi memory: 1Gi
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
## The priority class to run the pod as ## The priority class to run the pod as
priorityClassName: priorityClassName:
notary:
enabled: true
server:
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
image:
repository: goharbor/notary-server-photon
tag: v2.8.4
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## The priority class to run the pod as
priorityClassName:
## Additional service annotations
serviceAnnotations: {}
signer:
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
image:
repository: goharbor/notary-signer-photon
tag: v2.8.4
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## The priority class to run the pod as
priorityClassName:
# Fill the name of a kubernetes secret if you want to use your own
# TLS certificate authority, certificate and private key for notary
# communications.
# The secret must contain keys named ca.crt, tls.crt and tls.key that
# contain the CA, certificate and private key.
# They will be generated if not set.
secretName: ""
database: database:
# if external database is used, set "type" to "external" # if external database is used, set "type" to "external"
# and fill the connection information in "external" section # and fill the connection information in "external" section
@ -739,7 +730,7 @@ database:
automountServiceAccountToken: false automountServiceAccountToken: false
image: image:
repository: goharbor/harbor-db repository: goharbor/harbor-db
tag: v2.8.4 tag: v2.9.0
# The initial superuser password for internal database # The initial superuser password for internal database
password: "changeit" password: "changeit"
# The size limit for Shared memory, pgSQL use it for shared_buffer # The size limit for Shared memory, pgSQL use it for shared_buffer
@ -756,6 +747,7 @@ database:
# The timeout used in readinessProbe; 1 to 5 seconds # The timeout used in readinessProbe; 1 to 5 seconds
readinessProbe: readinessProbe:
timeoutSeconds: 1 timeoutSeconds: 1
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
@ -778,8 +770,6 @@ database:
username: "user" username: "user"
password: "password" password: "password"
coreDatabase: "registry" coreDatabase: "registry"
notaryServerDatabase: "notary_server"
notarySignerDatabase: "notary_signer"
# if using existing secret, the key must be "password" # if using existing secret, the key must be "password"
existingSecret: "" existingSecret: ""
# "disable" - No SSL # "disable" - No SSL
@ -799,6 +789,8 @@ database:
maxOpenConns: 900 maxOpenConns: 900
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
redis: redis:
# if external Redis is used, set "type" to "external" # if external Redis is used, set "type" to "external"
@ -811,11 +803,12 @@ redis:
automountServiceAccountToken: false automountServiceAccountToken: false
image: image:
repository: goharbor/redis-photon repository: goharbor/redis-photon
tag: v2.8.4 tag: v2.9.0
# resources: # resources:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
@ -855,6 +848,8 @@ redis:
existingSecret: "" existingSecret: ""
## Additional deployment annotations ## Additional deployment annotations
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
exporter: exporter:
replicas: 1 replicas: 1
@ -863,16 +858,25 @@ exporter:
# requests: # requests:
# memory: 256Mi # memory: 256Mi
# cpu: 100m # cpu: 100m
extraEnvVars: []
podAnnotations: {} podAnnotations: {}
## Additional deployment labels
podLabels: {}
serviceAccountName: "" serviceAccountName: ""
# mount the service account token # mount the service account token
automountServiceAccountToken: false automountServiceAccountToken: false
image: image:
repository: goharbor/harbor-exporter repository: goharbor/harbor-exporter
tag: v2.8.4 tag: v2.9.0
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
# Spread Pods across failure-domains like regions, availability zones or nodes
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# nodeTaintsPolicy: Honor
# whenUnsatisfiable: DoNotSchedule
cacheDuration: 23 cacheDuration: 23
cacheCleanInterval: 14400 cacheCleanInterval: 14400
## The priority class to run the pod as ## The priority class to run the pod as
@ -894,7 +898,7 @@ metrics:
port: 8001 port: 8001
## Create prometheus serviceMonitor to scrape harbor metrics. ## Create prometheus serviceMonitor to scrape harbor metrics.
## This requires the monitoring.coreos.com/v1 CRD. Please see ## This requires the monitoring.coreos.com/v1 CRD. Please see
## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
## ##
serviceMonitor: serviceMonitor:
enabled: false enabled: false

View File

@ -3,4 +3,4 @@ dependencies:
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
version: v1.12.3 version: v1.12.3
digest: sha256:3110ca458f8a903dc025408701614af03df859bf827824478ed68c785b0e6209 digest: sha256:3110ca458f8a903dc025408701614af03df859bf827824478ed68c785b0e6209
generated: "2023-08-29T05:47:05.106503476Z" generated: "2023-08-30T06:44:07.371307817Z"

View File

@ -14,7 +14,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19.0' catalog.cattle.io/kube-version: '>=1.19.0'
catalog.cattle.io/release-name: koor-operator catalog.cattle.io/release-name: koor-operator
apiVersion: v2 apiVersion: v2
appVersion: v0.3.5 appVersion: v0.3.6
dependencies: dependencies:
- alias: certmanager - alias: certmanager
condition: certmanager.enabled condition: certmanager.enabled
@ -33,4 +33,4 @@ name: koor-operator
sources: sources:
- https://github.com/koor-tech/koor-operator/ - https://github.com/koor-tech/koor-operator/
type: application type: application
version: 0.3.5 version: 0.3.6

View File

@ -52,7 +52,7 @@ The following table lists the configurable parameters of the rook-operator chart
| `controllerManager.manager.args` | Operator args | `["--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080","--leader-elect"]` | | `controllerManager.manager.args` | Operator args | `["--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080","--leader-elect"]` |
| `controllerManager.manager.containerSecurityContext` | Operator container security context | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | | `controllerManager.manager.containerSecurityContext` | Operator container security context | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` |
| `controllerManager.manager.image.repository` | Operator image repository | `"docker.io/koorinc/koor-operator"` | | `controllerManager.manager.image.repository` | Operator image repository | `"docker.io/koorinc/koor-operator"` |
| `controllerManager.manager.image.tag` | Operator image tag | `"v0.3.5"` | | `controllerManager.manager.image.tag` | Operator image tag | `"v0.3.6"` |
| `controllerManager.manager.resources` | Operator container resources | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"10m","memory":"128Mi"}}` | | `controllerManager.manager.resources` | Operator container resources | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"10m","memory":"128Mi"}}` |
| `controllerManager.replicas` | | `1` | | `controllerManager.replicas` | | `1` |
| `koorCluster.spec.dashboardEnabled` | Enable the Ceph MGR dashboard. | `true` | | `koorCluster.spec.dashboardEnabled` | Enable the Ceph MGR dashboard. | `true` |

View File

@ -8,6 +8,7 @@ metadata:
{{- include "koor-operator.labels" . | nindent 4 }} {{- include "koor-operator.labels" . | nindent 4 }}
spec: spec:
backoffLimit: 20 backoffLimit: 20
ttlSecondsAfterFinished: 0
template: template:
metadata: metadata:
name: {{ include "koor-operator.jobName" . }} name: {{ include "koor-operator.jobName" . }}

View File

@ -49,7 +49,7 @@ controllerManager:
# -- Operator image repository # -- Operator image repository
repository: docker.io/koorinc/koor-operator repository: docker.io/koorinc/koor-operator
# -- Operator image tag # -- Operator image tag
tag: v0.3.5 tag: v0.3.6
# -- Operator container resources # -- Operator container resources
resources: resources:
limits: limits:

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/namespace: kuma-system catalog.cattle.io/namespace: kuma-system
catalog.cattle.io/release-name: kuma catalog.cattle.io/release-name: kuma
apiVersion: v2 apiVersion: v2
appVersion: 2.3.2 appVersion: 2.4.0
description: A Helm chart for the Kuma Control Plane description: A Helm chart for the Kuma Control Plane
home: https://github.com/kumahq/kuma home: https://github.com/kumahq/kuma
icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
@ -20,4 +20,4 @@ maintainers:
name: nickolaev name: nickolaev
name: kuma name: kuma
type: application type: application
version: 2.3.2 version: 2.4.0

View File

@ -2,7 +2,7 @@
A Helm chart for the Kuma Control Plane A Helm chart for the Kuma Control Plane
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.3.2](https://img.shields.io/badge/Version-2.3.2-informational?style=flat-square) ![AppVersion: 2.3.2](https://img.shields.io/badge/AppVersion-2.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square)
**Homepage:** <https://github.com/kumahq/kuma> **Homepage:** <https://github.com/kumahq/kuma>

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: circuitbreakers.kuma.io name: circuitbreakers.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: containerpatches.kuma.io name: containerpatches.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: dataplaneinsights.kuma.io name: dataplaneinsights.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: dataplanes.kuma.io name: dataplanes.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: externalservices.kuma.io name: externalservices.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: faultinjections.kuma.io name: faultinjections.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: healthchecks.kuma.io name: healthchecks.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshaccesslogs.kuma.io name: meshaccesslogs.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshaccesslog singular: meshaccesslog
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -97,6 +104,11 @@ spec:
type: string type: string
type: object type: object
type: array type: array
body:
description: Body is a raw string or an OTLP any
value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body
It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
x-kubernetes-preserve-unknown-fields: true
endpoint: endpoint:
description: Endpoint of OpenTelemetry collector. description: Endpoint of OpenTelemetry collector.
An empty port defaults to 4317. An empty port defaults to 4317.
@ -160,6 +172,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -194,6 +207,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -275,6 +289,11 @@ spec:
type: string type: string
type: object type: object
type: array type: array
body:
description: Body is a raw string or an OTLP any
value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body
It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
x-kubernetes-preserve-unknown-fields: true
endpoint: endpoint:
description: Endpoint of OpenTelemetry collector. description: Endpoint of OpenTelemetry collector.
An empty port defaults to 4317. An empty port defaults to 4317.
@ -338,6 +357,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -368,3 +388,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshcircuitbreakers.kuma.io name: meshcircuitbreakers.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshcircuitbreaker singular: meshcircuitbreaker
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -301,6 +308,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -335,6 +343,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -619,6 +628,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -649,3 +659,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshes.kuma.io name: meshes.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshfaultinjections.kuma.io name: meshfaultinjections.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshfaultinjection singular: meshfaultinjection
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -127,6 +134,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -161,6 +169,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -186,3 +195,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshgatewayinstances.kuma.io name: meshgatewayinstances.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshgatewayroutes.kuma.io name: meshgatewayroutes.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshgateways.kuma.io name: meshgateways.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshhealthchecks.kuma.io name: meshhealthchecks.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshhealthcheck singular: meshhealthcheck
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -45,6 +52,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -270,6 +278,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -300,3 +309,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshhttproutes.kuma.io name: meshhttproutes.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshhttproute singular: meshhttproute
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -45,6 +52,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -88,6 +96,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -181,6 +190,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -473,6 +483,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -499,3 +510,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshinsights.kuma.io name: meshinsights.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshloadbalancingstrategies.kuma.io name: meshloadbalancingstrategies.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshloadbalancingstrategy singular: meshloadbalancingstrategy
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -46,6 +53,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -382,6 +390,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -412,3 +421,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshproxypatches.kuma.io name: meshproxypatches.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshproxypatch singular: meshproxypatch
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -475,6 +482,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -501,3 +509,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshratelimits.kuma.io name: meshratelimits.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshratelimit singular: meshratelimit
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -165,6 +172,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -199,6 +207,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -224,3 +233,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshretries.kuma.io name: meshretries.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshretry singular: meshretry
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -45,6 +52,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -364,6 +372,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -394,3 +403,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshtcproutes.kuma.io name: meshtcproutes.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtcproute singular: meshtcproute
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -45,6 +52,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -88,6 +96,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -132,6 +141,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -163,3 +173,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshtimeouts.kuma.io name: meshtimeouts.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtimeout singular: meshtimeout
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -96,6 +103,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -130,6 +138,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -210,6 +219,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -240,3 +250,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshtraces.kuma.io name: meshtraces.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtrace singular: meshtrace
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -193,6 +200,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -218,3 +226,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: meshtrafficpermissions.kuma.io name: meshtrafficpermissions.kuma.io
spec: spec:
group: kuma.io group: kuma.io
@ -16,7 +16,14 @@ spec:
singular: meshtrafficpermission singular: meshtrafficpermission
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - additionalPrinterColumns:
- jsonPath: .spec.targetRef.kind
name: TargetRef Kind
type: string
- jsonPath: .spec.targetRef.name
name: TargetRef Name
type: string
name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
properties: properties:
@ -63,6 +70,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -97,6 +105,7 @@ spec:
enum: enum:
- Mesh - Mesh
- MeshSubset - MeshSubset
- MeshGateway
- MeshService - MeshService
- MeshServiceSubset - MeshServiceSubset
- MeshHTTPRoute - MeshHTTPRoute
@ -122,3 +131,4 @@ spec:
type: object type: object
served: true served: true
storage: true storage: true
subresources: {}

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: proxytemplates.kuma.io name: proxytemplates.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: ratelimits.kuma.io name: ratelimits.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: retries.kuma.io name: retries.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: serviceinsights.kuma.io name: serviceinsights.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: timeouts.kuma.io name: timeouts.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: trafficlogs.kuma.io name: trafficlogs.kuma.io
spec: spec:
group: kuma.io group: kuma.io

View File

@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.12.0 controller-gen.kubebuilder.io/version: v0.13.0
name: trafficpermissions.kuma.io name: trafficpermissions.kuma.io
spec: spec:
group: kuma.io group: kuma.io

Some files were not shown because too many files have changed in this diff Show More