diff --git a/assets/kasten/k10-6.5.1401.tgz b/assets/kasten/k10-6.5.1401.tgz new file mode 100644 index 000000000..6b6260e54 Binary files /dev/null and b/assets/kasten/k10-6.5.1401.tgz differ diff --git a/charts/kasten/k10/Chart.lock b/charts/kasten/k10/Chart.lock index 96fc2e846..0e05a708e 100644 --- a/charts/kasten/k10/Chart.lock +++ b/charts/kasten/k10/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: "" version: 25.18.0 digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066 -generated: "2024-05-03T18:14:59.697223332Z" +generated: "2024-05-18T05:55:02.501542941Z" diff --git a/charts/kasten/k10/Chart.yaml b/charts/kasten/k10/Chart.yaml index 8a3c48c42..a0b913b3b 100644 --- a/charts/kasten/k10/Chart.yaml +++ b/charts/kasten/k10/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 6.5.13 +appVersion: 6.5.14 dependencies: - condition: grafana.enabled name: grafana @@ -21,4 +21,4 @@ maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 6.5.1301 +version: 6.5.1401 diff --git a/charts/kasten/k10/README.md b/charts/kasten/k10/README.md index bd93317d0..de408c5a2 100644 --- a/charts/kasten/k10/README.md +++ b/charts/kasten/k10/README.md @@ -57,9 +57,9 @@ Parameter | Description | Default `eula.company` | Company name. Required field if EULA is accepted | `None` `eula.email` | Contact email. Required field if EULA is accepted | `None` `license` | License string obtained from Kasten | `None` -`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10 | `true` -`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts | `false` -`scc.priority` | Sets the SecurityContextConstraints priority | `15` +`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10 | `true` +`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts | `false` +`scc.priority` | Sets the SecurityContextConstraints priority | `15` `services.dashboardbff.hostNetwork` | Whether the dashboardbff pods may use the node network | `false` `services.executor.hostNetwork` | Whether the executor pods may use the node network | `false` `services.executor.workerCount` | Specifies count of running executor workers | 8 @@ -86,7 +86,7 @@ Parameter | Description | Default `ingress.defaultBackend.resource.apiGroup` | Optional API group of a resource backing the default backend. | `''` `ingress.defaultBackend.resource.kind` | The type of a resource being referenced by the default backend (required if the resource default backend is used). | `None` `ingress.defaultBackend.resource.name` | The name of a resource being referenced by the default backend (required if the resource default backend is used). | `None` -`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi` +`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi` `global.persistence.catalog.size` | Size of a volume for catalog service | `global.persistence.size` `global.persistence.jobs.size` | Size of a volume for jobs service | `global.persistence.size` `global.persistence.logging.size` | Size of a volume for logging service | `global.persistence.size` @@ -173,7 +173,7 @@ Parameter | Description | Default `auth.ldap.host` | Host and optional port of the AD/LDAP server in the form `host:port` | `None` `auth.ldap.insecureNoSSL` | Required if the AD/LDAP host is not using TLS | `false` `auth.ldap.insecureSkipVerifySSL` | To turn off SSL verification of connections to the AD/LDAP host | `false` -`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used. | `false` +`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used. | `false` `auth.ldap.bindDN` | The Distinguished Name(username) used for connecting to the AD/LDAP host | `None` `auth.ldap.bindPW` | The password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None` `auth.ldap.bindPWSecretName` | The name of the secret that contains the password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None` @@ -257,7 +257,7 @@ Parameter | Description | Default `limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10` `limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10` `limiter.imageCopies` | Limit of concurrent image copy operations | `10` -`cluster.domainName` | Specifies the domain name of the cluster | `cluster.local` +`cluster.domainName` | Specifies the domain name of the cluster | `""` `kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45` `kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600` `kanister.deleteTimeout` | Specifies timeout to set on Kanister delete operations | `45` @@ -284,7 +284,7 @@ Parameter | Description | Default `defaultPriorityClassName` | Specifies the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for all K10 deployments and ephemeral pods | `None` `priorityClassName.` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}` `ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1` - +`datastore.parallelUploads` | Specifies how many files can be uploaded in parallel to the data store | `8` ## Helm tips and tricks There is a way of setting values via a yaml file instead of using `--set`. diff --git a/charts/kasten/k10/charts/grafana/templates/deployment.yaml b/charts/kasten/k10/charts/grafana/templates/deployment.yaml index 46c016faa..02bd3fac9 100644 --- a/charts/kasten/k10/charts/grafana/templates/deployment.yaml +++ b/charts/kasten/k10/charts/grafana/templates/deployment.yaml @@ -32,6 +32,7 @@ spec: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- include "k10.azMarketPlace.billingIdentifier" . }} annotations: checksum/config: {{ include "grafana.configData" . | sha256sum }} {{- if .Values.dashboards }} diff --git a/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml index ea97969c2..d7cf0f6cb 100644 --- a/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml +++ b/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml @@ -34,6 +34,7 @@ spec: {{- with .Values.imageRenderer.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- include "k10.azMarketPlace.billingIdentifier" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- with .Values.imageRenderer.podAnnotations }} diff --git a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/deployment.yaml b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/deployment.yaml index 557ca6f00..62e5557b4 100644 --- a/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/deployment.yaml +++ b/charts/kasten/k10/charts/prometheus/charts/prometheus-pushgateway/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: {{- end }} labels: {{- include "prometheus-pushgateway.defaultLabels" . | nindent 8 }} + {{- include "k10.azMarketPlace.billingIdentifier" . }} spec: {{- include "prometheus-pushgateway.podSpec" . | nindent 6 }} {{- end }} diff --git a/charts/kasten/k10/charts/prometheus/templates/deploy.yaml b/charts/kasten/k10/charts/prometheus/templates/deploy.yaml index 7602b757f..ca0852d1e 100644 --- a/charts/kasten/k10/charts/prometheus/templates/deploy.yaml +++ b/charts/kasten/k10/charts/prometheus/templates/deploy.yaml @@ -32,6 +32,7 @@ spec: {{- if .Values.server.podLabels}} {{ toYaml .Values.server.podLabels | nindent 8 }} {{- end}} + {{- include "k10.azMarketPlace.billingIdentifier" . }} spec: {{- if .Values.server.priorityClassName }} priorityClassName: "{{ .Values.server.priorityClassName }}" diff --git a/charts/kasten/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl index 023848d72..d4449ab46 100644 --- a/charts/kasten/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -35,8 +35,8 @@ crypto: dashboardbff: - vbrintegrationapi state: -- events - admin +- events {{- end -}} {{- define "k10.aggregatedAPIs" -}}actions apps repositories vault{{- end -}} {{- define "k10.configAPIs" -}}config{{- end -}} @@ -214,7 +214,7 @@ state-svc: {{- define "k10.aggAuditPolicyFile" -}}agg-audit-policy.yaml{{- end -}} {{- define "k10.siemAuditLogFilePath" -}}-{{- end -}} {{- define "k10.siemAuditLogFileSize" -}}100{{- end -}} -{{- define "k10.kanisterToolsImageTag" -}}0.107.0{{- end -}} +{{- define "k10.kanisterToolsImageTag" -}}0.108.0{{- end -}} {{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}} {{- define "k10.openShiftClientSecretEnvVar" -}}K10_OPENSHIFT_CLIENT_SECRET{{- end -}} {{- define "k10.defaultK10DefaultPriorityClassName" -}}{{- end -}} diff --git a/charts/kasten/k10/templates/_helpers.tpl b/charts/kasten/k10/templates/_helpers.tpl index 2e4a59114..76746073d 100644 --- a/charts/kasten/k10/templates/_helpers.tpl +++ b/charts/kasten/k10/templates/_helpers.tpl @@ -119,6 +119,8 @@ {{- $fips := .Values.fips | default dict -}} {{- if $fips.enabled -}} {{- $internal_capabilities = append $internal_capabilities "fips.strict" -}} + {{- $internal_capabilities = append $internal_capabilities "crypto.storagerepository.v2" -}} + {{- $internal_capabilities = append $internal_capabilities "crypto.vbr.v2" -}} {{- end -}} {{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}} @@ -281,6 +283,10 @@ external-dns.alpha.kubernetes.io/hostname: {{ .Values.externalGateway.fqdn.name Prometheus scrape config template for k10 services */}} {{- define "k10.prometheusScrape" -}} +{{- $cluster_domain := "" -}} +{{- with .main.Values.cluster.domainName -}} + {{- $cluster_domain = printf ".%s" . -}} +{{- end -}} {{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort -}} - job_name: {{ .k10service }} metrics_path: /metrics @@ -295,13 +301,13 @@ Prometheus scrape config template for k10 services static_configs: - targets: {{- if eq "gateway" .k10service }} - - {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $admin_port }} + - {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:{{ $admin_port }} {{- else if eq "aggregatedapis" .k10service }} - - {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:443 + - {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:443 {{- else }} {{- $service := default .k10service (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).primary }} {{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" . | fromYaml) .k10service).port }} - - {{ $service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $port }} + - {{ $service }}-svc.{{ .main.Release.Namespace }}.svc{{ $cluster_domain }}:{{ $port }} {{- end }} labels: application: {{ .main.Release.Name }} @@ -312,6 +318,10 @@ Prometheus scrape config template for k10 services Prometheus scrape config template for k10 services */}} {{- define "k10.prometheusTargetConfig" -}} +{{- $cluster_domain := "" -}} +{{- with .main.Values.cluster.domainName -}} + {{- $cluster_domain = printf ".%s" . -}} +{{- end -}} {{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort | toString -}} - service: {{ .k10service }} metricsPath: /metrics @@ -326,15 +336,15 @@ Prometheus scrape config template for k10 services {{- $serviceFqdn := "" }} {{- $servicePort := "" }} {{- if eq "gateway" .k10service -}} - {{- $serviceFqdn = printf "%s-admin.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}} + {{- $serviceFqdn = printf "%s-admin.%s.svc%s" .k10service .main.Release.Namespace $cluster_domain -}} {{- $servicePort = $admin_port -}} {{- else if eq "aggregatedapis" .k10service -}} - {{- $serviceFqdn = printf "%s-svc.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}} + {{- $serviceFqdn = printf "%s-svc.%s.svc%s" .k10service .main.Release.Namespace $cluster_domain -}} {{- $servicePort = "443" -}} {{- else -}} {{- $service := default .k10service (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).primary -}} {{- $port := default .main.Values.service.externalPort (index (include "get.enabledColocatedServices" .main | fromYaml) .k10service).port | toString -}} - {{- $serviceFqdn = printf "%s-svc.%s.svc.%s" $service .main.Release.Namespace .main.Values.cluster.domainName -}} + {{- $serviceFqdn = printf "%s-svc.%s.svc%s" $service .main.Release.Namespace $cluster_domain -}} {{- $servicePort = $port -}} {{- end }} fqdn: {{ $serviceFqdn }} @@ -406,6 +416,8 @@ images or not {{- define "dex.dexImageRepo" -}} {{- if .Values.global.airgapped.repository }} {{- printf "%s/%s" .Values.global.airgapped.repository (include "dex.dexImageName" .) }} + {{- else if .Values.global.azMarketPlace }} + {{- printf "%s/%s" .Values.global.azure.images.dex.registry .Values.global.azure.images.dex.image }} {{- else }} {{- printf "%s/%s" .Values.global.image.registry (include "dex.dexImageName" .) }} {{- end }} @@ -416,7 +428,11 @@ images or not {{- end -}} {{- define "dex.dexImageTag" -}} + {{- if .Values.global.azMarketPlace }} + {{- print .Values.global.azure.images.dex.tag }} + {{- else }} {{- .Values.global.image.tag | default .Chart.AppVersion }} + {{- end -}} {{- end -}} {{/* @@ -441,6 +457,8 @@ Get the emissary image. {{- define "k10.emissaryImageRepo" -}} {{- if .Values.global.airgapped.repository }} {{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.emissaryImageName" .) }} + {{- else if .Values.global.azMarketPlace }} + {{- printf "%s/%s" .Values.global.azure.images.emissary.registry .Values.global.azure.images.emissary.image }} {{- else }} {{- printf "%s/%s" .Values.global.image.registry (include "k10.emissaryImageName" .) }} {{- end }} @@ -451,7 +469,11 @@ Get the emissary image. {{- end -}} {{- define "k10.emissaryImageTag" -}} - {{- include "get.k10ImageTag" . }} + {{- if .Values.global.azMarketPlace }} + {{- print .Values.global.azure.images.emissary.tag }} + {{- else }} + {{- include "get.k10ImageTag" . }} + {{- end }} {{- end -}} {{/* @@ -522,6 +544,8 @@ Get the kanister-tools image. {{- define "kan.kanisterToolsImageRepo" -}} {{- if .Values.global.airgapped.repository }} {{- printf "%s/%s" .Values.global.airgapped.repository (include "kan.kanisterToolsImageName" .) }} + {{- else if .Values.global.azMarketPlace }} + {{- printf "%s/%s" .Values.global.azure.images.kanistertools.registry .Values.global.azure.images.kanistertools.image }} {{- else }} {{- printf "%s/%s" .Values.global.image.registry (include "kan.kanisterToolsImageName" .) }} {{- end }} @@ -532,7 +556,11 @@ Get the kanister-tools image. {{- end -}} {{- define "kan.kanisterToolsImageTag" -}} - {{- include "get.k10ImageTag" . }} + {{- if .Values.global.azMarketPlace }} + {{- print .Values.global.azure.images.kanistertools.tag }} + {{- else }} + {{- include "get.k10ImageTag" . }} + {{- end }} {{- end -}} {{/* @@ -1074,6 +1102,8 @@ running in the same cluster. {{- define "init.ImageRepo" -}} {{- if .Values.global.airgapped.repository }} {{- printf "%s/%s" .Values.global.airgapped.repository (include "init.ImageName" .) }} + {{- else if .main.Values.global.azMarketPlace }} + {{- printf "%s/%s" .Values.global.azure.images.init.registry .Values.global.azure.images.init.image }} {{- else }} {{- printf "%s/%s" .Values.global.image.registry (include "init.ImageName" .) }} {{- end }} @@ -1216,20 +1246,6 @@ running in the same cluster. {{- end -}} {{- end -}} -{{/* Fail if FIPS is enabled and auth.ldap is turned on */}} -{{- define "k10.fail.fipsDexAuthLDAP" -}} - {{- if and ((.Values.fips | default dict).enabled) (.Values.auth.ldap.enabled) -}} - {{- fail "fips.enabled and auth.ldap.enabled cannot both be enabled at the same time" -}} - {{- end -}} -{{- end -}} - -{{/* Fail if FIPS is enabled and auth.openshift is turned on */}} -{{- define "k10.fail.fipsDexAuthOpenshift" -}} - {{- if and ((.Values.fips | default dict).enabled) (.Values.auth.openshift.enabled) -}} - {{- fail "fips.enabled and auth.openshift.enabled cannot both be enabled at the same time" -}} - {{- end -}} -{{- end -}} - {{/* Check to see whether SIEM logging is enabled */}} {{- define "k10.siemEnabled" -}} {{- if or .Values.siem.logging.cluster.enabled .Values.siem.logging.cloud.awsS3.enabled -}} @@ -1271,3 +1287,12 @@ the Microsoft Go toolchain and Red Hat's OpenSSL. - name: OPENSSL_FORCE_FIPS_MODE value: "1" {{- end }} + +{{/* +Returns a billing identifier label to be added to workloads for azure marketplace offer +*/}} +{{- define "k10.azMarketPlace.billingIdentifier" -}} + {{- if .Values.global.azMarketPlace }} + azure-extensions-usage-release-identifier: {{.Release.Name}} + {{- end }} +{{- end }} diff --git a/charts/kasten/k10/templates/_k10_container.tpl b/charts/kasten/k10/templates/_k10_container.tpl index 0895015f2..45015dcc5 100644 --- a/charts/kasten/k10/templates/_k10_container.tpl +++ b/charts/kasten/k10/templates/_k10_container.tpl @@ -94,6 +94,7 @@ stating that types are not same for the equality check - name: {{ include "k10.disabledServicesEnvVar" . }} value: {{ include "get.disabledServices" . | quote }} {{- end -}} +{{- if list "dashboardbff" "executor" "garbagecollector" "controllermanager" "kanister" | has $service}} {{- if not (eq (include "check.googleproject" . ) "true") -}} {{- fail "secrets.googleApiKey field is required when using secrets.googleProjectId" -}} {{- end -}} @@ -116,6 +117,8 @@ stating that types are not same for the equality check key: {{ $gkeProjectId }} optional: true {{- end }} +{{- end }} +{{- if list "dashboardbff" "executor" "garbagecollector" "controllermanager" "kanister" | has $service}} {{- if or (eq (include "check.azuresecret" .) "true") (eq (include "check.azurecreds" .) "true" ) }} {{- if eq (include "check.azuresecret" .) "true" }} - name: AZURE_CLIENT_ID @@ -201,6 +204,7 @@ stating that types are not same for the equality check value: "{{ .Values.azure.useDefaultMSI }}" {{- end }} {{- end }} +{{- end }} {{- /* There are 3 valid states of the secret provided by customer: @@ -273,6 +277,7 @@ There are 3 valid states of the secret provided by customer: {{- end }} {{- end }} {{- end }} +{{- if list "dashboardbff" "executor" "garbagecollector" "controllermanager" | has $service}} {{- if or (eq (include "check.vspherecreds" .) "true") (eq (include "check.vsphereClientSecret" .) "true") }} {{- $vsphereSecretName := default "vsphere-creds" .Values.secrets.vsphereClientSecretName }} - name: VSPHERE_ENDPOINT @@ -290,6 +295,7 @@ There are 3 valid states of the secret provided by customer: secretKeyRef: name: {{ $vsphereSecretName }} key: vsphere_password +{{- end }} {{- end }} - name: VERSION valueFrom: @@ -350,62 +356,18 @@ There are 3 valid states of the secret provided by customer: value: {{ (include "get.k10ImageTag" .) | print .Values.global.image.registry "/datamover:" }} {{- end }}{{/* if .Values.global.airgapped.repository */}} - - name: K10_KANISTER_POD_METRICS_IMAGE - {{- if not .Values.global.rhMarketPlace }} - {{- if .Values.global.airgapped.repository }} - value: {{ (include "get.k10ImageTag" .) | print .Values.global.airgapped.repository "/metric-sidecar:" }} - {{- else }} - value: {{ (include "get.k10ImageTag" .) | print .Values.global.image.registry "/metric-sidecar:" }} - {{- end }}{{/* if .Values.global.airgapped.repository */}} - {{- else }} - value: {{ index .Values.global.images "metric-sidecar" }} - {{- end }}{{/* if not .Values.global.rhMarketPlace */}} - - - name: KANISTER_POD_READY_WAIT_TIMEOUT - valueFrom: - configMapKeyRef: - name: k10-config - key: KanisterPodReadyWaitTimeout - - - name: K10_KANISTER_POD_METRICS_ENABLED - valueFrom: - configMapKeyRef: - name: k10-config - key: KanisterPodMetricSidecarEnabled - - name: PUSHGATEWAY_METRICS_INTERVAL - valueFrom: - configMapKeyRef: - name: k10-config - key: KanisterPodPushgatewayMetricsInterval -{{- if .Values.kanisterPodMetricSidecar.resources.requests.memory }} - - name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_REQUEST - valueFrom: - configMapKeyRef: - name: k10-config - key: KanisterPodMetricSidecarMemoryRequest {{- end }} -{{- if .Values.kanisterPodMetricSidecar.resources.requests.cpu }} - - name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_REQUEST +{{- if eq $service "executor"}} + - name: DATA_STORE_LOG_LEVEL valueFrom: configMapKeyRef: name: k10-config - key: KanisterPodMetricSidecarCPURequest -{{- end }} -{{- if .Values.kanisterPodMetricSidecar.resources.limits.memory }} - - name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_LIMIT + key: DataStoreLogLevel + - name: DATA_STORE_FILE_LOG_LEVEL valueFrom: configMapKeyRef: name: k10-config - key: KanisterPodMetricSidecarMemoryLimit -{{- end }} -{{- if .Values.kanisterPodMetricSidecar.resources.limits.cpu }} - - name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_LIMIT - valueFrom: - configMapKeyRef: - name: k10-config - key: KanisterPodMetricSidecarCPULimit -{{- end }} - + key: DataStoreFileLogLevel {{- end }} - name: LOG_LEVEL valueFrom: @@ -511,6 +473,63 @@ There are 3 valid states of the secret provided by customer: configMapKeyRef: name: k10-config key: k10DataStoreDisableCompression + + - name: K10_KANISTER_POD_METRICS_IMAGE + {{- if not .Values.global.rhMarketPlace }} + {{- if .Values.global.airgapped.repository }} + value: {{ (include "get.k10ImageTag" .) | print .Values.global.airgapped.repository "/metric-sidecar:" }} + {{- else }} + value: {{ (include "get.k10ImageTag" .) | print .Values.global.image.registry "/metric-sidecar:" }} + {{- end }}{{/* if .Values.global.airgapped.repository */}} + {{- else }} + value: {{ index .Values.global.images "metric-sidecar" }} + {{- end }}{{/* if not .Values.global.rhMarketPlace */}} + + - name: KANISTER_POD_READY_WAIT_TIMEOUT + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodReadyWaitTimeout + + - name: K10_KANISTER_POD_METRICS_ENABLED + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarEnabled + - name: PUSHGATEWAY_METRICS_INTERVAL + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodPushgatewayMetricsInterval + {{- if .Values.kanisterPodMetricSidecar.resources.requests.memory }} + - name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_REQUEST + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarMemoryRequest + {{- end }} + {{- if .Values.kanisterPodMetricSidecar.resources.requests.cpu }} + - name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_REQUEST + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarCPURequest + {{- end }} + {{- if .Values.kanisterPodMetricSidecar.resources.limits.memory }} + - name: K10_KANISTER_POD_METRIC_SIDECAR_MEMORY_LIMIT + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarMemoryLimit + {{- end }} + {{- if .Values.kanisterPodMetricSidecar.resources.limits.cpu }} + - name: K10_KANISTER_POD_METRIC_SIDECAR_CPU_LIMIT + valueFrom: + configMapKeyRef: + name: k10-config + key: KanisterPodMetricSidecarCPULimit + {{- end }} + {{- end }} {{- if (list "dashboardbff" "catalog" "executor" "crypto" | has $service) }} {{- if .Values.metering.mode }} @@ -797,6 +816,7 @@ There are 3 valid states of the secret provided by customer: mountPath: /etc/ssl/certs/webhook readOnly: true {{- end }} +{{- if list "dashboardbff" "auth" "controllermanager" | has $service}} {{- if eq (include "basicauth.check" .) "true" }} - name: k10-basic-auth mountPath: "/var/run/secrets/kasten.io/k10-basic-auth" @@ -812,6 +832,7 @@ There are 3 valid states of the secret provided by customer: readOnly: true {{- end }} {{- end }} +{{- end }} {{- if eq (include "check.googleCredsOrSecret" .) "true"}} - name: service-account mountPath: "/var/run/secrets/kasten.io" @@ -847,8 +868,16 @@ There are 3 valid states of the secret provided by customer: image: {{ include "get.kanisterToolsImage" .}} imagePullPolicy: {{ .Values.kanisterToolsImage.pullPolicy }} {{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "kanister-sidecar" | include "k10.resource.request" | indent 8}} -{{- if (.Values.fips | default dict).enabled }} env: + {{- with $capabilities := include "k10.capabilities" . }} + - name: K10_CAPABILITIES + value: {{ $capabilities | quote }} + {{- end }} + {{- with $capabilities_mask := include "k10.capabilities_mask" . }} + - name: K10_CAPABILITIES_MASK + value: {{ $capabilities_mask | quote }} + {{- end }} +{{- if (.Values.fips | default dict).enabled }} {{- include "k10.enforceFIPSEnvironmentVariables" . | nindent 10 }} {{- end }} volumeMounts: diff --git a/charts/kasten/k10/templates/_k10_image_tag.tpl b/charts/kasten/k10/templates/_k10_image_tag.tpl index c0c4d5772..fece230f7 100644 --- a/charts/kasten/k10/templates/_k10_image_tag.tpl +++ b/charts/kasten/k10/templates/_k10_image_tag.tpl @@ -1 +1 @@ -{{- define "k10.imageTag" -}}6.5.13{{- end -}} \ No newline at end of file +{{- define "k10.imageTag" -}}6.5.14{{- end -}} \ No newline at end of file diff --git a/charts/kasten/k10/templates/_k10_metering.tpl b/charts/kasten/k10/templates/_k10_metering.tpl index 860b4373e..4f6fd4155 100644 --- a/charts/kasten/k10/templates/_k10_metering.tpl +++ b/charts/kasten/k10/templates/_k10_metering.tpl @@ -122,6 +122,7 @@ spec: checksum/secret: {{ include (print .Template.BasePath "/secrets.yaml") . | sha256sum }} labels: {{ include "helm.labels" . | indent 8 }} +{{- include "k10.azMarketPlace.billingIdentifier" . }} component: {{ $service }} run: {{ $service }}-svc spec: diff --git a/charts/kasten/k10/templates/_k10_serviceimage.tpl b/charts/kasten/k10/templates/_k10_serviceimage.tpl index 7a42fb9b2..9a333d92c 100644 --- a/charts/kasten/k10/templates/_k10_serviceimage.tpl +++ b/charts/kasten/k10/templates/_k10_serviceimage.tpl @@ -17,6 +17,9 @@ value that is specified. {{- $tagFromDefs := "" -}} {{- if .main.Values.global.airgapped.repository }} {{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.airgapped.repository "/" .k10_service ":" }} +{{- else if .main.Values.global.azMarketPlace }} +{{- $az_image := (get .main.Values.global.azure.images .k10_service) }} +{{- $serviceImage = print $az_image.registry "/" $az_image.image ":" $az_image.tag }} {{- else }} {{- $serviceImage = (include "get.k10ImageTag" .main) | print .main.Values.global.image.registry "/" .k10_service ":" }} {{- end }}{{/* if .main.Values.global.airgapped.repository */}} diff --git a/charts/kasten/k10/templates/_k10_template.tpl b/charts/kasten/k10/templates/_k10_template.tpl index 235eb3ddf..330c6f2ed 100644 --- a/charts/kasten/k10/templates/_k10_template.tpl +++ b/charts/kasten/k10/templates/_k10_template.tpl @@ -56,6 +56,7 @@ spec: {{- end}} labels: {{ include "helm.labels" . | indent 8 }} +{{- include "k10.azMarketPlace.billingIdentifier" . }} component: {{ $service }} run: {{ $deploymentName }} spec: @@ -131,6 +132,7 @@ spec: configMap: name: k10-features {{- end }} +{{- if list "dashboardbff" "auth" "controllermanager" | has $pod}} {{- if eq (include "basicauth.check" .) "true" }} - name: k10-basic-auth secret: @@ -159,6 +161,7 @@ spec: configMap: name: k10-logos-dex {{- end }} +{{- end }} {{- range $skip, $statefulContainer := compact (dict "main" . "k10_service_pod" $pod | include "get.statefulRestServicesInPod" | splitList " ") }} - name: {{ $statefulContainer }}-persistent-storage persistentVolumeClaim: diff --git a/charts/kasten/k10/templates/gateway.yaml b/charts/kasten/k10/templates/gateway.yaml index 616c4140e..121d1da99 100644 --- a/charts/kasten/k10/templates/gateway.yaml +++ b/charts/kasten/k10/templates/gateway.yaml @@ -124,6 +124,7 @@ spec: service: gateway component: gateway {{ include "helm.labels" . | indent 8 }} +{{- include "k10.azMarketPlace.billingIdentifier" . }} {{- if $.Values.gateway.next_gen }} spec: serviceAccountName: {{ template "serviceAccountName" . }} diff --git a/charts/kasten/k10/templates/k10-config.yaml b/charts/kasten/k10/templates/k10-config.yaml index 8ae4dbd45..2feaca86f 100644 --- a/charts/kasten/k10/templates/k10-config.yaml +++ b/charts/kasten/k10/templates/k10-config.yaml @@ -6,6 +6,8 @@ metadata: namespace: {{ .Release.Namespace }} name: k10-config data: + DataStoreLogLevel: {{ default "error" | quote }} + DataStoreFileLogLevel: {{ default "" | quote }} loglevel: {{ .Values.logLevel | quote }} {{- if .Values.clusterName }} clustername: {{ quote .Values.clusterName }} @@ -21,7 +23,7 @@ data: concurrentSnapConversions: {{ default (include "k10.defaultConcurrentSnapshotConversions" .) .Values.limiter.concurrentSnapConversions | quote }} concurrentWorkloadSnapshots: {{ include "k10.defaultConcurrentWorkloadSnapshots" . | quote }} k10DataStoreDisableCompression: "false" - k10DataStoreParallelUpload: {{ include "k10.defaultK10DataStoreParallelUpload" . | quote }} + k10DataStoreParallelUpload: {{ .Values.datastore.parallelUploads | quote }} k10DataStoreGeneralContentCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralContentCacheSizeMB" . | quote }} k10DataStoreGeneralMetadataCacheSizeMB: {{ include "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" . | quote }} k10DataStoreRestoreContentCacheSizeMB: {{ include "k10.defaultK10DataStoreRestoreContentCacheSizeMB" . | quote }} diff --git a/charts/kasten/k10/templates/prometheus-configmap.yaml b/charts/kasten/k10/templates/prometheus-configmap.yaml index 075a21aa4..227d19ae2 100644 --- a/charts/kasten/k10/templates/prometheus-configmap.yaml +++ b/charts/kasten/k10/templates/prometheus-configmap.yaml @@ -1,5 +1,9 @@ {{ include "check.validatePrometheusConfig" .}} {{- if .Values.prometheus.server.enabled -}} +{{- $cluster_domain := "" -}} +{{- with .Values.cluster.domainName -}} + {{- $cluster_domain = printf ".%s" . -}} +{{- end -}} {{- $rbac := .Values.prometheus.rbac.create -}} kind: ConfigMap apiVersion: v1 @@ -17,14 +21,14 @@ data: scrape_configs: - job_name: httpServiceDiscovery http_sd_configs: - - url: {{ printf "http://metering-svc.%s.svc.%s:8000/v0/listScrapeTargets" .Release.Namespace .Values.cluster.domainName }} + - url: {{ printf "http://metering-svc.%s.svc%s:8000/v0/listScrapeTargets" .Release.Namespace $cluster_domain }} {{- if .Values.kanisterPodMetricSidecar.enabled }} - job_name: pushAggregator honor_timestamps: true metrics_path: /v0/push-metric-agg/metrics static_configs: - targets: - - {{ printf "metering-svc.%s.svc.%s:8000" .Release.Namespace .Values.cluster.domainName }} + - {{ printf "metering-svc.%s.svc%s:8000" .Release.Namespace $cluster_domain }} {{- end -}} {{- if .Values.prometheus.scrapeCAdvisor }} - job_name: 'kubernetes-cadvisor' diff --git a/charts/kasten/k10/templates/rbac.yaml b/charts/kasten/k10/templates/rbac.yaml index 9755907fa..60bb58db5 100644 --- a/charts/kasten/k10/templates/rbac.yaml +++ b/charts/kasten/k10/templates/rbac.yaml @@ -254,6 +254,31 @@ subjects: kind: Group name: {{ . }} {{- end }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: +{{ include "helm.labels" . | indent 4 }} + name: {{ .Release.Namespace }}-{{ template "serviceAccountName" . }}-mc-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Release.Name }}-mc-admin +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: k10:admins +{{- range .Values.auth.k10AdminUsers }} + - apiGroup: rbac.authorization.k8s.io + kind: User + name: {{ . }} +{{- end }} +{{- range default .Values.auth.groupAllowList .Values.auth.k10AdminGroups }} + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: {{ . }} +{{- end }} {{- end }} {{- if and .Values.rbac.create (not .Values.prometheus.rbac.create) }} --- diff --git a/charts/kasten/k10/templates/secure_deployment.tpl b/charts/kasten/k10/templates/secure_deployment.tpl index 73ef0e679..b3c377890 100644 --- a/charts/kasten/k10/templates/secure_deployment.tpl +++ b/charts/kasten/k10/templates/secure_deployment.tpl @@ -19,5 +19,3 @@ A secure deployment is defined as one of the following: {{- include "k10.fail.fipsMulticluster" . -}} {{- include "k10.fail.fipsPDFReports" . -}} {{- include "k10.fail.fipsGatewayNextGen" . -}} -{{- include "k10.fail.fipsDexAuthLDAP" . -}} -{{- include "k10.fail.fipsDexAuthOpenshift" . -}} diff --git a/charts/kasten/k10/templates/{values}/grafana/values/grafana_values.tpl b/charts/kasten/k10/templates/{values}/grafana/values/grafana_values.tpl index 1c5ef752a..1ec6d37a2 100644 --- a/charts/kasten/k10/templates/{values}/grafana/values/grafana_values.tpl +++ b/charts/kasten/k10/templates/{values}/grafana/values/grafana_values.tpl @@ -202,6 +202,15 @@ {{- $grafana_image = (include "k10.splitImage" $grafana_image_args) | fromJson -}} {{- end -}} +{{- if .Values.global.azMarketPlace -}} + {{- $grafana_image = ( dict + "registry" .Values.global.azure.images.grafana.registry + "repository" .Values.global.azure.images.grafana.image + "tag" .Values.global.azure.images.grafana.tag + ) + -}} +{{- end -}} + {{- $_ := set .Values.grafana.image "registry" $grafana_image.registry -}} {{- $_ := set .Values.grafana.image "repository" $grafana_image.repository -}} {{- $_ := set .Values.grafana.image "tag" $grafana_image.tag -}} @@ -218,11 +227,21 @@ "repository" "init" "tag" (include "get.k10ImageTag" $) ) -}} + {{- if .Values.global.images.init -}} {{- $init_image_args := (dict "image" .Values.global.images.init "path" "global.images.init") -}} {{- $init_image = (include "k10.splitImage" $init_image_args) | fromJson -}} {{- end -}} +{{- if .Values.global.azMarketPlace -}} + {{- $init_image = ( dict + "registry" .Values.global.azure.images.init.registry + "repository" .Values.global.azure.images.init.image + "tag" .Values.global.azure.images.init.tag + ) + -}} +{{- end -}} + {{- $_ := set .Values.grafana.downloadDashboardsImage "registry" $init_image.registry -}} {{- $_ := set .Values.grafana.downloadDashboardsImage "repository" $init_image.repository -}} {{- $_ := set .Values.grafana.downloadDashboardsImage "tag" $init_image.tag -}} diff --git a/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl b/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl index 8715f98d9..d457b54fa 100644 --- a/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl +++ b/charts/kasten/k10/templates/{values}/prometheus/charts/{charts}/values/prometheus_values.tpl @@ -76,6 +76,7 @@ "repository" "configmap-reload" "tag" (include "get.k10ImageTag" $) ) -}} + {{- if (index .Values.global.images "configmap-reload") -}} {{- $prometheus_configmap_reload_image = ( include "k10.splitImage" (dict @@ -86,6 +87,15 @@ -}} {{- end -}} +{{- if .Values.global.azMarketPlace -}} + {{- $prometheus_configmap_reload_image = (dict + "registry" .Values.global.azure.images.configmapreload.registry + "repository" .Values.global.azure.images.configmapreload.image + "tag" .Values.global.azure.images.configmapreload.tag + ) + -}} +{{- end -}} + {{- $_ := mergeOverwrite .Values.prometheus.configmapReload.prometheus.image (dict "repository" (list $prometheus_configmap_reload_image.registry $prometheus_configmap_reload_image.repository | compact | join "/") @@ -115,6 +125,15 @@ -}} {{- end -}} +{{- if .Values.global.azMarketPlace -}} + {{- $prometheus_server_image = ( dict + "registry" .Values.global.azure.images.prometheus.registry + "repository" .Values.global.azure.images.prometheus.image + "tag" .Values.global.azure.images.prometheus.tag + ) + -}} +{{- end -}} + {{- $_ := mergeOverwrite .Values.prometheus.server.image (dict "repository" (list $prometheus_server_image.registry $prometheus_server_image.repository | compact | join "/") diff --git a/charts/kasten/k10/values.schema.json b/charts/kasten/k10/values.schema.json index 3b851c69e..67d66e07e 100644 --- a/charts/kasten/k10/values.schema.json +++ b/charts/kasten/k10/values.schema.json @@ -791,9 +791,9 @@ "properties": { "domainName": { "type": "string", - "default": "cluster.local", + "default": "", "title": "Domain name of the cluster", - "description": "Change default domain name of the cluster" + "description": "Set domain name of the cluster" } } }, @@ -2097,6 +2097,17 @@ "title": "K10 pods resource config", "description": "Resource management for K10 pods" }, + "datastore": { + "type": "object", + "properties": { + "parallelUploads": { + "type": "integer", + "default": 8, + "title": "Parallelism for data store uploads", + "description": "Specifies how many files can be uploaded in parallel to the data store" + } + } + }, "defaultPriorityClassName": { "type": "string", "default": "", diff --git a/charts/kasten/k10/values.yaml b/charts/kasten/k10/values.yaml index 925b8d518..dda1ba2a2 100644 --- a/charts/kasten/k10/values.yaml +++ b/charts/kasten/k10/values.yaml @@ -163,7 +163,7 @@ eula: license: "" #base64 encoded string provided by Kasten cluster: - domainName: "cluster.local" #default value is cluster.local + domainName: "" multicluster: enabled: true @@ -510,3 +510,6 @@ maxJobWaitDuration: "" forceRootInKanisterHooks: true ephemeralPVCOverhead: 0.1 + +datastore: + parallelUploads: 8 diff --git a/index.yaml b/index.yaml index fc4413a61..cac932045 100644 --- a/index.yaml +++ b/index.yaml @@ -25943,6 +25943,34 @@ entries: - assets/trilio/k8s-triliovault-operator-v2.0.200.tgz version: v2.0.200 k10: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 6.5.14 + created: "2024-05-19T00:57:54.204290539Z" + dependencies: + - condition: grafana.enabled + name: grafana + repository: file://./charts/grafana + version: 7.3.2 + - condition: prometheus.server.enabled + name: prometheus + repository: file://./charts/prometheus + version: 25.18.0 + description: Kasten’s K10 Data Management Platform + digest: 8997bcb7b34b9d70762f2cb4d3801cdf5d81e7cba1a51008a7c04e0128a6ca01 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-6.5.1401.tgz + version: 6.5.1401 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: K10