diff --git a/assets/argo/argo-cd-5.36.6.tgz b/assets/argo/argo-cd-5.36.6.tgz
new file mode 100644
index 000000000..2ea399a89
Binary files /dev/null and b/assets/argo/argo-cd-5.36.6.tgz differ
diff --git a/assets/bitnami/wordpress-16.1.18.tgz b/assets/bitnami/wordpress-16.1.18.tgz
new file mode 100644
index 000000000..1d1ae052c
Binary files /dev/null and b/assets/bitnami/wordpress-16.1.18.tgz differ
diff --git a/assets/bitnami/zookeeper-11.4.3.tgz b/assets/bitnami/zookeeper-11.4.3.tgz
new file mode 100644
index 000000000..c66a7dee0
Binary files /dev/null and b/assets/bitnami/zookeeper-11.4.3.tgz differ
diff --git a/assets/cockroach-labs/cockroachdb-11.0.3.tgz b/assets/cockroach-labs/cockroachdb-11.0.3.tgz
new file mode 100644
index 000000000..d9345ed9a
Binary files /dev/null and b/assets/cockroach-labs/cockroachdb-11.0.3.tgz differ
diff --git a/assets/codefresh/cf-runtime-1.0.8.tgz b/assets/codefresh/cf-runtime-1.0.8.tgz
new file mode 100644
index 000000000..6238c0875
Binary files /dev/null and b/assets/codefresh/cf-runtime-1.0.8.tgz differ
diff --git a/assets/crowdstrike/falcon-sensor-1.20.1.tgz b/assets/crowdstrike/falcon-sensor-1.20.1.tgz
new file mode 100644
index 000000000..bd38e4aa8
Binary files /dev/null and b/assets/crowdstrike/falcon-sensor-1.20.1.tgz differ
diff --git a/assets/datadog/datadog-3.32.4.tgz b/assets/datadog/datadog-3.32.4.tgz
new file mode 100644
index 000000000..2dc546811
Binary files /dev/null and b/assets/datadog/datadog-3.32.4.tgz differ
diff --git a/assets/dh2i/dxemssql-1.0.4.tgz b/assets/dh2i/dxemssql-1.0.4.tgz
new file mode 100644
index 000000000..426edee2a
Binary files /dev/null and b/assets/dh2i/dxemssql-1.0.4.tgz differ
diff --git a/assets/dynatrace/dynatrace-operator-0.12.0.tgz b/assets/dynatrace/dynatrace-operator-0.12.0.tgz
new file mode 100644
index 000000000..1825e814a
Binary files /dev/null and b/assets/dynatrace/dynatrace-operator-0.12.0.tgz differ
diff --git a/assets/gopaddle/gopaddle-4.2.7.tgz b/assets/gopaddle/gopaddle-4.2.7.tgz
new file mode 100644
index 000000000..4a0884758
Binary files /dev/null and b/assets/gopaddle/gopaddle-4.2.7.tgz differ
diff --git a/assets/haproxy/haproxy-1.30.6.tgz b/assets/haproxy/haproxy-1.30.6.tgz
new file mode 100644
index 000000000..8fb035f49
Binary files /dev/null and b/assets/haproxy/haproxy-1.30.6.tgz differ
diff --git a/assets/intel/intel-device-plugins-operator-0.27.1.tgz b/assets/intel/intel-device-plugins-operator-0.27.1.tgz
new file mode 100644
index 000000000..c801d2f49
Binary files /dev/null and b/assets/intel/intel-device-plugins-operator-0.27.1.tgz differ
diff --git a/assets/intel/intel-device-plugins-qat-0.27.1.tgz b/assets/intel/intel-device-plugins-qat-0.27.1.tgz
new file mode 100644
index 000000000..d981c81d3
Binary files /dev/null and b/assets/intel/intel-device-plugins-qat-0.27.1.tgz differ
diff --git a/assets/intel/intel-device-plugins-sgx-0.27.1.tgz b/assets/intel/intel-device-plugins-sgx-0.27.1.tgz
new file mode 100644
index 000000000..00587f49a
Binary files /dev/null and b/assets/intel/intel-device-plugins-sgx-0.27.1.tgz differ
diff --git a/assets/kuma/kuma-2.2.2.tgz b/assets/kuma/kuma-2.2.2.tgz
new file mode 100644
index 000000000..c5595d35e
Binary files /dev/null and b/assets/kuma/kuma-2.2.2.tgz differ
diff --git a/assets/new-relic/nri-bundle-5.0.20.tgz b/assets/new-relic/nri-bundle-5.0.20.tgz
new file mode 100644
index 000000000..28546c95b
Binary files /dev/null and b/assets/new-relic/nri-bundle-5.0.20.tgz differ
diff --git a/assets/pixie/pixie-operator-chart-0.1.401.tgz b/assets/pixie/pixie-operator-chart-0.1.401.tgz
new file mode 100644
index 000000000..aebeac52b
Binary files /dev/null and b/assets/pixie/pixie-operator-chart-0.1.401.tgz differ
diff --git a/assets/redpanda/redpanda-4.0.45.tgz b/assets/redpanda/redpanda-4.0.45.tgz
new file mode 100644
index 000000000..cb5ad0f1c
Binary files /dev/null and b/assets/redpanda/redpanda-4.0.45.tgz differ
diff --git a/assets/speedscale/speedscale-operator-1.3.17.tgz b/assets/speedscale/speedscale-operator-1.3.17.tgz
new file mode 100644
index 000000000..d2413db20
Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.17.tgz differ
diff --git a/assets/weka/csi-wekafsplugin-2.1.0.tgz b/assets/weka/csi-wekafsplugin-2.1.0.tgz
new file mode 100644
index 000000000..b9fc1eb2a
Binary files /dev/null and b/assets/weka/csi-wekafsplugin-2.1.0.tgz differ
diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml
index 81c3366e9..f02e2497b 100644
--- a/charts/argo/argo-cd/Chart.yaml
+++ b/charts/argo/argo-cd/Chart.yaml
@@ -1,7 +1,9 @@
annotations:
artifacthub.io/changes: |
- - kind: added
- description: Add `app.kubernetes.io/version` label
+ - kind: changed
+ description: Upgrade Argo CD to v2.7.6
+ - kind: changed
+ description: applicationSet.containerPorts.metrics to 8085
artifacthub.io/signKey: |
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc
@@ -10,7 +12,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: argo-cd
apiVersion: v2
-appVersion: v2.7.5
+appVersion: v2.7.6
dependencies:
- condition: redis-ha.enabled
name: redis-ha
@@ -32,4 +34,4 @@ name: argo-cd
sources:
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
- https://github.com/argoproj/argo-cd
-version: 5.36.4
+version: 5.36.6
diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md
index f5a6a8865..6d2e0b89d 100644
--- a/charts/argo/argo-cd/README.md
+++ b/charts/argo/argo-cd/README.md
@@ -1044,7 +1044,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide
| applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. |
| applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. |
| applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource |
-| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port |
+| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port |
| applicationSet.containerPorts.probe | int | `8081` | Probe container port |
| applicationSet.containerPorts.webhook | int | `7000` | Webhook container port |
| applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context |
diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml
index c2dd9b525..2c3fe694e 100644
--- a/charts/argo/argo-cd/values.yaml
+++ b/charts/argo/argo-cd/values.yaml
@@ -2506,7 +2506,7 @@ applicationSet:
# ApplicationSet controller container ports
containerPorts:
# -- Metrics container port
- metrics: 8080
+ metrics: 8085
# -- Probe container port
probe: 8081
# -- Webhook container port
diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml
index f8fea5ff9..1c6b4eba7 100644
--- a/charts/bitnami/wordpress/Chart.yaml
+++ b/charts/bitnami/wordpress/Chart.yaml
@@ -40,4 +40,4 @@ maintainers:
name: wordpress
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
-version: 16.1.17
+version: 16.1.18
diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md
index e6148f569..a81fa3d0e 100644
--- a/charts/bitnami/wordpress/README.md
+++ b/charts/bitnami/wordpress/README.md
@@ -20,6 +20,8 @@ It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/t
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+Looking to use WordPress in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
## Prerequisites
- Kubernetes 1.19+
@@ -80,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
-| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r16` |
+| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r18` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
@@ -247,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r127` |
+| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r128` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@@ -279,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
-| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r6` |
+| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r7` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml
index 52f22f69a..1f5ad6402 100644
--- a/charts/bitnami/wordpress/values.yaml
+++ b/charts/bitnami/wordpress/values.yaml
@@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
- tag: 6.2.2-debian-11-r16
+ tag: 6.2.2-debian-11-r18
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -763,7 +763,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r127
+ tag: 11-debian-11-r128
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -857,7 +857,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
- tag: 0.13.4-debian-11-r6
+ tag: 0.13.4-debian-11-r7
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml
index bb3aa391c..1ae70b67d 100644
--- a/charts/bitnami/zookeeper/Chart.yaml
+++ b/charts/bitnami/zookeeper/Chart.yaml
@@ -25,4 +25,4 @@ maintainers:
name: zookeeper
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
-version: 11.4.2
+version: 11.4.3
diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md
index fc1e1e78e..79a780990 100644
--- a/charts/bitnami/zookeeper/README.md
+++ b/charts/bitnami/zookeeper/README.md
@@ -80,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
-| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r36` |
+| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r46` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@@ -246,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r118` |
+| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r127` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@@ -507,7 +507,7 @@ kubectl delete statefulset zookeeper-zookeeper --cascade=false
## License
-Copyright © 2023 Bitnami
+Copyright © 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml
index 51ae4470d..d1e00b370 100644
--- a/charts/bitnami/zookeeper/values.yaml
+++ b/charts/bitnami/zookeeper/values.yaml
@@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
- tag: 3.8.1-debian-11-r36
+ tag: 3.8.1-debian-11-r46
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
- tag: 11-debian-11-r118
+ tag: 11-debian-11-r127
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml
index ced423ff0..0a75d091b 100644
--- a/charts/cockroach-labs/cockroachdb/Chart.yaml
+++ b/charts/cockroach-labs/cockroachdb/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.8-0'
catalog.cattle.io/release-name: cockroachdb
apiVersion: v1
-appVersion: 23.1.3
+appVersion: 23.1.4
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
home: https://www.cockroachlabs.com
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
@@ -14,4 +14,4 @@ maintainers:
name: cockroachdb
sources:
- https://github.com/cockroachdb/cockroach
-version: 11.0.2
+version: 11.0.3
diff --git a/charts/cockroach-labs/cockroachdb/README.md b/charts/cockroach-labs/cockroachdb/README.md
index 504b21723..1852a788f 100644
--- a/charts/cockroach-labs/cockroachdb/README.md
+++ b/charts/cockroach-labs/cockroachdb/README.md
@@ -229,10 +229,10 @@ kubectl get pods \
```
```
-my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.3
-my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.3
-my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.3
-my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.3
+my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.4
+my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.4
+my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.4
+my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.4
```
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
@@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
| `conf.store.size` | CockroachDB storage size | `""` |
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
| `image.repository` | Container image name | `cockroachdb/cockroach` |
-| `image.tag` | Container image tag | `v23.1.3` |
+| `image.tag` | Container image tag | `v23.1.4` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
| `statefulset.replicas` | StatefulSet replicas number | `3` |
diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml
index cd577f4b9..a4c9ab49c 100644
--- a/charts/cockroach-labs/cockroachdb/values.yaml
+++ b/charts/cockroach-labs/cockroachdb/values.yaml
@@ -1,7 +1,7 @@
# Generated file, DO NOT EDIT. Source: build/templates/values.yaml
image:
repository: cockroachdb/cockroach
- tag: v23.1.3
+ tag: v23.1.4
pullPolicy: IfNotPresent
credentials: {}
# registry: docker.io
diff --git a/charts/codefresh/cf-runtime/Chart.yaml b/charts/codefresh/cf-runtime/Chart.yaml
index ab6d5a2e0..0b902bba4 100644
--- a/charts/codefresh/cf-runtime/Chart.yaml
+++ b/charts/codefresh/cf-runtime/Chart.yaml
@@ -15,4 +15,4 @@ maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
-version: 1.0.7
+version: 1.0.8
diff --git a/charts/codefresh/cf-runtime/README.md b/charts/codefresh/cf-runtime/README.md
index 948902ae9..4f72e6fbd 100644
--- a/charts/codefresh/cf-runtime/README.md
+++ b/charts/codefresh/cf-runtime/README.md
@@ -1,6 +1,6 @@
## Codefresh Runner
-
+
## Prerequisites
@@ -91,6 +91,7 @@ Kubernetes: `>=1.19.0-0`
| re.dindDaemon.tlskey | string | `"/etc/ssl/cf/server-key.pem"` | |
| re.dindDaemon.tlsverify | bool | `true` | |
| re.serviceAccount | object | `{"annotations":{}}` | Set annotation on engine Service Account Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster |
+| runner.annotations | object | `{}` | Add annotations to runner pod |
| runner.env | object | `{}` | Add additional env vars |
| runner.image | string | `"codefresh/venona:1.9.16"` | Set runner image |
| runner.nodeSelector | object | `{}` | Set runner node selector |
diff --git a/charts/codefresh/cf-runtime/templates/re/service-account.re.yaml b/charts/codefresh/cf-runtime/templates/re/service-account.re.yaml
index ce47ec838..b515bcf95 100644
--- a/charts/codefresh/cf-runtime/templates/re/service-account.re.yaml
+++ b/charts/codefresh/cf-runtime/templates/re/service-account.re.yaml
@@ -8,5 +8,5 @@ metadata:
annotations:
{{- range $key, $value := .Values.re.serviceAccount.annotations }}
{{ $key }}: {{ $value }}
- {{- end}}
+ {{- end}}
{{- end}}
diff --git a/charts/codefresh/cf-runtime/templates/venona/deployment.runner.yaml b/charts/codefresh/cf-runtime/templates/venona/deployment.runner.yaml
index 009026d5a..de7f1bcb1 100644
--- a/charts/codefresh/cf-runtime/templates/venona/deployment.runner.yaml
+++ b/charts/codefresh/cf-runtime/templates/venona/deployment.runner.yaml
@@ -16,6 +16,10 @@ spec:
template:
metadata:
labels: {{- include "cf-runner.labels" . | nindent 8 }}
+ annotations:
+ {{- range $key, $value := .Values.runner.annotations }}
+ {{ $key }}: {{ $value }}
+ {{- end}}
spec:
serviceAccountName: {{ include "cf-runner.fullname" . }}
{{- if .Values.runner.nodeSelector }}
diff --git a/charts/codefresh/cf-runtime/templates/volume-provisioner/service-account.dind-volume-provisioner.vp.yaml b/charts/codefresh/cf-runtime/templates/volume-provisioner/service-account.dind-volume-provisioner.vp.yaml
index 034e38d4e..94e974698 100644
--- a/charts/codefresh/cf-runtime/templates/volume-provisioner/service-account.dind-volume-provisioner.vp.yaml
+++ b/charts/codefresh/cf-runtime/templates/volume-provisioner/service-account.dind-volume-provisioner.vp.yaml
@@ -7,5 +7,5 @@ metadata:
{{- if .Values.volumeProvisioner.serviceAccount }}
{{- range $key, $value := .Values.volumeProvisioner.serviceAccount.annotations }}
{{ $key }}: {{ $value }}
- {{- end}}
+ {{- end}}
{{- end}}
diff --git a/charts/codefresh/cf-runtime/templates/volume-provisioner/storageclass.dind-volume-provisioner.vp.yaml b/charts/codefresh/cf-runtime/templates/volume-provisioner/storageclass.dind-volume-provisioner.vp.yaml
index 446f1b1a7..305deae65 100644
--- a/charts/codefresh/cf-runtime/templates/volume-provisioner/storageclass.dind-volume-provisioner.vp.yaml
+++ b/charts/codefresh/cf-runtime/templates/volume-provisioner/storageclass.dind-volume-provisioner.vp.yaml
@@ -8,7 +8,7 @@ metadata:
{{/* annotations:*/}}
{{/* {{ range $key, $value := .Values.Storage.Annotations }}*/}}
{{/* {{ $key }}: {{ $value }}*/}}
- {{/* {{ end }}*/}}
+ {{/* {{ end }}*/}}
provisioner: {{ include "cf-vp.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
diff --git a/charts/codefresh/cf-runtime/values.yaml b/charts/codefresh/cf-runtime/values.yaml
index cf544ac5e..82461ca00 100644
--- a/charts/codefresh/cf-runtime/values.yaml
+++ b/charts/codefresh/cf-runtime/values.yaml
@@ -61,6 +61,9 @@ runner:
# operator: Equal
# value: dind
# effect: NoSchedule
+
+ # -- Add annotations to runner pod
+ annotations: {}
# Volume Provisioner parameters
# @default -- See below
diff --git a/charts/crowdstrike/falcon-sensor/Chart.yaml b/charts/crowdstrike/falcon-sensor/Chart.yaml
index 633d3b1a6..94e9976d8 100644
--- a/charts/crowdstrike/falcon-sensor/Chart.yaml
+++ b/charts/crowdstrike/falcon-sensor/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>1.22.0-0'
catalog.cattle.io/release-name: falcon-sensor
apiVersion: v2
-appVersion: 1.19.1
+appVersion: 1.20.1
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
@@ -24,4 +24,4 @@ name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
-version: 1.19.1
+version: 1.20.1
diff --git a/charts/crowdstrike/falcon-sensor/README.md b/charts/crowdstrike/falcon-sensor/README.md
index 3d597f4bb..7e4536dfa 100644
--- a/charts/crowdstrike/falcon-sensor/README.md
+++ b/charts/crowdstrike/falcon-sensor/README.md
@@ -87,13 +87,6 @@ kubectl label --overwrite ns my-existing-namespace \
pod-security.kubernetes.io/enforce=privileged
```
-If your cluster is OpenShift version 4.11+, you will need to add an additional label to disable added OpenShift functionality that will sync Pod Security Standard policies based on the default Security Context Constraints (SCC).
-Run the following command replacing `my-existing-namespace` with the namespace that you have installed the falcon sensors e.g. `falcon-system`.
-```
-kubectl label --overwrite ns my-existing-namespace \
- security.openshift.io/scc.podSecurityLabelSync=false
-```
-
If desired to silence the warning and change the auditing level for the Pod Security Standard, add the following labels
```
kubectl label ns --overwrite my-existing-namespace pod-security.kubernetes.io/audit=privileged
@@ -207,7 +200,7 @@ The following tables lists the more common configurable parameters of the chart
| `container.image.pullPolicy` | Policy for updating images | `Always` |
| `container.image.pullSecrets.enable` | Enable pull secrets for private registry | `false` |
| `container.image.pullSecrets.namespaces` | List of Namespaces to pull the Falcon sensor from an authenticated registry | None |
-| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces | `false` |
+| `container.image.pullSecrets.allNamespaces` | Use Helm's lookup function to deploy the pull secret to all namespaces. Helm chart must be re-run everytime a new namespace is created. | `false` |
| `container.image.pullSecrets.registryConfigJSON` | base64 encoded docker config json for the pull secret | None |
| `container.image.sensorResources` | The requests and limits of the sensor ([see example below](#example-using-containerimagesensorresources)) | None |
| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) |
diff --git a/charts/crowdstrike/falcon-sensor/templates/NOTES.txt b/charts/crowdstrike/falcon-sensor/templates/NOTES.txt
index 284098c0c..1aa5b1b78 100644
--- a/charts/crowdstrike/falcon-sensor/templates/NOTES.txt
+++ b/charts/crowdstrike/falcon-sensor/templates/NOTES.txt
@@ -17,10 +17,3 @@ The default image name to deploy the pod sensor is `falcon-sensor`.
When utilizing your own registry, an extremely common error on installation is accidentally forgetting to add your containerized
sensor to your local image registry prior to executing `helm install`. Please read the Helm Chart's readme
for more deployment considerations.
-
-{{ if and (.Capabilities.APIVersions.Has "security.openshift.io/v1") .Values.container.enabled -}}
-If deploying the Falcon Container Sensor on Red Hat OpenShift, push the Falcon Container sensor image
-after you install the Helm Chart if you are using OpenShift's internal registry.
-This is due to OpenShift requiring a valid ImageStream Tag to pull from a valid image hash in
-the internal registry.
-{{- end }}
diff --git a/charts/crowdstrike/falcon-sensor/templates/clusterrole.yaml b/charts/crowdstrike/falcon-sensor/templates/clusterrole.yaml
index 6b17f7b45..bc9c92a1c 100644
--- a/charts/crowdstrike/falcon-sensor/templates/clusterrole.yaml
+++ b/charts/crowdstrike/falcon-sensor/templates/clusterrole.yaml
@@ -19,31 +19,6 @@ rules:
verbs:
- get
{{- end }}
-{{- if .Capabilities.APIVersions.Has "image.openshift.io/v1" }}
-- apiGroups:
- - ""
- - image.openshift.io
- resources:
- - imagestreams/layers
- verbs:
- - get
-{{- end }}
-{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
-- apiGroups:
- - security.openshift.io
- resources:
- - securitycontextconstraints
- resourceNames:
-{{- if .Values.node.enabled }}
- - privileged
-{{- end }}
- {{- if .Values.container.enabled }}
- - {{ include "falcon-sensor.fullname" . }}-container
-{{- end }}
- verbs:
- - use
-{{- end }}
-{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
- apiGroups:
- policy
@@ -59,4 +34,3 @@ rules:
verbs:
- use
{{- end }}
-{{- end }}
diff --git a/charts/crowdstrike/falcon-sensor/templates/container_psp.yaml b/charts/crowdstrike/falcon-sensor/templates/container_psp.yaml
index 42d78dc4c..b4a740722 100644
--- a/charts/crowdstrike/falcon-sensor/templates/container_psp.yaml
+++ b/charts/crowdstrike/falcon-sensor/templates/container_psp.yaml
@@ -1,4 +1,3 @@
-{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if .Values.container.enabled }}
@@ -55,4 +54,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/charts/crowdstrike/falcon-sensor/templates/container_scc.yaml b/charts/crowdstrike/falcon-sensor/templates/container_scc.yaml
deleted file mode 100644
index e29024b2c..000000000
--- a/charts/crowdstrike/falcon-sensor/templates/container_scc.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-{{- if .Values.container.enabled }}
-{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
-kind: SecurityContextConstraints
-apiVersion: security.openshift.io/v1
-metadata:
- name: {{ include "falcon-sensor.fullname" . }}-container
- labels:
- app: {{ include "falcon-sensor.name" . }}
- app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/component: "container_sensor"
- crowdstrike.com/provider: crowdstrike
- helm.sh/chart: {{ include "falcon-sensor.chart" . }}
-allowPrivilegedContainer: false
-runAsUser:
- type: RunAsAny
-seLinuxContext:
- type: MustRunAs
-fsGroup:
- type: MustRunAs
-supplementalGroups:
- type: MustRunAs
-allowHostDirVolumePlugin: false
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-readOnlyRootFilesystem: false
-requiredDropCapabilities:
-- KILL
-- MKNOD
-- SYS_CHROOT
-- AUDIT_WRITE
-- CHOWN
-- DAC_OVERRIDE
-- FOWNER
-- FSETID
-- NET_BIND_SERVICE
-- NET_RAW
-- SETGID
-- SETPCAP
-- SETUID
-defaultAddCapabilities:
-- SYS_PTRACE
-allowedCapabilities:
-- SYS_PTRACE
-users:
-groups:
-volumes:
-- configMap
-- downwardAPI
-- emptyDir
-- persistentVolumeClaim
-- projected
-- secret
-{{- end }}
-{{- end }}
diff --git a/charts/crowdstrike/falcon-sensor/templates/container_secret.yaml b/charts/crowdstrike/falcon-sensor/templates/container_secret.yaml
index 989768c9d..c023e98da 100644
--- a/charts/crowdstrike/falcon-sensor/templates/container_secret.yaml
+++ b/charts/crowdstrike/falcon-sensor/templates/container_secret.yaml
@@ -10,7 +10,7 @@ metadata:
data:
.dockerconfigjson: {{ $registry }}
type: kubernetes.io/dockerconfigjson
-{{- if .Values.container.image.pullSecrets.namespaces }}
+{{- if or .Values.container.image.pullSecrets.namespaces .Values.container.image.pullSecrets.allNamespaces }}
{{- $name := ( .Values.container.image.pullSecrets.name | default (printf "%s-pull-secret" (include "falcon-sensor.fullname" .))) }}
{{- $myns := split "," .Values.container.image.pullSecrets.namespaces -}}
{{- if .Values.container.image.pullSecrets.allNamespaces }}
diff --git a/charts/crowdstrike/falcon-sensor/templates/node_psp.yaml b/charts/crowdstrike/falcon-sensor/templates/node_psp.yaml
index 686fd1d0e..b10f1fe8b 100644
--- a/charts/crowdstrike/falcon-sensor/templates/node_psp.yaml
+++ b/charts/crowdstrike/falcon-sensor/templates/node_psp.yaml
@@ -1,4 +1,3 @@
-{{- if not (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
{{- if lt (int (semver .Capabilities.KubeVersion.Version).Minor) 25 }}
{{- if .Values.node.enabled }}
@@ -36,4 +35,3 @@ spec:
{{- end }}
{{- end }}
{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md
index 03b998769..bfe119215 100644
--- a/charts/datadog/datadog/CHANGELOG.md
+++ b/charts/datadog/datadog/CHANGELOG.md
@@ -1,5 +1,13 @@
# Datadog changelog
+## 3.32.4
+
+* Add futimens, utime, utimes and utimensat syscalls to system-probe seccomp.
+
+## 3.32.3
+
+* Allows configuration of `dogstatsd.tagCardinality` independent of `dogstatsd.originDetection`.
+
## 3.32.2
* Set the `priority` field of the OpenShift’s SCC to `null` in order to not have a higher priority than the OpenShift 4.11+ default `restricted-v2` SCC.
diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml
index eea95401d..af509c6d6 100644
--- a/charts/datadog/datadog/Chart.yaml
+++ b/charts/datadog/datadog/Chart.yaml
@@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
-version: 3.32.2
+version: 3.32.4
diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md
index 0b5749357..b85826841 100644
--- a/charts/datadog/datadog/README.md
+++ b/charts/datadog/datadog/README.md
@@ -1,6 +1,6 @@
# Datadog
- 
+ 
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
diff --git a/charts/datadog/datadog/templates/_container-agent.yaml b/charts/datadog/datadog/templates/_container-agent.yaml
index 81fc80678..4b860ab85 100644
--- a/charts/datadog/datadog/templates/_container-agent.yaml
+++ b/charts/datadog/datadog/templates/_container-agent.yaml
@@ -73,6 +73,8 @@
{{- if .Values.datadog.dogstatsd.originDetection }}
- name: DD_DOGSTATSD_ORIGIN_DETECTION
value: {{ .Values.datadog.dogstatsd.originDetection | quote }}
+ {{- end }}
+ {{- if .Values.datadog.dogstatsd.tagCardinality }}
- name: DD_DOGSTATSD_TAG_CARDINALITY
value: {{ .Values.datadog.dogstatsd.tagCardinality | quote }}
{{- end }}
diff --git a/charts/datadog/datadog/templates/system-probe-configmap.yaml b/charts/datadog/datadog/templates/system-probe-configmap.yaml
index 5b5ea5b3d..d5950e6df 100644
--- a/charts/datadog/datadog/templates/system-probe-configmap.yaml
+++ b/charts/datadog/datadog/templates/system-probe-configmap.yaml
@@ -135,6 +135,7 @@ data:
"fstatfs",
"fsync",
"futex",
+ "futimens",
"getcwd",
"getdents",
"getdents64",
@@ -254,6 +255,9 @@ data:
"uname",
"unlink",
"unlinkat",
+ "utime",
+ "utimensat",
+ "utimes",
"wait4",
"waitid",
"waitpid",
diff --git a/charts/dh2i/dxemssql/Chart.yaml b/charts/dh2i/dxemssql/Chart.yaml
index 7d002bff0..7a374fe29 100644
--- a/charts/dh2i/dxemssql/Chart.yaml
+++ b/charts/dh2i/dxemssql/Chart.yaml
@@ -1,7 +1,7 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
- catalog.cattle.io/kube-version: '>= 1.20.0'
+ catalog.cattle.io/kube-version: '>= 1.20.0-0'
catalog.cattle.io/release-name: dxemssql
charts.openshift.io/name: DxEnterprise for Microsoft SQL AG
apiVersion: v2
@@ -9,11 +9,11 @@ appVersion: "22.0"
description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server
availability groups
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
-kubeVersion: '>= 1.20.0'
+kubeVersion: '>= 1.20.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxemssql
type: application
-version: 1.0.3
+version: 1.0.4
diff --git a/charts/dh2i/dxemssql/README.md b/charts/dh2i/dxemssql/README.md
index ab1d3fd72..813228eb6 100644
--- a/charts/dh2i/dxemssql/README.md
+++ b/charts/dh2i/dxemssql/README.md
@@ -8,4 +8,8 @@ This chart deploys a SQL Server availability group managed by DxEnterprise clust
- A DxEnterprise license key with availability group management features and tunnels enabled
- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg)
+# Additional Information
+
Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/category/guides/dxenterprise/containers/kubernetes/).
+
+Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.
diff --git a/charts/dh2i/dxemssql/questions.yml b/charts/dh2i/dxemssql/questions.yml
index 4b3df7094..431aa1aa3 100644
--- a/charts/dh2i/dxemssql/questions.yml
+++ b/charts/dh2i/dxemssql/questions.yml
@@ -2,7 +2,7 @@ questions:
- variable: replicas
label: "Replicas"
type: int
- description: "The quantity of replicas (pods) to create."
+ description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG."
default: 3
required: true
group: General
diff --git a/charts/dh2i/dxemssql/values.schema.json b/charts/dh2i/dxemssql/values.schema.json
index 53222ba8d..47ef0134d 100644
--- a/charts/dh2i/dxemssql/values.schema.json
+++ b/charts/dh2i/dxemssql/values.schema.json
@@ -7,7 +7,7 @@
"properties": {
"replicas": {
"type": "integer",
- "minimum": 3,
+ "minimum": 1,
"maximum": 5
}
}
diff --git a/charts/dh2i/dxemssql/values.yaml b/charts/dh2i/dxemssql/values.yaml
index 0d715057d..9419e0c71 100644
--- a/charts/dh2i/dxemssql/values.yaml
+++ b/charts/dh2i/dxemssql/values.yaml
@@ -2,12 +2,15 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
-#General
+# General
+# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA.
+# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups
+# Only set this value below 3 if you intend to assign these replicas to an existing availability group
replicas: 3
secretKeys: null
enableLoadBalancers: "true"
-#SQL Server settings
+# SQL Server settings
sqlImage:
repository: "mcr.microsoft.com/mssql/server"
pullPolicy: Always
@@ -17,7 +20,7 @@ MSSQL_PID: "Developer"
ACCEPT_EULA: null
MSSQL_AGENT_ENABLED: "false"
-#DxEnterprise settings
+# DxEnterprise settings
dxeImage:
repository: dh2i/dxe
pullPolicy: Always
diff --git a/charts/dynatrace/dynatrace-operator/Chart.yaml b/charts/dynatrace/dynatrace-operator/Chart.yaml
index 44bc06ed3..de56a5f53 100644
--- a/charts/dynatrace/dynatrace-operator/Chart.yaml
+++ b/charts/dynatrace/dynatrace-operator/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
-appVersion: 0.11.2
+appVersion: 0.12.0
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
@@ -20,4 +20,4 @@ name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
-version: 0.11.2
+version: 0.12.0
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrole-activegate.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrole-activegate.yaml
index ed8feb1b4..14b1645b8 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrole-activegate.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrole-activegate.yaml
@@ -1,6 +1,5 @@
{{- include "dynatrace-operator.platformRequired" . }}
-{{- if eq (default false .Values.olm) true}}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
+{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
# Copyright 2021 Dynatrace LLC
@@ -25,11 +24,25 @@ rules:
- apiGroups:
- security.openshift.io
resourceNames:
- - host
- privileged
+ - nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
-{{- end -}}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: dynatrace-activegate
+ labels:
+ {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-activegate
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: dynatrace-activegate
+ apiGroup: rbac.authorization.k8s.io
{{- end -}}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrolebinding-activegate.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrolebinding-activegate.yaml
deleted file mode 100644
index c36e10990..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/activegate/clusterrolebinding-activegate.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{- if eq (default false .Values.olm) true}}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: dynatrace-activegate
- labels:
- {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: dynatrace-activegate
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: ClusterRole
- name: dynatrace-activegate
- apiGroup: rbac.authorization.k8s.io
-{{- end -}}
-{{- end -}}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml
index e92ded19d..06a8c8c53 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- controller-gen.kubebuilder.io/version: v0.11.1
+ controller-gen.kubebuilder.io/version: v0.12.0
name: dynakubes.dynatrace.com
spec:
conversion:
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml
index 47013af33..c631bb7bf 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml
@@ -62,4 +62,29 @@ rules:
- get
- list
- watch
+ {{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
+ - apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - privileged
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - use
+ {{ end }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: dynatrace-oneagent-csi-driver
+ labels:
+ {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-oneagent-csi-driver
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: dynatrace-oneagent-csi-driver
+ apiGroup: rbac.authorization.k8s.io
{{- end -}}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrolebinding-csi.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrolebinding-csi.yaml
deleted file mode 100644
index caa125baa..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrolebinding-csi.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: dynatrace-oneagent-csi-driver
- labels:
- {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: dynatrace-oneagent-csi-driver
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: ClusterRole
- name: dynatrace-oneagent-csi-driver
- apiGroup: rbac.authorization.k8s.io
-{{- end -}}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml
index 5ad7c4314..c17e0992e 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/csidriver.yaml
@@ -18,7 +18,7 @@ kind: CSIDriver
metadata:
name: csi.oneagent.dynatrace.com
labels:
- {{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
+ {{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
security.openshift.io/csi-ephemeral-volume-profile: "restricted"
{{- end }}
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml
index 9772146a3..4079c3c6d 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml
@@ -279,6 +279,9 @@ spec:
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
+ - key: kubernetes.io/arch
+ value: ppc64le
+ effect: NoSchedule
- key: ToBeDeletedByClusterAutoscaler
operator: Exists
effect: NoSchedule
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/role-csi.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/role-csi.yaml
index d0f401f1b..a199f3ec4 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/role-csi.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/role-csi.yaml
@@ -67,4 +67,20 @@ rules:
- get
- list
- watch
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: dynatrace-oneagent-csi-driver
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-oneagent-csi-driver
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: dynatrace-oneagent-csi-driver
+ apiGroup: rbac.authorization.k8s.io
{{- end -}}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/rolebinding-csi.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/rolebinding-csi.yaml
deleted file mode 100644
index a2b50b95e..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/rolebinding-csi.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: dynatrace-oneagent-csi-driver
- namespace: {{ .Release.Namespace }}
- labels:
- {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: dynatrace-oneagent-csi-driver
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: Role
- name: dynatrace-oneagent-csi-driver
- apiGroup: rbac.authorization.k8s.io
-{{- end -}}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
index be483dafe..75ea50520 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml
@@ -80,15 +80,30 @@ rules:
- /livez
verbs:
- get
- {{- if eq (default false .Values.olm) true}}
+ {{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- - host
- privileged
+ - nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: dynatrace-kubernetes-monitoring
+ labels:
+ {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: dynatrace-kubernetes-monitoring
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-kubernetes-monitoring
+ namespace: {{ .Release.Namespace }}
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml
deleted file mode 100644
index 07f9201a6..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: dynatrace-kubernetes-monitoring
- labels:
- {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: dynatrace-kubernetes-monitoring
-subjects:
- - kind: ServiceAccount
- name: dynatrace-kubernetes-monitoring
- namespace: {{ .Release.Namespace }}
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml
deleted file mode 100644
index 51d145b97..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: dynatrace-dynakube-oneagent-privileged
- labels:
- {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
-rules:
- - apiGroups:
- - security.openshift.io
- resourceNames:
- - host
- - privileged
- resources:
- - securitycontextconstraints
- verbs:
- - use
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent.yaml
similarity index 64%
rename from charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml
rename to charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent.yaml
index 13c00aa8e..d179ebb0a 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrole-oneagent.yaml
@@ -1,5 +1,5 @@
{{- include "dynatrace-operator.platformRequired" . }}
-{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
+{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,17 +16,31 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: dynatrace-dynakube-oneagent-unprivileged
+ name: dynatrace-dynakube-oneagent
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- - host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: dynatrace-dynakube-oneagent
+ labels:
+ {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-dynakube-oneagent
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: dynatrace-dynakube-oneagent
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml
deleted file mode 100644
index a79a47c24..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: dynatrace-dynakube-oneagent-privileged
- labels:
- {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: "dynatrace-dynakube-oneagent-privileged"
- namespace: {{ .Release.Namespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: "dynatrace-dynakube-oneagent-privileged"
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml
deleted file mode 100644
index 2581546d4..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: dynatrace-dynakube-oneagent-unprivileged
- labels:
- {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: dynatrace-dynakube-oneagent-unprivileged
- namespace: {{ .Release.Namespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: dynatrace-dynakube-oneagent-unprivileged
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
deleted file mode 100644
index 4f416294c..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: dynatrace-dynakube-oneagent-unprivileged
- namespace: {{ .Release.Namespace }}
- labels:
- {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
-automountServiceAccountToken: false
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent.yaml
similarity index 95%
rename from charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
rename to charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent.yaml
index 6c134c86d..311c55747 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/oneagent/serviceaccount-oneagent.yaml
@@ -16,7 +16,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: dynatrace-dynakube-oneagent-privileged
+ name: dynatrace-dynakube-oneagent
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml
index d770094ec..195334b4f 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrole-operator.yaml
@@ -90,15 +90,30 @@ rules:
verbs:
- get
- update
- {{- if eq (default false .Values.olm) true}}
+ {{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- - host
- privileged
+ - nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Release.Name }}
+ labels:
+ {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ .Release.Name }}
+ apiGroup: rbac.authorization.k8s.io
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrolebinding-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrolebinding-operator.yaml
deleted file mode 100644
index 5ab0c0e88..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/operator/clusterrolebinding-operator.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ .Release.Name }}
- labels:
- {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: {{ .Release.Name }}
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: ClusterRole
- name: {{ .Release.Name }}
- apiGroup: rbac.authorization.k8s.io
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/operator/deployment-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/operator/deployment-operator.yaml
index 058c072a4..a2cb7bb04 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/operator/deployment-operator.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/operator/deployment-operator.yaml
@@ -75,13 +75,6 @@ spec:
volumeMounts:
- name: tmp-cert-dir
mountPath: /tmp/dynatrace-operator
- readinessProbe:
- httpGet:
- path: /livez
- port: server-port
- scheme: HTTP
- initialDelaySeconds: 15
- periodSeconds: 10
livenessProbe:
httpGet:
path: /livez
@@ -112,6 +105,7 @@ spec:
values:
- amd64
- arm64
+ - ppc64le
{{- end }}
- key: kubernetes.io/os
operator: In
@@ -138,4 +132,7 @@ spec:
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
+ - key: kubernetes.io/arch
+ value: ppc64le
+ effect: NoSchedule
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml
index 82168ab74..f407a82fc 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml
@@ -162,4 +162,19 @@ rules:
- get
- update
- create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Release.Name }}
+roleRef:
+ kind: Role
+ name: {{ .Release.Name }}
+ apiGroup: rbac.authorization.k8s.io
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/operator/rolebinding-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/operator/rolebinding-operator.yaml
deleted file mode 100644
index d7fd25b84..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/operator/rolebinding-operator.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ .Release.Name }}
- namespace: {{ .Release.Namespace }}
- labels:
- {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: {{ .Release.Name }}
-roleRef:
- kind: Role
- name: {{ .Release.Name }}
- apiGroup: rbac.authorization.k8s.io
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrole-webhook.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrole-webhook.yaml
index 039b382ee..87379df14 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrole-webhook.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrole-webhook.yaml
@@ -83,15 +83,30 @@ rules:
- deploymentconfigs
verbs:
- get
- {{- if eq (default false .Values.olm) true}}
+ {{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
- apiGroups:
- security.openshift.io
resourceNames:
- - host
- privileged
+ - nonroot-v2
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: dynatrace-webhook
+ labels:
+ {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-webhook
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: dynatrace-webhook
+ apiGroup: rbac.authorization.k8s.io
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrolebinding-webhook.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrolebinding-webhook.yaml
deleted file mode 100644
index e6ab06164..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/clusterrolebinding-webhook.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: dynatrace-webhook
- labels:
- {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: dynatrace-webhook
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: ClusterRole
- name: dynatrace-webhook
- apiGroup: rbac.authorization.k8s.io
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/deployment-webhook.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/deployment-webhook.yaml
index 4f41a0699..814647b63 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/deployment-webhook.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/deployment-webhook.yaml
@@ -80,6 +80,7 @@ spec:
values:
- amd64
- arm64
+ - ppc64le
{{- end }}
- key: kubernetes.io/os
operator: In
@@ -103,13 +104,25 @@ spec:
fieldRef:
fieldPath: metadata.name
readinessProbe:
+ httpGet:
+ path: /readyz
+ port: livez
+ scheme: HTTP
+ initialDelaySeconds: 15
+ periodSeconds: 10
+
+ livenessProbe:
httpGet:
path: /livez
- port: server-port
- scheme: HTTPS
+ port: livez
+ scheme: HTTP
+ initialDelaySeconds: 15
+ periodSeconds: 10
ports:
- name: server-port
containerPort: 8443
+ - name: livez
+ containerPort: 10080
resources:
requests:
{{- toYaml (.Values.webhook).requests | nindent 14 }}
@@ -151,4 +164,7 @@ spec:
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
+ - key: kubernetes.io/arch
+ value: ppc64le
+ effect: NoSchedule
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/role-webhook.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/role-webhook.yaml
index cc1072cd2..3845367a4 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/role-webhook.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/role-webhook.yaml
@@ -71,4 +71,20 @@ rules:
verbs:
- list
- watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: dynatrace-webhook
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
+subjects:
+ - kind: ServiceAccount
+ name: dynatrace-webhook
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: Role
+ name: dynatrace-webhook
+ apiGroup: rbac.authorization.k8s.io
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/rolebinding-webhook.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/rolebinding-webhook.yaml
deleted file mode 100644
index c77009db2..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/rolebinding-webhook.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- include "dynatrace-operator.platformRequired" . }}
-{{ if eq (include "dynatrace-operator.partial" .) "false" }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: dynatrace-webhook
- namespace: {{ .Release.Namespace }}
- labels:
- {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
-subjects:
- - kind: ServiceAccount
- name: dynatrace-webhook
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: Role
- name: dynatrace-webhook
- apiGroup: rbac.authorization.k8s.io
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml
index 8791ec3f6..eb65ee12f 100644
--- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml
+++ b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml
@@ -40,6 +40,6 @@ webhooks:
resources:
- dynakubes
name: webhook.dynatrace.com
- timeoutSeconds: 2
+ timeoutSeconds: 10
sideEffects: None
{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Openshift/activegate/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/templates/Openshift/activegate/securitycontextconstraints.yaml
deleted file mode 100644
index cc537ff35..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Openshift/activegate/securitycontextconstraints.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
- name: dynatrace-activegate
-allowPrivilegedContainer: false
-fsGroup:
- type: RunAsAny
-priority: 1
-readOnlyRootFilesystem: false
-requiredDropCapabilities:
- - ALL
-runAsUser:
- type: MustRunAs
- uid: 1001
-seLinuxContext:
- type: RunAsAny
-seccompProfiles:
- - "*"
-supplementalGroups:
- type: RunAsAny
-users:
- - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate
- - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring
-volumes:
- - "*"
-
-allowHostDirVolumePlugin: false
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowedFlexVolumes: null
-defaultAddCapabilities: []
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml b/charts/dynatrace/dynatrace-operator/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml
deleted file mode 100644
index 73d1a145d..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
- name: dynatrace-oneagent-csi-driver
- labels:
- {{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
-allowHostDirVolumePlugin: true
-allowHostIPC: true
-allowHostNetwork: true
-allowHostPID: true
-allowHostPorts: true
-allowPrivilegedContainer: true
-allowedCapabilities:
- - "*"
-allowedFlexVolumes: null
-defaultAddCapabilities: null
-fsGroup:
- type: RunAsAny
-priority: 1
-readOnlyRootFilesystem: false
-requiredDropCapabilities: null
-runAsUser:
- type: RunAsAny
-seLinuxContext:
- type: RunAsAny
-seccompProfiles:
- - "*"
-supplementalGroups:
- type: RunAsAny
-users:
- - system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver
-volumes:
- - "*"
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml
deleted file mode 100644
index 9dd20cf83..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
- annotations:
- kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context."
- name: dynatrace-dynakube-oneagent-privileged
- labels:
- {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: true
-allowHostPID: true
-allowHostPorts: true
-allowPrivilegedContainer: true
-allowedCapabilities:
- - CHOWN
- - DAC_OVERRIDE
- - DAC_READ_SEARCH
- - FOWNER
- - FSETID
- - KILL
- - NET_ADMIN
- - NET_RAW
- - SETFCAP
- - SETGID
- - SETUID
- - SYS_ADMIN
- - SYS_CHROOT
- - SYS_PTRACE
- - SYS_RESOURCE
-allowedFlexVolumes: null
-defaultAddCapabilities: []
-fsGroup:
- type: RunAsAny
-priority: 1
-readOnlyRootFilesystem: false
-requiredDropCapabilities:
- - ALL
-runAsUser:
- type: RunAsAny
-seLinuxContext:
- type: RunAsAny
-seccompProfiles:
- - "*"
-supplementalGroups:
- type: RunAsAny
-users:
- - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged
-volumes:
- - "*"
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml
deleted file mode 100644
index 5166da823..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
- annotations:
- kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
- name: dynatrace-dynakube-oneagent-unprivileged
- labels:
- {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: true
-allowHostPID: true
-allowHostPorts: true
-allowPrivilegedContainer: false
-allowedCapabilities:
- - CHOWN
- - DAC_OVERRIDE
- - DAC_READ_SEARCH
- - FOWNER
- - FSETID
- - KILL
- - NET_ADMIN
- - NET_RAW
- - SETFCAP
- - SETGID
- - SETUID
- - SYS_ADMIN
- - SYS_CHROOT
- - SYS_PTRACE
- - SYS_RESOURCE
-allowedFlexVolumes: null
-defaultAddCapabilities: []
-fsGroup:
- type: RunAsAny
-priority: 1
-readOnlyRootFilesystem: false
-requiredDropCapabilities:
- - ALL
-runAsUser:
- type: RunAsAny
-seLinuxContext:
- type: RunAsAny
-seccompProfiles:
- - "*"
-supplementalGroups:
- type: RunAsAny
-users:
- - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged
-volumes:
- - "*"
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/templates/Openshift/operator/securitycontextconstraints.yaml
deleted file mode 100644
index 631bfbca9..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Openshift/operator/securitycontextconstraints.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
- name: {{ .Release.Name }}
- labels:
- {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
-allowPrivilegedContainer: false
-fsGroup:
- type: RunAsAny
-priority: 1
-readOnlyRootFilesystem: true
-requiredDropCapabilities:
- - ALL
-runAsUser:
- type: MustRunAsNonRoot
-seLinuxContext:
- type: RunAsAny
-seccompProfiles:
- - "*"
-supplementalGroups:
- type: RunAsAny
-users:
- - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
-volumes:
- - "*"
-
-allowHostDirVolumePlugin: false
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowedFlexVolumes: null
-defaultAddCapabilities: []
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/templates/Openshift/webhook/securitycontextconstraints.yaml
deleted file mode 100644
index ac9c930ad..000000000
--- a/charts/dynatrace/dynatrace-operator/templates/Openshift/webhook/securitycontextconstraints.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
-# Copyright 2021 Dynatrace LLC
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
- name: dynatrace-webhook
- labels:
- {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
-allowPrivilegedContainer: false
-fsGroup:
- type: RunAsAny
-priority: 1
-readOnlyRootFilesystem: true
-requiredDropCapabilities:
- - ALL
-runAsUser:
- type: MustRunAsNonRoot
-seLinuxContext:
- type: RunAsAny
-seccompProfiles:
- - "*"
-supplementalGroups:
- type: RunAsAny
-users:
- - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
-volumes:
- - "*"
-
-allowHostDirVolumePlugin: false
-allowHostIPC: false
-allowHostNetwork: true
-allowHostPID: false
-allowHostPorts: false
-allowedFlexVolumes: null
-defaultAddCapabilities: []
-{{ end }}
diff --git a/charts/dynatrace/dynatrace-operator/templates/_platform.tpl b/charts/dynatrace/dynatrace-operator/templates/_platform.tpl
index c8a862e44..b751561c7 100644
--- a/charts/dynatrace/dynatrace-operator/templates/_platform.tpl
+++ b/charts/dynatrace/dynatrace-operator/templates/_platform.tpl
@@ -27,15 +27,6 @@ Auto-detect the platform (if not set), according to the available APIVersions
{{- end -}}
{{- end }}
-{{/*
-Exclude Kubernetes manifest not running on OLM
-*/}}
-{{- define "dynatrace-operator.openshiftOrOlm" -}}
-{{- if and (or (eq (include "dynatrace-operator.platform" .) "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
- {{ default "true" }}
-{{- end -}}
-{{- end -}}
-
{{/*
Check if platform is set to a valid one
*/}}
diff --git a/charts/gopaddle/gopaddle/Chart.yaml b/charts/gopaddle/gopaddle/Chart.yaml
index 795b271ba..776736366 100644
--- a/charts/gopaddle/gopaddle/Chart.yaml
+++ b/charts/gopaddle/gopaddle/Chart.yaml
@@ -1,11 +1,20 @@
annotations:
+ artifacthub.io/changes: |-
+ - kind: added
+ description: Docker Compose based installer for Docker Desktop extension
+ - kind: changed
+ description: Docker Image size optimization for faster installation
+ - kind: added
+ description: Gitlab person access token support added
+ - kind: changed
+ description: EKS cluster create - UX improvements for Master role ARN, Node role ARN & ALB role
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: gopaddle
catalog.cattle.io/kube-version: '>=1.21-0'
catalog.cattle.io/namespace: gp-lite-4-2
catalog.cattle.io/release-name: gopaddle
apiVersion: v2
-appVersion: 4.2.6
+appVersion: 4.2.7
dependencies:
- condition: global.installer.chart.gp-core
name: gp-core
@@ -23,4 +32,4 @@ keywords:
- Community Edition
kubeVersion: '>=1.21-0'
name: gopaddle
-version: 4.2.6
+version: 4.2.7
diff --git a/charts/gopaddle/gopaddle/README.md b/charts/gopaddle/gopaddle/README.md
index df5f058ad..7a7f588dd 100644
--- a/charts/gopaddle/gopaddle/README.md
+++ b/charts/gopaddle/gopaddle/README.md
@@ -2,23 +2,29 @@
# [gopaddle](https://gopaddle.io/)
-## Simple low-code platform for Kubernetes developers and operators.
+## Simplest DevSecOps platform for Kubernetes developers and operators.
-Provision multi-cloud clusters, Dockerize applications, Deploy, Monitor and Build DevOps pipelines within a fraction of time and cost.
+gopaddle is a simple low-code Internal Developer Platform (IDP) for Kubernetes developers and operators. Using gopaddle, developers can generate everything they need to set up Kubernetes infrastructure on multiple cloud environments and deployment applications with ease. From Dockerfiles to Kubernetes YAML files, Helm Charts, and pipeline code, gopaddle will help containerize and get the applications running in minutes. Developers can also efficiently manage existing applications on the Kubernetes cluster by monitoring the application performance and setting alerts and notificications.
+## gopaddle Lite
+gopaddle Lite is a life-time free community edition of gopaddle that can be installed in a single node/single user mode on a Kubernetes cluster. gopaddle lite comes with many capabilities that helps developers to built a self-service portal for a small scale Kubernetes deployment at zero cost. gopaddle Lite is available on a variety of marketplaces like microk8s add-on, SUSE Rancher Prime, ArtifactHub and many more.
+
[](https://artifacthub.io/packages/search?repo=gopaddle-lite)
[](https://gopaddleio.slack.com/join/shared_invite/zt-1l73p8wfo-vYk1XcbLAZMo9wcV_AChvg#/shared-invite/email/expanded-email-form)
[](https://twitter.com/gopaddleio)
[](https://www.youtube.com/channel/UCtbfM3vjjJJBAka8DCzKKYg)
-
+
## Installation
### Minimum System Requirements
gopaddle installation requires a minimum of `8GB RAM` and `4 vCPUs`
-### Step to install
+### Firewall Ports
+The following incoming firewall ports need to be opened - `30003`, `30004`, `30006`, `32000` and any port that is needed for nodeport based application deployment.
+
+### Step to install using Helm Charts
Add the helm repo
@@ -48,7 +54,7 @@ pod/rabbitmq-0 condition met
pod/gpcore-85c7c6f65b-5vfmh condition met
```
-One the installation is complete, gopaddle dashboard can be accessed at http://:30003/
+One the installation is complete, gopaddle dashboard can be accessed at http://[NodeIP]:30003/
NodeIP can be obtained by executing the command below:
@@ -56,6 +62,20 @@ NodeIP can be obtained by executing the command below:
root@localhost:~# kubectl get nodes -o wide
```
+## microk8s addon for gopaddle lite
+
+The microk8s addon for gopaddle community (lite) edition uses this helm
+repository for helm-based installation of gopaddle-lite.
+
+For documentation specific to microk8s addon for gopaddle community (lite)
+edition, see:
+https://help.gopaddle.io/en/articles/6654354-install-gopaddle-lite-microk8s-addon-on-ubuntu
+
+## gopaddle lite on SUSE Rancher Prime
+gopaddle Lite can be easily installed by choosing the gopaddle chart from the Rancher Prime marketplace place.
+For documentation specific to installing gopaddle community (lite) edition on Rancher Prime, see:
+
+https://help.gopaddle.io/en/articles/6977654-install-gopaddle-lite-on-suse-rancher-prime
## Getting started with gopaddle
@@ -84,21 +104,72 @@ In the final step of the Containerize and Deploy Quickstart wizard, enable the o
All the artificats generated during the process can be edited and re-deployed at a later stage.
-### Application Templates - Marketplace
+## Features
+## 1\. DevOps Dashboard
-Under Templates, the Marketplace Applications hosts a variety of pre-built Kubernetes templates. Developers can subscribe to these templates and deploy them on the local microk8s cluster.
+The main dashboard gives a bird's eye view of the clusters, volumes, applications, events and projects imported and managed by gopaddle.
-
+![DevOps Dashboard]()
+## 2\. Builds & Vulnerabilities
-## microk8s addon for gopaddle community (lite) edition
+The builds and vulnerabilities dashboard captures the status of the Docker builds and the severity of the vulnerabilities identified in the builds.
-The microk8s addon for gopaddle community (lite) edition uses this helm
-repository for helm-based installation of gopaddle-lite.
+![Builds & Vulnerabilities]()
-For documentation specific to microk8s addon for gopaddle community (lite)
-edition, see:
-https://github.com/gopaddle-io/microk8s-community-addons-gplite/blob/main/README.md
+## 3\. Quick start wizards
+
+gopaddle offers 3 type of quick start wizards -
+
+**1\. Provision Clusters** \- Onboard GKE or AWS cloud accounts with fine grained access controls and provision multi-cloud Kubernetes cluster. Available only in SaaS & Enterprise Editions.
+
+**2\. Dockerize & Deploy** \- Automatically generate Dockerfiles and Kubernetes YAML files by analyzing the source code in GitHub or GitLab accounts and deploy them on to Kubernetes clusters.
+
+**3\.Generate Pipeline code** \- Generate Jenkins or GitHub Actions or Azure DevOps pipeline Code for an application deployed through gopaddle.
+
+![Quickstart Wizards]()
+
+## 4\. Marketplace
+
+Subscribe to a gopaddle marketplace application, and visualize the helm chart in the design studio. These templates can be launched on a Kubernetes cluster using simple UI based wizards.
+
+![Marketplace]()
+
+## 5\. Cluster Management
+
+Clusters can be centrally managed. gopaddle automatically installs a few addons on these clusters - like Prometheus and Grafana for an out-of-the-box monitoring and alerting capabilties.
+
+![Cluster Management]()
+
+## 6\. Designer Studio
+
+Design Studio provides a visual representation of the Kubernetes resources and helps to quickly design and compose Kubernetes resources without having to learn YAML.
+
+![Designer Studio]()
+
+## 7\. Application Management
+
+Centrally monitor the existing Kubernetes deployments.
+
+![Application Management]()
+
+## 8\. Alerts & Notifications
+
+Set alerts and notifications for the applications and clusters managed by gopaddle. gopaddle supports any type of incoming webhooks, slack, AWS SNS, Jenkins Jobs and PagerDuty as notification channel.
+
+![Alerts & Notifications]()
+
+## 9\. Developer Tools - Container Terminal
+
+Easily troubleshoot issues in deployments using inbuilt developer tools like Container terminal without having to use Kubectl commands.
+
+![Container Terminal]()
+
+## 10\. Developer Tools - Container Logs
+
+Easily troubleshoot issues in deployments using inbuilt developer tools like Container logs without having to use Kubectl commands.
+
+![Container Logs]()
## Help
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml b/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml
index 620166e08..575937676 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
-appVersion: 4.2.6
+appVersion: 4.2.7
description: A Helm chart for Kubernetes
name: gp-core
type: application
-version: 4.2.8
+version: 4.2.7
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/appscanner/appscanner/versionMatrix.json b/charts/gopaddle/gopaddle/charts/gp-core/files/appscanner/appscanner/versionMatrix.json
index d2bb81995..18c8787e9 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/appscanner/appscanner/versionMatrix.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/appscanner/appscanner/versionMatrix.json
@@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
- "v1.26"
+ "v1.26",
+ "v1.27"
],
"v1.6": {
"deployment": [
@@ -1699,5 +1700,86 @@
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
+ },
+ "v1.27": {
+ "deployment": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "rollBack": [
+ "extensions/v1beta1"
+ ],
+ "statefulSet": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "daemonSet": [
+ "apps/v1"
+ ],
+ "replicaSet": [
+ "apps/v1",
+ "extensions/v1beta1"
+ ],
+ "controllerRevision": [
+ "apps/v1",
+ "apps/v1beta1",
+ "apps/v1beta2"
+ ],
+ "namespace": [
+ "v1"
+ ],
+ "serviceAccount": [
+ "v1"
+ ],
+ "networking": [
+ "networking.k8s.io/v1"
+ ],
+ "service": [
+ "v1"
+ ],
+ "pod": [
+ "v1"
+ ],
+ "config": [
+ "v1"
+ ],
+ "secret": [
+ "v1"
+ ],
+ "ingress": [
+ "networking.k8s.io/v1"
+ ],
+ "persistentVolume": [
+ "v1"
+ ],
+ "persistentVolumeClaim": [
+ "v1"
+ ],
+ "storageClass": [
+ "storage.k8s.io/v1"
+ ],
+ "autoscaling": [
+ "autoscaling/v1"
+ ],
+ "role": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "clusterRole": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "node": [
+ "v1"
+ ],
+ "CustomResourceDefinition":[
+ "apiextensions.k8s.io/v1beta1"
+ ],
+ "CustomConfigMap":[
+ "configurator.gopaddle.io/v1alpha1"
+ ],
+ "CustomSecret":[
+ "configurator.gopaddle.io/v1alpha1"
+ ]
}
}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/profiles-kube.json b/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/profiles-kube.json
index b88621b59..0f3bb1891 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/profiles-kube.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/profiles-kube.json
@@ -27,7 +27,7 @@
"mq-apps-queue":"apps-worker-queue"
},
"esearch":{
- "es-user":"admin",
+ "es-user":"elastic",
"es-password":"cGFzc3dvcmQ",
"es-endpoints":[
"http://esearch:9200"
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/versionMatrix.json b/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/versionMatrix.json
index 2fdbda60e..74aff57bc 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/versionMatrix.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/appworker/appworker/versionMatrix.json
@@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
- "v1.26"
+ "v1.26",
+ "v1.27"
],
"v1.6": {
"deployment": [
@@ -1705,5 +1706,87 @@
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
+ },
+ "v1.27": {
+ "deployment": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "rollBack": [
+ "extensions/v1beta1"
+ ],
+ "statefulSet": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "daemonSet": [
+ "apps/v1"
+ ],
+ "replicaSet": [
+ "apps/v1",
+ "extensions/v1beta1"
+ ],
+ "controllerRevision": [
+ "apps/v1",
+ "apps/v1beta1",
+ "apps/v1beta2"
+ ],
+ "namespace": [
+ "v1"
+ ],
+ "serviceAccount": [
+ "v1"
+ ],
+ "networking": [
+ "networking.k8s.io/v1"
+ ],
+ "service": [
+ "v1"
+ ],
+ "pod": [
+ "v1"
+ ],
+ "config": [
+ "v1"
+ ],
+ "secret": [
+ "v1"
+ ],
+ "ingress": [
+ "extensions/v1beta1",
+ "networking.k8s.io/v1"
+ ],
+ "persistentVolume": [
+ "v1"
+ ],
+ "persistentVolumeClaim": [
+ "v1"
+ ],
+ "storageClass": [
+ "storage.k8s.io/v1"
+ ],
+ "autoscaling": [
+ "autoscaling/v1"
+ ],
+ "role": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "clusterRole": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "node": [
+ "v1"
+ ],
+ "CustomResourceDefinition":[
+ "apiextensions.k8s.io/v1beta1"
+ ],
+ "CustomConfigMap":[
+ "configurator.gopaddle.io/v1alpha1"
+ ],
+ "CustomSecret":[
+ "configurator.gopaddle.io/v1alpha1"
+ ]
}
}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/bastion-cft.yaml b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/bastion-cft.yaml
new file mode 100644
index 000000000..60d7ffc48
--- /dev/null
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/bastion-cft.yaml
@@ -0,0 +1,167 @@
+# Reference - https://aws.amazon.com/blogs/infrastructure-and-automation/best-practices-for-deploying-ec2-instances-with-aws-cloudformation/
+---
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'Amazon EKS Sample VPC'
+
+Parameters:
+
+ SubnetBlock:
+ Type: String
+ Default: SUBNET_VALUE
+ Description: CidrBlock for subnet 04 within the VPC
+
+
+Metadata:
+ AWS::CloudFormation::Interface:
+ ParameterGroups:
+ -
+ Label:
+ default: "Worker Network Configuration"
+ Parameters:
+ - SubnetBlock
+
+Resources:
+
+ InternetGateway:
+ Type: "AWS::EC2::InternetGateway"
+ Properties:
+ Tags:
+ - Key: source
+ Value: gopaddle
+
+ VPCGatewayAttachment:
+ Type: "AWS::EC2::VPCGatewayAttachment"
+ Properties:
+ InternetGatewayId: !Ref InternetGateway
+ VpcId: VPC_ID
+
+
+ RouteTable:
+ Type: AWS::EC2::RouteTable
+ Properties:
+ VpcId: VPC_ID
+ Tags:
+ - Key: Name
+ Value: Public Subnets
+ - Key: Network
+ Value: Public
+ - Key: source
+ Value: gopaddle
+
+
+ Route:
+ DependsOn: VPCGatewayAttachment
+ Type: AWS::EC2::Route
+ Properties:
+ RouteTableId: !Ref RouteTable
+ DestinationCidrBlock: 0.0.0.0/0
+ GatewayId: !Ref InternetGateway
+
+
+ Subnet:
+ Type: AWS::EC2::Subnet
+ Metadata:
+ Comment: Subnet 01
+ Properties:
+ MapPublicIpOnLaunch: true
+ AvailabilityZone: SUBNET_ZONE
+ CidrBlock:
+ Ref: SubnetBlock
+ VpcId: VPC_ID
+ Tags:
+ - Key: Name
+ Value: !Sub "${AWS::StackName}-Subnet04"
+ - Key: SUBNET_TAG
+ Value: 1
+ - Key: source
+ Value: gopaddle
+
+ SubnetRouteTableAssociation:
+ Type: AWS::EC2::SubnetRouteTableAssociation
+ Properties:
+ SubnetId: !Ref Subnet
+ RouteTableId: !Ref RouteTable
+
+ SecurityGroup:
+ Type: AWS::EC2::SecurityGroup
+ Properties:
+ GroupDescription: Bastion Host Security Group
+ VpcId: VPC_ID
+ SecurityGroupIngress:
+ - IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+ - IpProtocol: tcp
+ FromPort: 22
+ ToPort: 22
+ Tags:
+ - Key: source
+ Value: gopaddle
+
+ SecurityGroupIngress22:
+ Type: "AWS::EC2::SecurityGroupIngress"
+ DependsOn: SecurityGroup
+ Properties:
+ Description: Allow node to communicate with each other
+ CidrIp: 0.0.0.0/0
+ FromPort: 22
+ GroupId: !Ref SecurityGroup
+ IpProtocol: tcp
+ ToPort: 22
+
+ SecurityGroupIngress443:
+ Type: "AWS::EC2::SecurityGroupIngress"
+ DependsOn: SecurityGroup
+ Properties:
+ Description: Allow node to communicate with each other
+ CidrIp: 0.0.0.0/0
+ FromPort: 443
+ GroupId: !Ref SecurityGroup
+ IpProtocol: tcp
+ ToPort: 443
+
+ Ec2Instance:
+ Type: AWS::EC2::Instance
+ Properties:
+ ImageId: IMAGE_ID
+ KeyName: KEY_NAME
+ InstanceType: "t2.micro"
+ NetworkInterfaces:
+ - AssociatePublicIpAddress: "true"
+ DeviceIndex: "0"
+ GroupSet:
+ - Ref: SecurityGroup
+ SubnetId:
+ Ref: Subnet
+ Tags:
+ - Key: source
+ Value: gopaddle
+ UserData: !Base64
+ "Fn::Sub": |
+ #!/bin/bash
+ sudo apt update
+ sudo snap install amazon-ssm-agent --classic
+ sudo snap switch --channel=candidate amazon-ssm-agent
+ sudo snap refresh amazon-ssm-agent
+ sudo snap start amazon-ssm-agent
+ sudo snap services amazon-ssm-agent
+
+Outputs:
+
+ SubnetID:
+ Description: The Subnet Id
+ Value: !Ref Subnet
+
+ InstanceID:
+ Description: The Instance Id
+ Value: !Ref Ec2Instance
+
+ SecurityGroupID:
+ Description: The Security Group Id
+ Value: !Ref SecurityGroup
+
+ PublicIp:
+ Value: !GetAtt
+ - Ec2Instance
+ - PublicIp
+ Description: Ec2Instance's PublicIp Address
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/bastion-kubeconfig.yaml b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/bastion-kubeconfig.yaml
new file mode 100644
index 000000000..c6982948b
--- /dev/null
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/bastion-kubeconfig.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+clusters:
+- cluster:
+ server: https://localhost:9444
+ insecure-skip-tls-verify: true
+ name: EKS_CLUSTER_ARN
+contexts:
+- context:
+ cluster: EKS_CLUSTER_ARN
+ user: cluster/EKS_CLUSTER_NAME
+ name: EKS_CLUSTER_ARN
+current-context: EKS_CLUSTER_ARN
+kind: Config
+preferences: {}
+users:
+- name: cluster/EKS_CLUSTER_NAME
+ user:
+ exec:
+ apiVersion: client.authentication.k8s.io/v1beta1
+ args:
+ - --region
+ - EKS_REGION
+ - eks
+ - get-token
+ - --cluster-name
+ - EKS_CLUSTER_NAME
+ command: aws
+ env:
+ - name: AWS_ACCESS_KEY_ID
+ value: EKS_OWNER_ACCESS
+ - name: AWS_SECRET_ACCESS_KEY
+ value: EKS_OWNER_SECRET
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/error_config.json b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/error_config.json
index 1ef494cef..c3ed5a3d6 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/error_config.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/error_config.json
@@ -27,7 +27,7 @@
},
"clusterManager":{
"CLUSTER_NOTFOUND":"The requested cluster '%s' is not found",
- "NAME_EXISTS":"This Cluster Name '%s' is already exists. use another name",
+ "NAME_EXISTS":"Cluster Name '%s' already exists.",
"CLOUD_ACCOUNT_NOTFOUND":"Cluster.Kube.CloudAccount.ID '%s' Not valid",
"DEP_REF_ALREADY_EXISTS":"This Depency Reference Id '%s' version '%s' is already exists"
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/profiles-kube.json b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/profiles-kube.json
index 157ee8755..b0d3b9e0b 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/profiles-kube.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/profiles-kube.json
@@ -9,7 +9,7 @@
"mq-apps-queue":"apps-worker-queue"
},
"esearch":{
- "es-user":"admin",
+ "es-user":"elastic",
"es-password":"cGFzc3dvcmQ",
"es-endpoints":[
"http://esearch:9200"
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/ssm_document.json b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/ssm_document.json
new file mode 100644
index 000000000..2e95ec151
--- /dev/null
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/ssm_document.json
@@ -0,0 +1,195 @@
+{
+ "schemaVersion": "0.3",
+ "description": "Composite document for Quick Setup Managing Instances association. This document ensures IAM role for instance profile is created in account with all required policies",
+ "assumeRole": "{{AutomationAssumeRole}}",
+ "parameters": {
+ "AutomationAssumeRole": {
+ "type": "String"
+ },
+ "InstanceId": {
+ "type": "String"
+ },
+ "IsPolicyAttachAllowed": {
+ "type": "String"
+ }
+ },
+ "mainSteps": [
+ {
+ "outputs": [
+ {
+ "Type": "String",
+ "Name": "existingInstanceProfileRoleName",
+ "Selector": "$.Payload.RoleName"
+ }
+ ],
+ "inputs": {
+ "Script": "import boto3\n\ndef getInstanceProfileName(events, context):\n ec2_client = boto3.client(\"ec2\")\n response = ec2_client.describe_instances(InstanceIds=[events[\"InstanceId\"]])\n if 'IamInstanceProfile' in response['Reservations'][0]['Instances'][0]:\n return {'RoleName': response['Reservations'][0]['Instances'][0]['IamInstanceProfile']['Arn'].split('/').pop()}\n return {'RoleName': 'NoRoleFound'}",
+ "Runtime": "python3.6",
+ "InputPayload": {
+ "InstanceId": "{{InstanceId}}"
+ },
+ "Handler": "getInstanceProfileName"
+ },
+ "name": "getExistingRoleName",
+ "action": "aws:executeScript",
+ "nextStep": "branchIfProfileExists"
+ },
+ {
+ "inputs": {
+ "Choices": [
+ {
+ "StringEquals": "NoRoleFound",
+ "Variable": "{{getExistingRoleName.existingInstanceProfileRoleName}}",
+ "NextStep": "createRoleIfNotExists"
+ }
+ ],
+ "Default": "checkIfPolicyAttachAllowed"
+ },
+ "name": "branchIfProfileExists",
+ "action": "aws:branch"
+ },
+ {
+ "inputs": {
+ "Choices": [
+ {
+ "StringEquals": "true",
+ "Variable": "{{IsPolicyAttachAllowed}}",
+ "NextStep": "getRoleFromInstanceProfile"
+ }
+ ],
+ "Default": "createRoleIfNotExists"
+ },
+ "name": "checkIfPolicyAttachAllowed",
+ "action": "aws:branch"
+ },
+ {
+ "outputs": [
+ {
+ "Type": "String",
+ "Name": "existingRoleName",
+ "Selector": "$.InstanceProfile.Roles[0].RoleName"
+ }
+ ],
+ "inputs": {
+ "InstanceProfileName": "{{getExistingRoleName.existingInstanceProfileRoleName}}",
+ "Service": "iam",
+ "Api": "GetInstanceProfile"
+ },
+ "name": "getRoleFromInstanceProfile",
+ "action": "aws:executeAwsApi",
+ "nextStep": "attachAmazonSSMManagedInstanceCoreToExistingRole"
+ },
+ {
+ "inputs": {
+ "RoleName": "{{getRoleFromInstanceProfile.existingRoleName}}",
+ "PolicyArn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+ "Service": "iam",
+ "Api": "AttachRolePolicy"
+ },
+ "name": "attachAmazonSSMManagedInstanceCoreToExistingRole",
+ "action": "aws:executeAwsApi",
+ "nextStep": "attachAmazonSSMPatchAssociationToExistingRole"
+ },
+ {
+ "inputs": {
+ "RoleName": "{{getRoleFromInstanceProfile.existingRoleName}}",
+ "PolicyArn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation",
+ "Service": "iam",
+ "Api": "AttachRolePolicy"
+ },
+ "name": "attachAmazonSSMPatchAssociationToExistingRole",
+ "action": "aws:executeAwsApi",
+ "isEnd": true
+ },
+ {
+ "inputs": {
+ "Path": "/",
+ "RoleName": "AmazonSSMRoleForInstancesQuickSetup",
+ "Description": "EC2 role for SSM for Quick-Setup",
+ "AssumeRolePolicyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
+ "Service": "iam",
+ "Api": "CreateRole"
+ },
+ "name": "createRoleIfNotExists",
+ "action": "aws:executeAwsApi",
+ "description": "Create AmazonSSMRoleForInstancesQuickSetup Role For SSM Quick Setup",
+ "onFailure": "Continue",
+ "nextStep": "assertRoleForInstanceProfileExists"
+ },
+ {
+ "inputs": {
+ "PropertySelector": "$.Role.RoleName",
+ "RoleName": "AmazonSSMRoleForInstancesQuickSetup",
+ "DesiredValues": [
+ "AmazonSSMRoleForInstancesQuickSetup"
+ ],
+ "Service": "iam",
+ "Api": "GetRole"
+ },
+ "name": "assertRoleForInstanceProfileExists",
+ "action": "aws:assertAwsResourceProperty",
+ "nextStep": "attachAmazonSSMManagedInstanceCoreToRole"
+ },
+ {
+ "inputs": {
+ "RoleName": "AmazonSSMRoleForInstancesQuickSetup",
+ "PolicyArn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
+ "Service": "iam",
+ "Api": "AttachRolePolicy"
+ },
+ "name": "attachAmazonSSMManagedInstanceCoreToRole",
+ "action": "aws:executeAwsApi",
+ "nextStep": "attachAmazonSSMPatchAssociationToRole"
+ },
+ {
+ "inputs": {
+ "RoleName": "AmazonSSMRoleForInstancesQuickSetup",
+ "PolicyArn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation",
+ "Service": "iam",
+ "Api": "AttachRolePolicy"
+ },
+ "name": "attachAmazonSSMPatchAssociationToRole",
+ "action": "aws:executeAwsApi",
+ "nextStep": "createInstanceProfileIfNotExists"
+ },
+ {
+ "inputs": {
+ "InstanceProfileName": "AmazonSSMRoleForInstancesQuickSetup",
+ "Service": "iam",
+ "Api": "CreateInstanceProfile"
+ },
+ "name": "createInstanceProfileIfNotExists",
+ "action": "aws:executeAwsApi",
+ "onFailure": "Continue",
+ "nextStep": "addRoleToInstanceProfile"
+ },
+ {
+ "inputs": {
+ "RoleName": "AmazonSSMRoleForInstancesQuickSetup",
+ "InstanceProfileName": "AmazonSSMRoleForInstancesQuickSetup",
+ "Service": "iam",
+ "Api": "AddRoleToInstanceProfile"
+ },
+ "name": "addRoleToInstanceProfile",
+ "action": "aws:executeAwsApi",
+ "onFailure": "Continue",
+ "nextStep": "executeAttachIAMToInstance"
+ },
+ {
+ "maxAttempts": 10,
+ "inputs": {
+ "RuntimeParameters": {
+ "AutomationAssumeRole": "{{ AutomationAssumeRole }}",
+ "RoleName": "AmazonSSMRoleForInstancesQuickSetup",
+ "InstanceId": "{{ InstanceId }}",
+ "ForceReplace": false
+ },
+ "DocumentName": "AWS-AttachIAMToInstance"
+ },
+ "name": "executeAttachIAMToInstance",
+ "action": "aws:executeAutomation",
+ "timeoutSeconds": 60,
+ "isEnd": true
+ }
+ ]
+ }
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/versionMatrix.json b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/versionMatrix.json
index abb0cbf04..a380b0c40 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/versionMatrix.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/clustermanager/clustermanager/versionMatrix.json
@@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
- "v1.26"
+ "v1.26",
+ "v1.27"
],
"v1.6": {
"deployment": [
@@ -1699,5 +1700,86 @@
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
+ },
+ "v1.27": {
+ "deployment": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "rollBack": [
+ "extensions/v1beta1"
+ ],
+ "statefulSet": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "daemonSet": [
+ "apps/v1"
+ ],
+ "replicaSet": [
+ "apps/v1",
+ "extensions/v1beta1"
+ ],
+ "controllerRevision": [
+ "apps/v1",
+ "apps/v1beta1",
+ "apps/v1beta2"
+ ],
+ "namespace": [
+ "v1"
+ ],
+ "serviceAccount": [
+ "v1"
+ ],
+ "networking": [
+ "networking.k8s.io/v1"
+ ],
+ "service": [
+ "v1"
+ ],
+ "pod": [
+ "v1"
+ ],
+ "config": [
+ "v1"
+ ],
+ "secret": [
+ "v1"
+ ],
+ "ingress": [
+ "extensions/v1beta1"
+ ],
+ "persistentVolume": [
+ "v1"
+ ],
+ "persistentVolumeClaim": [
+ "v1"
+ ],
+ "storageClass": [
+ "storage.k8s.io/v1"
+ ],
+ "autoscaling": [
+ "autoscaling/v1"
+ ],
+ "role": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "clusterRole": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "node": [
+ "v1"
+ ],
+ "CustomResourceDefinition":[
+ "apiextensions.k8s.io/v1beta1"
+ ],
+ "CustomConfigMap":[
+ "configurator.gopaddle.io/v1alpha1"
+ ],
+ "CustomSecret":[
+ "configurator.gopaddle.io/v1alpha1"
+ ]
}
}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/profiles-kube.json b/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/profiles-kube.json
index b88621b59..0f3bb1891 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/profiles-kube.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/profiles-kube.json
@@ -27,7 +27,7 @@
"mq-apps-queue":"apps-worker-queue"
},
"esearch":{
- "es-user":"admin",
+ "es-user":"elastic",
"es-password":"cGFzc3dvcmQ",
"es-endpoints":[
"http://esearch:9200"
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/versionMatrix.json b/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/versionMatrix.json
index 2fdbda60e..74aff57bc 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/versionMatrix.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/deploymentmanager/deploymanager/versionMatrix.json
@@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
- "v1.26"
+ "v1.26",
+ "v1.27"
],
"v1.6": {
"deployment": [
@@ -1705,5 +1706,87 @@
"CustomSecret":[
"configurator.gopaddle.io/v1alpha1"
]
+ },
+ "v1.27": {
+ "deployment": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "rollBack": [
+ "extensions/v1beta1"
+ ],
+ "statefulSet": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "daemonSet": [
+ "apps/v1"
+ ],
+ "replicaSet": [
+ "apps/v1",
+ "extensions/v1beta1"
+ ],
+ "controllerRevision": [
+ "apps/v1",
+ "apps/v1beta1",
+ "apps/v1beta2"
+ ],
+ "namespace": [
+ "v1"
+ ],
+ "serviceAccount": [
+ "v1"
+ ],
+ "networking": [
+ "networking.k8s.io/v1"
+ ],
+ "service": [
+ "v1"
+ ],
+ "pod": [
+ "v1"
+ ],
+ "config": [
+ "v1"
+ ],
+ "secret": [
+ "v1"
+ ],
+ "ingress": [
+ "extensions/v1beta1",
+ "networking.k8s.io/v1"
+ ],
+ "persistentVolume": [
+ "v1"
+ ],
+ "persistentVolumeClaim": [
+ "v1"
+ ],
+ "storageClass": [
+ "storage.k8s.io/v1"
+ ],
+ "autoscaling": [
+ "autoscaling/v1"
+ ],
+ "role": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "clusterRole": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "node": [
+ "v1"
+ ],
+ "CustomResourceDefinition":[
+ "apiextensions.k8s.io/v1beta1"
+ ],
+ "CustomConfigMap":[
+ "configurator.gopaddle.io/v1alpha1"
+ ],
+ "CustomSecret":[
+ "configurator.gopaddle.io/v1alpha1"
+ ]
}
}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/gateway/gateway/profiles-kube.json b/charts/gopaddle/gopaddle/charts/gp-core/files/gateway/gateway/profiles-kube.json
index 93a510352..0fa6bb228 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/gateway/gateway/profiles-kube.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/gateway/gateway/profiles-kube.json
@@ -65,7 +65,6 @@
"stripe":"http://paymentmanager:8021",
"adminLogin":"http://appscanner:8022",
"customer":"http://paymentmanager:8021",
- "marketplace":"http://marketplace:8023",
"offers":"http://costmanager:8011",
"userOffers":"http://costmanager:8011",
"appscanner":"http://appscanner:8022",
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/gpcore/core/versionMatrix.json b/charts/gopaddle/gopaddle/charts/gp-core/files/gpcore/core/versionMatrix.json
index a39ebc7dd..4c764dd7b 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/gpcore/core/versionMatrix.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/gpcore/core/versionMatrix.json
@@ -20,7 +20,8 @@
"v1.23",
"v1.24",
"v1.25",
- "v1.26"
+ "v1.26",
+ "v1.27"
],
"v1.6": {
"deployment": [
@@ -1516,5 +1517,77 @@
"node": [
"v1"
]
+ },
+ "v1.27": {
+ "deployment": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "rollBack": [
+ "extensions/v1beta1"
+ ],
+ "statefulSet": [
+ "apps/v1",
+ "apps/v1beta1"
+ ],
+ "daemonSet": [
+ "apps/v1"
+ ],
+ "replicaSet": [
+ "extensions/v1beta1"
+ ],
+ "namespace": [
+ "v1"
+ ],
+ "serviceAccount": [
+ "v1"
+ ],
+ "networking": [
+ "networking.k8s.io/v1"
+ ],
+ "service": [
+ "v1"
+ ],
+ "pod": [
+ "v1"
+ ],
+ "config": [
+ "v1"
+ ],
+ "secret": [
+ "v1"
+ ],
+ "ingress": [
+ "extensions/v1beta1"
+ ],
+ "persistentVolume": [
+ "v1"
+ ],
+ "persistentVolumeClaim": [
+ "v1"
+ ],
+ "storageClass": [
+ "storage.k8s.io/v1"
+ ],
+ "CSIDriver":[
+ "storage.k8s.io/v1beta1"
+ ],
+ "job":[
+ "batch/v1"
+ ],
+ "autoscaling": [
+ "autoscaling/v1"
+ ],
+ "role": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "clusterRole": [
+ "rbac.authorization.k8s.io/v1beta1",
+ "rbac.authorization.k8s.io/v1"
+ ],
+ "node": [
+ "v1"
+ ]
}
}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/profiles-kube.json b/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/profiles-kube.json
index 2e621265a..0468ec23d 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/profiles-kube.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/profiles-kube.json
@@ -1,12 +1,13 @@
{
- "mongodb":{
- "db-name":"marketplace",
- "db-endpoint":[
- "mongodb:27017"
- ],
- "db-port":"27017",
- "user-db":"admin",
- "db-user":"admin",
- "db-password":"cGFzc3dvcmQ"
- }
- }
\ No newline at end of file
+ "mongodb":{
+ "db-name":"marketplace",
+ "db-endpoint":[
+ "mongodb:27017"
+ ],
+ "db-port":"27017",
+ "user-db":"admin",
+ "db-user":"admin",
+ "db-password":"cGFzc3dvcmQ"
+ },
+ "marketplace":"https://devmarketplace.gopaddle.io/"
+ }
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/service_directory-kube.json b/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/service_directory-kube.json
index 8efe8cb50..496807995 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/service_directory-kube.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/marketplace/marketplace/service_directory-kube.json
@@ -18,5 +18,13 @@
"notification.ep":{
"host":"activitymanager",
"port":"8009"
+ },
+ "appscanner.ep":{
+ "host":"appscanner",
+ "port":"8022"
+ },
+ "nodechecker.ep":{
+ "host":"nodechecker",
+ "port":"8020"
}
}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/files/usermanager/usermanager/default-resources.json b/charts/gopaddle/gopaddle/charts/gp-core/files/usermanager/usermanager/default-resources.json
index 07df53eb5..a19cd978c 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/files/usermanager/usermanager/default-resources.json
+++ b/charts/gopaddle/gopaddle/charts/gp-core/files/usermanager/usermanager/default-resources.json
@@ -10,8 +10,8 @@
"cpu":"500m"
},
"requests":{
- "memory":"200M",
- "cpu":"200m"
+ "memory":"20M",
+ "cpu":"20m"
}
},
"tags":[
@@ -26,8 +26,8 @@
"name":"default",
"displayName":"default",
"description":"Z29wYWRkbGUncyBkZWZhdWx0IHNjYWxpbmdQb2xpY3k=",
- "minReplicas":2,
- "maxReplicas":4,
+ "minReplicas":1,
+ "maxReplicas":2,
"metric":[
{
"type":"resource",
@@ -230,7 +230,21 @@
}
}
},
- "release":{
+ "liteSubscription":{
+ "mode":"lite",
+ "subscription":{
+ "deck":{
+ "type":"free"
+ },
+ "propeller":{
+ "type":"free"
+ },
+ "gear":{
+ "type":"free"
+ }
+ }
+ },
+ "release": {
"name":"default",
"releaseTag":"default",
"defaultRelease":true
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/lite-values-4.2.5.yaml b/charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml
similarity index 57%
rename from charts/gopaddle/gopaddle/charts/gp-core/lite-values-4.2.5.yaml
rename to charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml
index 607f76483..c27d31442 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/lite-values-4.2.5.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/onprem-values.yaml
@@ -2,118 +2,141 @@ activitymanager:
activitymanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.27
+ imageTag: 4.2.6.onprem.7
+ imageTagArm: 4.2.6.onprem-arm64.1
alertmanager:
alertmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.14
+ imageTag: 4.2.6.onprem.38
+ imageTagArm: 4.2.6.onprem-arm64.2
appscanner:
appscanner:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.9
+ imageTag: 4.2.6.onprem.11
+ imageTagArm: 4.2.6.onprem-arm64.1
appworker:
appworker:
envMap:
NODE_NAME: spec.nodeName
rabbitmq_user: admin
- imageTag: 4.2.lite.27
+ imageTag: 4.2.6.onprem.9
+ imageTagArm: 4.2.6.onprem-arm64.2
cloudmanager:
cloudmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.13
+ imageTag: 4.2.6.onprem.5
+ imageTagArm: 4.2.6.onprem-arm64.1
clustermanager:
clustermanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.26
+ imageTag: 4.2.6.onprem.9
+ imageTagArm: 4.2.6.onprem-arm64.1
clustertemplatemanager:
clustertemplatemanager:
- imageTag: 4.2.lite.4
+ imageTag: 4.2.6.onprem.6
+ imageTagArm: 4.2.6.onprem-arm64.2
configmanager:
configmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.21
+ imageTag: 4.2.6.onprem.6
+ imageTagArm: 4.2.6.onprem-arm64.1
costmanager:
costmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.16
+ imageTag: 4.2.6.onprem.5
+ imageTagArm: 4.2.6.onprem-arm64.1
deploymentmanager:
deploymanager:
envMap:
NODE_NAME: spec.nodeName
rabbitmq_user: admin
- imageTag: 4.2.lite.32
+ imageTag: 4.2.6.onprem.8
+ imageTagArm: 4.2.6.onprem-arm64.1
domainmanager:
domainmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.10
+ imageTag: 4.2.6.onprem.7
+ imageTagArm: 4.2.6.onprem-arm64.1
esearch:
esearch:
envMap:
discovery.type: single-node
+ image: elasticsearch
imageTag: 1.7.3
gateway:
gateway:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.13
+ imageTag: 4.2.6.onprem.5
+ imageTagArm: 4.2.6.onprem-arm64.1
gpkubeux:
envMap:
HOST: 0.0.0.0
- imageTag: 4.2.lite.85
- gpReleaseVersion: 4.2.4
+ imageTag: 4.2.6.onprem.41
+ imageTagArm: 4.2.6.onprem-arm64.1
+ gpReleaseVersion: 4.2.6
gpcore:
core:
envMap:
NODE_IP: rabbitmq-build-external.$(NAMESPACE).svc.cluster.local
NODE_NAME: spec.nodeName
NODE_PORT: "5672"
- imageTag: 4.2.lite.46
+ imageTag: 4.2.6.onprem.10
+ imageTagArm: 4.2.6.onprem-arm64.1
influxdb:
influxdb:
envMap:
INFLUXDB_ADMIN_PASSWORD: cGFzc3dvcmQ
INFLUXDB_ADMIN_USER: admin
INFLUXDB_HTTP_AUTH_ENABLED: "true"
+ image: influxdb
imageTag: 1.7.10
mongodb:
mongo:
envMap:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_LITE_USERNAME: lite
+ image: mongo
imageTag: 4.0.4
mongoInit:
+ image: mongo
imageTag: 4.0.4
nodechecker:
nodechecker:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.17
+ imageTag: 4.2.6.onprem.4
+ imageTagArm: 4.2.6.onprem-arm64.1
paymentmanager:
paymentmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.5
+ imageTag: 4.2.6.onprem.5
+ imageTagArm: 4.2.6.onprem-arm64.1
rabbitmq:
rabbitmq:
envMap:
RABBITMQ_DEFAULT_PASS: cGFzc3dvcmQ
RABBITMQ_DEFAULT_USER: admin
+ image: rabbitmq
imageTag: 3.8.5
redis:
redis:
+ image: redis
imageTag: 3.2-alpine
usermanager:
usermanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.23
+ imageTag: 4.2.6.onprem.5
+ imageTagArm: 4.2.6.onprem-arm64.1
webhook:
webhook:
envMap:
@@ -121,9 +144,19 @@ webhook:
HOST_IP: status.hostIP
NODE_NAME: spec.nodeName
REPLICA_IP: status.podIP
- imageTag: 4.2.lite.7
+ imageTag: 4.2.6.onprem.9
+ imageTagArm: 4.2.6.onprem-arm64.2
marketplace:
marketplace:
envMap:
NODE_NAME: spec.nodeName
- imageTag: 4.2.lite.14
\ No newline at end of file
+ imageTag: 4.2.6.onprem.5
+ imageTagArm: 4.2.6.onprem-arm64.1
+defaultbackend:
+ defaultbackend:
+ image: defaultbackend
+ imageTag: 1.4
+nginxIngress:
+ nginxIngress:
+ image: nginx/nginx-ingress
+ imageTag: 3.1-alpine
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/_helpers.tpl b/charts/gopaddle/gopaddle/charts/gp-core/templates/_helpers.tpl
index f2fd8a1c8..1581a4e3a 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/_helpers.tpl
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/_helpers.tpl
@@ -90,11 +90,11 @@ Node_IP for gopaddle webhook
{{- end -}}
{{/*asign a value to Node_IP */}}
{{- if .Values.global.staticIP -}}
- {{- printf "http://%s:30004" .Values.global.staticIP -}}
+ {{- printf "http://%s:30007" .Values.global.staticIP -}}
{{- else if $externalIP -}}
- {{- printf "http://%s:30004" $externalIP -}}
+ {{- printf "http://%s:30007" $externalIP -}}
{{- else -}}
- {{- printf "http://%s:30004" $internalIP -}}
+ {{- printf "http://%s:30007" $internalIP -}}
{{- end -}}
{{- else if eq (.Values.global.accessMode | toString) "private" -}}
{{/* InternalIP from node*/}}
@@ -108,9 +108,9 @@ Node_IP for gopaddle webhook
{{- end -}}
{{/*asign a value to Node_IP */}}
{{- if .Values.global.staticIP -}}
- {{- printf "http://%s:30004" .Values.global.staticIP -}}
+ {{- printf "http://%s:30007" .Values.global.staticIP -}}
{{- else -}}
- {{- printf "http://%s:30004" $internalIP -}}
+ {{- printf "http://%s:30007" $internalIP -}}
{{- end -}}
{{- end -}}
@@ -118,7 +118,7 @@ Node_IP for gopaddle webhook
{{- end -}}
{{/*
-BASE_SERVER for gopaddle ui
+BASE_SERVER for gopaddle ui [BackEnd]
*/}}
{{- define "gopaddle.baseServer" -}}
{{- if eq (.Values.global.routingType | toString) "NodePortWithIngress" -}}
@@ -176,11 +176,70 @@ BASE_SERVER for gopaddle ui
{{- end -}}
{{- end -}}
+{{/*
+BASE_SERVER for gopaddle ui [FrontEnd]
+*/}}
+{{- define "gopaddle.baseServerUI" -}}
+{{- if eq (.Values.global.routingType | toString) "NodePortWithIngress" -}}
+ {{- if .Values.global.gopaddle.https -}}
+ {{- printf "https://%s:30002" .Values.global.gopaddle.domainName -}}
+ {{- else -}}
+ {{- printf "https://%s:30002" .Values.global.gopaddle.domainName -}}
+ {{- end -}}
+{{- else if eq (.Values.global.routingType | toString) "LoadBalancer" -}}
+ {{- if .Values.global.gopaddle.https -}}
+ {{- printf "https://%s" .Values.global.gopaddle.domainName -}}
+ {{- else -}}
+ {{- printf "https//:%s" .Values.global.gopaddle.domainName -}}
+ {{- end -}}
+{{- else if eq (.Values.global.routingType | toString) "NodePortWithOutIngress" -}}
+ {{- if eq (.Values.global.accessMode | toString) "public" -}}
+ {{/* ExternalIP from node*/}}
+ {{- $externalIP := "" -}}
+ {{- $internalIP :="" -}}
+ {{- range $index, $node := (lookup "v1" "Node" "" "").items -}}
+ {{- range $address:= $node.status.addresses -}}
+ {{- if eq ($address.type | toString) "ExternalIP" -}}
+ {{- $externalIP = $address.address -}}
+ {{- else if eq ($address.type | toString) "InternalIP" -}}
+ {{- $internalIP = $address.address -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+ {{/*asign a value to BASE_SERVER */}}
+ {{- if .Values.global.staticIP -}}
+ {{- printf "http://%s:30003" .Values.global.staticIP -}}
+ {{- else if $externalIP -}}
+ {{- printf "http://%s:30003" $externalIP -}}
+ {{- else -}}
+ {{- printf "http://%s:30003" $internalIP -}}
+ {{- end -}}
+ {{- else if eq (.Values.global.accessMode | toString) "private" -}}
+ {{/* InternalIP from node*/}}
+ {{- $internalIP := "" -}}
+ {{- range $index, $node := (lookup "v1" "Node" "" "").items -}}
+ {{- range $address:= $node.status.addresses -}}
+ {{- if eq ($address.type | toString) "InternalIP" -}}
+ {{- $internalIP = $address.address -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+ {{/*asign a value to BASE_SERVER */}}
+ {{- if .Values.global.staticIP -}}
+ {{- printf "http://%s:30003" .Values.global.staticIP -}}
+ {{- else -}}
+ {{- printf "http://%s:30003" $internalIP -}}
+ {{- end -}}
+ {{- end -}}
+
+{{- end -}}
+{{- end -}}
+
{{/*
NODE_IP_ENDPOINT for gopaddle GPCTL
*/}}
{{- define "gopaddle.clusterNodeIP" -}}
-{{- if eq (.Values.global.cluster.type | toString) "docker" -}}
+{{- if .Values.global.cluster.nodeIP -}}
{{- printf "http://%s:30004" .Values.global.cluster.nodeIP -}}
{{- end -}}
{{- end -}}
@@ -193,34 +252,44 @@ NODE_IP_ENDPOINT for gopaddle GPCTL
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf appworker.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf appworker.tar.gz appworker.log" >>/app/logcleanscript.sh
- echo "echo > appworker.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > appworker.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ # echo "----------- start conatainer ------------"
./appworker kube > /var/log/gopaddle/appworker.log
tail -f /var/log/gopaddle/appworker.log
{{- else if eq (.Values.global.cluster.provider | toString) "hpe" -}}
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf appworker.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf appworker.tar.gz appworker.log" >>/app/logcleanscript.sh
- echo "echo > appworker.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > appworker.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start appworker --------"
+ # echo "----------- start appworker --------"
./appworker kube > /var/log/gopaddle/appworker.log
tail -f /var/log/gopaddle/appworker.log
{{- end -}}
@@ -235,34 +304,42 @@ NODE_IP_ENDPOINT for gopaddle GPCTL
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf deploymentmanager.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf deploymentmanager.tar.gz deploymentmanager.log" >>/app/logcleanscript.sh
- echo "echo > deploymentmanager.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > deploymentmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
./deploymentmanager kube > /var/log/gopaddle/deploymentmanager.log
tail -f /var/log/gopaddle/deploymentmanager.log
{{- else if eq (.Values.global.cluster.provider | toString) "hpe" -}}
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf deploymentmanager.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf deploymentmanager.tar.gz deploymentmanager.log" >>/app/logcleanscript.sh
- echo "echo > deploymentmanager.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > deploymentmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start deploymentmanager --------"
./deploymentmanager kube > /var/log/gopaddle/deploymentmanager.log
tail -f /var/log/gopaddle/deploymentmanager.log
{{- end -}}
@@ -277,34 +354,44 @@ NODE_IP_ENDPOINT for gopaddle GPCTL
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf clustermanager.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf clustermanager.tar.gz clustermanager.log" >>/app/logcleanscript.sh
- echo "echo > clustermanager.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > clustermanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ # echo "----------- start conatainer ------------"
./clustermanager kube > /var/log/gopaddle/clustermanager.log
tail -f /var/log/gopaddle/clustermanager.log
{{- else if eq (.Values.global.cluster.provider | toString) "hpe" -}}
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf clustermanager.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf clustermanager.tar.gz clustermanager.log" >>/app/logcleanscript.sh
- echo "echo > clustermanager.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > clustermanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start clustermanager --------"
+ # echo "----------- start clustermanager --------"
./clustermanager kube > /var/log/gopaddle/clustermanager.log
tail -f /var/log/gopaddle/clustermanager.log
{{- end -}}
@@ -319,33 +406,44 @@ NODE_IP_ENDPOINT for gopaddle GPCTL
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf gpcore.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf gpcore.tar.gz gpcore.log" >>/app/logcleanscript.sh
- echo "echo > gpcore.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > gpcore.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ # echo "----------- start conatainer ------------"
./gpcore kube > /var/log/gopaddle/gpcore.log
tail -f /var/log/gopaddle/gpcore.log
{{- else if eq (.Values.global.cluster.provider | toString) "hpe" -}}
args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "tar -cvzf gpcore.tar.gz gpcore.log" >>/app/logcleanscript.sh
- echo "echo > gpcore.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > gpcore.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ # echo "----------- start conatainer ------------"
./gpcore kube > /var/log/gopaddle/gpcore.log
tail -f /var/log/gopaddle/gpcore.log
{{- end -}}
@@ -499,7 +597,7 @@ routingType for gopaddle
{{- $repoPath := .Values.global.airgapped.imageRegistryInfo.repoPath | trimPrefix "/" | trimSuffix "/" -}}
{{- printf "%s/%s" $registryUrl $repoPath -}}
{{- else -}}
- {{- printf "gcr.io/bluemeric-1308" -}}
+ {{- printf "trov" -}}
{{- end -}}
{{- end -}}
@@ -613,7 +711,7 @@ routingType for gopaddle
{{- if and (.Values.global.airgapped.enabled) (eq (.Values.global.airgapped.imageRegistryType | toString ) "private") -}}
{{- $registryUrl := .Values.global.airgapped.imageRegistryInfo.registryUrl | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/" -}}
{{- $repoPath := .Values.global.airgapped.imageRegistryInfo.repoPath | trimPrefix "/" | trimSuffix "/" -}}
- {{- printf "%s/%s/node-exporter:v0.16.0" $registryUrl $repoPath -}}
+ {{- printf "%s/%s/node-exporter:v1.5.0" $registryUrl $repoPath -}}
{{- end -}}
{{- end -}}
@@ -641,7 +739,7 @@ routingType for gopaddle
{{- if and (.Values.global.airgapped.enabled) (eq (.Values.global.airgapped.imageRegistryType | toString ) "private") -}}
{{- $registryUrl := .Values.global.airgapped.imageRegistryInfo.registryUrl | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/" -}}
{{- $repoPath := .Values.global.airgapped.imageRegistryInfo.repoPath | trimPrefix "/" | trimSuffix "/" -}}
- {{- printf "%s/%s/configmap-reload:v0.2.2" $registryUrl $repoPath -}}
+ {{- printf "%s/%s/configmap-reload:v0.8.0" $registryUrl $repoPath -}}
{{- end -}}
{{- end -}}
@@ -660,7 +758,7 @@ routingType for gopaddle
{{- if and (.Values.global.airgapped.enabled) (eq (.Values.global.airgapped.imageRegistryType | toString ) "private") -}}
{{- $registryUrl := .Values.global.airgapped.imageRegistryInfo.registryUrl | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/" -}}
{{- $repoPath := .Values.global.airgapped.imageRegistryInfo.repoPath | trimPrefix "/" | trimSuffix "/" -}}
- {{- printf "%s/%s/grafana:v7.0.3-00ee734baf" $registryUrl $repoPath -}}
+ {{- printf "%s/%s/grafana/grafana:8.5.22" $registryUrl $repoPath -}}
{{- end -}}
{{- end -}}
@@ -762,68 +860,3 @@ routingType for gopaddle
{{- end -}}
{{- end -}}
-{{/* mongo */}}
-{{- define "gopaddle.mongo" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "mongo" -}}
-{{- else -}}
- {{- printf "arm64v8/mongo" -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/* influxdb */}}
-{{- define "gopaddle.influxdb" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "influxdb" -}}
-{{- else -}}
- {{- printf "arm64v8/influxdb" -}}
-{{- end -}}
-{{- end -}}
-
-{{/* esearch */}}
-{{- define "gopaddle.esearch" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "elasticsearch" -}}
-{{- else -}}
- {{- printf "arm64v8/elasticsearch" -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/* redis */}}
-{{- define "gopaddle.redis" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "redis" -}}
-{{- else -}}
- {{- printf "arm64v8/redis" -}}
-{{- end -}}
-{{- end -}}
-
-{{/* rabbitmq */}}
-{{- define "gopaddle.rabbitmq" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "rabbitmq" -}}
-{{- else -}}
- {{- printf "arm64v8/rabbitmq" -}}
-{{- end -}}
-{{- end -}}
-
-{{/* defaultbackend */}}
-{{- define "gopaddle.defaultbackend" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "defaultbackend" -}}
-{{- else -}}
- {{- printf "defaultbackend-arm64" -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/* nginx */}}
-{{- define "gopaddle.esearch.imageTag" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- .Values.esearch.esearch.imageTag -}}
-{{- else -}}
- {{- printf "7.8.0" -}}
-{{- end -}}
-{{- end -}}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/activitymanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/activitymanager-deployment.yaml
index c3f533550..a2cd81748 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/activitymanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/activitymanager-deployment.yaml
@@ -46,17 +46,22 @@ spec:
- args:
- |-
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf activitymanager.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf activitymanager.tar.gz activitymanager.log" >>/app/logcleanscript.sh
- echo "echo > activitymanager.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > activitymanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ # echo "----------- start conatainer ------------"
./activitymanager kube > /var/log/gopaddle/activitymanager.log
tail -f /var/log/gopaddle/activitymanager.log
command:
@@ -72,9 +77,13 @@ spec:
envFrom:
- secretRef:
name: activitymanager-activitymanager-envsecret-wuhue
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/activitymanager:{{ .Values.activitymanager.activitymanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/activitymanager:{{ .Values.activitymanager.activitymanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8009
@@ -88,7 +97,7 @@ spec:
name: 8009-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8009
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/alertmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/alertmanager-deployment.yaml
index 28a3cabb8..db902ea7a 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/alertmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/alertmanager-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > alertmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./alertmanager kube > /var/log/gopaddle/alertmanager.log
tail -f /var/log/gopaddle/alertmanager.log
command:
@@ -63,9 +78,13 @@ spec:
envFrom:
- secretRef:
name: alertmanager-alertmanager-envsecret-04tog
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/alertmanager:{{ .Values.alertmanager.alertmanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/alertmanager:{{ .Values.alertmanager.alertmanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8012
@@ -79,7 +98,7 @@ spec:
name: 8012-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8012
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/appscanner-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/appscanner-deployment.yaml
index dde7db686..b64ce31b1 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/appscanner-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/appscanner-deployment.yaml
@@ -46,17 +46,22 @@ spec:
- args:
- |
#!/bin/bash
- echo "cd /var/log/gopaddle/" > /app/logcleanscript.sh
- echo "rm -rf appscanner.tar.gz" >> /app/logcleanscript.sh
- echo "tar -cvzf appscanner.tar.gz appscanner.log" >>/app/logcleanscript.sh
- echo "echo > appscanner.log" >> /app/logcleanscript.sh
- crontab -l
- chmod 0777 /app/logcleanscript.sh
- echo */1 */8 * * */5 /app/logcleanscript.sh > /var/log/cron.log 2>&1 >> logclean.cron
- crontab logclean.cron
- service cron restart
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > appscanner.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ # echo "----------- start conatainer ------------"
./appscanner kube > /var/log/gopaddle/appscanner.log
tail -f /var/log/gopaddle/appscanner.log
command:
@@ -72,9 +77,13 @@ spec:
envFrom:
- secretRef:
name: appscanner-appscanner-envsecret-06oce
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/appscanner:{{ .Values.appscanner.appscanner.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/appscanner:{{ .Values.appscanner.appscanner.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8022
@@ -88,7 +97,7 @@ spec:
name: 8022-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8022
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/appworker-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/appworker-deployment.yaml
index b99b38f26..72b574346 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/appworker-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/appworker-deployment.yaml
@@ -88,9 +88,13 @@ spec:
envFrom:
- secretRef:
name: appworker-appworker-envsecret-ycm42
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/appworker:{{ .Values.appworker.appworker.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/appworker:{{ .Values.appworker.appworker.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8010
@@ -104,7 +108,7 @@ spec:
name: 8010-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8010
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/cloudmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/cloudmanager-deployment.yaml
index af2777cf6..fee4c739e 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/cloudmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/cloudmanager-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > cloudmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./cloudmanager kube > /var/log/gopaddle/cloudmanager.log
tail -f /var/log/gopaddle/cloudmanager.log
command:
@@ -61,9 +76,13 @@ spec:
envFrom:
- secretRef:
name: cloudmanager-cloudmanager-envsecret-onluv
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/cloudmanager:{{ .Values.cloudmanager.cloudmanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/cloudmanager:{{ .Values.cloudmanager.cloudmanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8018
@@ -77,7 +96,7 @@ spec:
name: 8018-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8018
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-clustermanager-configmap-vadks.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-clustermanager-configmap-vadks.yaml
index d0b886423..bcca90760 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-clustermanager-configmap-vadks.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-clustermanager-configmap-vadks.yaml
@@ -27,3 +27,7 @@ data:
{{ (.Files.Glob "files/clustermanager/clustermanager/albcontrollercft.yaml").AsConfig | indent 2 }}
{{ (.Files.Glob "files/clustermanager/clustermanager/amazon-eks-vpc-private-public.yaml").AsConfig | indent 2 }}
{{ (.Files.Glob "files/clustermanager/clustermanager/amazon-eks-fully-private-vpc.yaml").AsConfig | indent 2 }}
+{{ (.Files.Glob "files/clustermanager/clustermanager/bastion-cft.yaml").AsConfig | indent 2 }}
+{{ (.Files.Glob "files/clustermanager/clustermanager/bastion-kubeconfig.yaml").AsConfig | indent 2 }}
+{{ (.Files.Glob "files/clustermanager/clustermanager/ssm_document.json").AsConfig | indent 2 }}
+
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-deployment.yaml
index cc53ac60e..086662eef 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/clustermanager-deployment.yaml
@@ -108,13 +108,24 @@ spec:
value: {{ .Values.global.airgapped.imageRegistryInfo.authType }}
{{- end}}
{{- end }}
+{{- else }}
+ - name: DEFAULT_BACKEND_IMAGE
+ {{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ value: {{ template "gopaddle.googleContainer.registryUrl" . }}/{{ .Values.defaultbackend.defaultbackend.imageArm }}:{{ .Values.defaultbackend.defaultbackend.imageTag }}
+ {{- else }}
+ value: {{ template "gopaddle.googleContainer.registryUrl" . }}/{{ .Values.defaultbackend.defaultbackend.image }}:{{ .Values.defaultbackend.defaultbackend.imageTag }}
+ {{- end }}
{{- end }}
envFrom:
- secretRef:
name: clustermanager-clustermanager-envsecret-ipy9y
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/clustermanager:{{ .Values.clustermanager.clustermanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/clustermanager:{{ .Values.clustermanager.clustermanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8013
@@ -128,7 +139,7 @@ spec:
name: 8013-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8013
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/clustertemplatemanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/clustertemplatemanager-deployment.yaml
index 7296b3e5f..5cee3cc56 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/clustertemplatemanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/clustertemplatemanager-deployment.yaml
@@ -63,9 +63,13 @@ spec:
envFrom:
- secretRef:
name: clustertemplatemanag-clustertemplatemanag-envsecret-g2i9t
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/clustertemplatemanager:{{ .Values.clustertemplatemanager.clustertemplatemanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/clustertemplatemanager:{{ .Values.clustertemplatemanager.clustertemplatemanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8050
@@ -79,7 +83,7 @@ spec:
name: 8050-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8050
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/configmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/configmanager-deployment.yaml
index 4dcec6ab5..14157237a 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/configmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/configmanager-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > configmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./configmanager kube > /var/log/gopaddle/configmanager.log
tail -f /var/log/gopaddle/configmanager.log
command:
@@ -61,9 +76,13 @@ spec:
envFrom:
- secretRef:
name: configmanager-configmanager-envsecret-n8xui
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/configmanager:{{ .Values.configmanager.configmanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/configmanager:{{ .Values.configmanager.configmanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8001
@@ -77,7 +96,7 @@ spec:
name: 8001-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8001
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/costmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/costmanager-deployment.yaml
index c09138773..4cc6703a4 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/costmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/costmanager-deployment.yaml
@@ -45,6 +45,22 @@ spec:
containers:
- args:
- |-
+ #!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > costmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./costmanager kube > /var/log/gopaddle/costmanager.log
tail -f /var/log/gopaddle/costmanager.log
command:
@@ -60,9 +76,13 @@ spec:
envFrom:
- secretRef:
name: costmanager-costmanager-envsecret-nq4hj
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/costmanager:{{ .Values.costmanager.costmanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/costmanager:{{ .Values.costmanager.costmanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8011
@@ -76,7 +96,7 @@ spec:
name: 8011-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8011
@@ -86,8 +106,8 @@ spec:
timeoutSeconds: 10
resources:
limits:
- cpu: 100m
- memory: 100M
+ cpu: 300m
+ memory: 500M
requests:
cpu: 10m
memory: 50M
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/deploymentmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/deploymentmanager-deployment.yaml
index 49044bbe5..e3f50d60a 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/deploymentmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/deploymentmanager-deployment.yaml
@@ -88,9 +88,13 @@ spec:
envFrom:
- secretRef:
name: deploymentmanager-deploymanager-envsecret-ik60p
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/deploymanager:{{ .Values.deploymentmanager.deploymanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/deploymanager:{{ .Values.deploymentmanager.deploymanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8003
@@ -107,7 +111,7 @@ spec:
name: 8017-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8003
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/domainmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/domainmanager-deployment.yaml
index 287018958..bb76cda34 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/domainmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/domainmanager-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add busybox-openrc
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > domainmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./domainmanager kube > /var/log/gopaddle/domainmanager.log
tail -f /var/log/gopaddle/domainmanager.log
command:
@@ -61,9 +76,13 @@ spec:
envFrom:
- secretRef:
name: domainmanager-domainmanager-envsecret-bzb3z
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/domainmanager:{{ .Values.domainmanager.domainmanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/domainmanager:{{ .Values.domainmanager.domainmanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8004
@@ -77,7 +96,7 @@ spec:
name: 8004-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8004
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/emailer-job.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/emailer-job.yaml
new file mode 100644
index 000000000..95e420b5b
--- /dev/null
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/emailer-job.yaml
@@ -0,0 +1,48 @@
+{{- if eq (.Values.global.installer.edition | toString) "Lite" }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: emailer-job
+ namespace: {{ .Release.Namespace }}
+spec:
+ schedule: "* 19 * * 5"
+ jobTemplate:
+ spec:
+ template:
+ spec:
+ containers:
+ - args:
+ - |-
+ #!/bin/bash
+ ARCH=`uname -m` && \
+ if [ "$ARCH" == "x86_64" ]; then \
+ cp ./kubeaudit.amd64 ./kubeaudit; \
+ else \
+ echo "unknown arch" && \
+ cp ./kubeaudit.arm64 ./kubeaudit; \
+ fi
+ chmod +x ./kubeaudit ./emailservice ./runAudit.sh
+ sh -x ./runAudit.sh
+ command:
+ - /bin/sh
+ - -c
+ env:
+ - name: NODE_IP
+ value: {{ template "gopaddle.baseServerUI" . }}
+ - name: GP_RELEASE
+ value: {{ quote .Chart.AppVersion }}
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/emailer:{{ .Values.emailer.emailer.imageTagArm }}
+{{- else }}
+ image: {{ template "gopaddle.registryUrl" . }}/emailer:{{ .Values.emailer.emailer.imageTag }}
+{{- end }}
+ imagePullPolicy: IfNotPresent
+ name: emailer
+ restartPolicy: OnFailure
+ imagePullSecrets:
+{{- if .Values.global.airgapped.enabled }}
+ - name: {{ .Values.global.airgapped.imageRegistryInfo.imageSecret }}
+{{- else }}
+ - name: gcr-json-key
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-configmap-multi-arch.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-configmap-multi-arch.yaml
new file mode 100644
index 000000000..75a063e5a
--- /dev/null
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-configmap-multi-arch.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: elasticsearch-config
+ namespace: {{ .Release.Namespace }}
+ labels:
+ component: elasticsearch
+data:
+ elasticsearch.yml: |
+ cluster.name: password-protected-efk
+ node.name: node-1
+ path.data: /usr/share/elasticsearch/data
+ http:
+ host: 0.0.0.0
+ port: 9200
+ bootstrap.memory_lock: true
+ transport.host: 127.0.0.1
+ xpack.license.self_generated.type: basic
+ # Enable xpack.security which is provided in basic subscription
+ xpack.security.enabled: true
+ # Disable unused xpack features
+ xpack.monitoring.enabled: false
+ xpack.graph.enabled: false
+ xpack.watcher.enabled: false
+ xpack.ml.enabled: false
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-configmap-slj65.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-configmap-slj65.yaml
index 847848cbd..4d3361cea 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-configmap-slj65.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-configmap-slj65.yaml
@@ -1,3 +1,4 @@
+{{- if eq (.Values.global.installer.arch | toString) "amdold" }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -11,3 +12,4 @@ metadata:
namespace: {{ .Release.Namespace }}
data:
{{ (.Files.Glob "files/esearch/esearch/esearch.sh").AsConfig | indent 2 }}
+{{- end }}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-envsecret-14sx3.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-envsecret-14sx3.yaml
index 3c27654e1..b3a796420 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-envsecret-14sx3.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-esearch-envsecret-14sx3.yaml
@@ -1,3 +1,4 @@
+{{- if eq (.Values.global.installer.arch | toString) "amdold" }}
apiVersion: v1
kind: Secret
metadata:
@@ -10,3 +11,4 @@ metadata:
servicegroup: esearch-lz5zjizb
name: esearch-esearch-envsecret-14sx3
namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset-multi-arch.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset-multi-arch.yaml
new file mode 100644
index 000000000..0f460d550
--- /dev/null
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset-multi-arch.yaml
@@ -0,0 +1,92 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: esearch
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: esearch
+ app-id: appsab909ba8cbe61c46e1cb3f9c4dffd24b038a
+ family: servicegroup
+ name: esearch
+ released-by: gopaddle
+ servicegroup: esearch-lz5zjizb
+ servicegroup-name: esearch
+spec:
+ serviceName: esearch-headless
+ replicas: 1
+ selector:
+ matchLabels:
+ component: esearch
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ app: esearch
+ app-id: appsab909ba8cbe61c46e1cb3f9c4dffd24b038a
+ family: servicegroup
+ name: esearch
+ released-by: gopaddle
+ servicegroup: esearch-lz5zjizb
+ component: esearch
+ name: esearch
+ spec:
+ affinity: {}
+{{- if .Values.global.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.global.nodeSelector | indent 8 }}
+{{- end }}
+ containers:
+ - name: esearch
+ image: {{ .Values.esearch.esearch.image }}
+ imagePullPolicy: Always
+ env:
+ - name: discovery.type
+ value: single-node
+ - name: ELASTIC_PASSWORD
+ value: cGFzc3dvcmQ
+ ports:
+ - containerPort: 9200
+ name: http
+ protocol: TCP
+ volumeMounts:
+ - name: elasticsearch-config
+ mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+ subPath: elasticsearch.yml
+ - name: data
+ mountPath: /usr/share/elasticsearch/data
+ resources:
+ limits:
+ cpu: "1"
+ memory: 2G
+ requests:
+ cpu: 300m
+ memory: 500M
+ # Allow non-root user to access PersistentVolume
+ securityContext:
+ fsGroup: 1000
+ restartPolicy: Always
+ volumes:
+ - name: elasticsearch-config
+ configMap:
+ name: elasticsearch-config
+ volumeClaimTemplates:
+ - metadata:
+ creationTimestamp: null
+ labels:
+ app: data
+ app-id: appsab909ba8cbe61c46e1cb3f9c4dffd24b038a
+ name: esearch
+ released-by: gopaddle
+ servicegroup: esearch-lz5zjizb
+ name: data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ limits:
+ storage: 20Gi
+ requests:
+ storage: 10Gi
+ storageClassName: {{ template "gopaddle.storageClass" . }}
+ volumeMode: Filesystem
+ status: {}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset.yaml
index ef10e201b..003209794 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/esearch-statefulset.yaml
@@ -1,3 +1,4 @@
+{{- if eq (.Values.global.installer.arch | toString) "amdold" }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -49,7 +50,11 @@ spec:
envFrom:
- secretRef:
name: esearch-esearch-envsecret-14sx3
- image: {{ template "gopaddle.esearch" . }}:{{ template "gopaddle.esearch.imageTag" . }}
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ .Values.esearch.esearch.image }}:{{ .Values.esearch.esearch.imageTagArm }}
+{{- else }}
+ image: {{ .Values.esearch.esearch.image }}:{{ .Values.esearch.esearch.imageTag }}
+{{- end }}
name: esearch
ports:
- containerPort: 9200
@@ -104,3 +109,4 @@ spec:
storageClassName: {{ template "gopaddle.storageClass" . }}
volumeMode: Filesystem
status: {}
+{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/gateway-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/gateway-deployment.yaml
index 00f6f46df..c5350fb9b 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/gateway-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/gateway-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > gateway.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./gateway kube > /var/log/gopaddle/gateway.log
tail -f /var/log/gopaddle/gateway.log
command:
@@ -61,9 +76,13 @@ spec:
envFrom:
- secretRef:
name: gateway-gateway-envsecret-gctwp
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/gateway:{{ .Values.gateway.gateway.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/gateway:{{ .Values.gateway.gateway.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /status
port: 8006
@@ -80,7 +99,7 @@ spec:
name: 8017-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /status
port: 8006
@@ -118,13 +137,17 @@ spec:
- name: HOST
value: {{ quote .Values.gateway.gpkubeux.envMap.HOST }}
- name: GP_RELEASE
- value: {{ quote .Values.gateway.gpkubeux.gpReleaseVersion }}
+ value: {{ quote .Chart.AppVersion }}
- name: BASE_SERVER
value: {{ template "gopaddle.baseServer" . }}
- name: INSTALL_SOURCE
+{{- if eq (.Values.global.installer.edition | toString) "Enterprise" }}
+ value: "onprem"
+{{- else }}
value: {{quote (lower .Values.global.installer.edition) }}
+{{- end }}
- name: NODE_IP
-{{- if eq (.Values.global.cluster.type | toString) "docker" }}
+{{- if .Values.global.cluster.nodeIP }}
value: {{ template "gopaddle.clusterNodeIP" . }}
{{- else }}
value: {{ template "gopaddle.baseServer" . }}
@@ -138,7 +161,11 @@ spec:
envFrom:
- secretRef:
name: gateway-gpkubeux-envsecret-ai5wl
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/gpkubeux:{{ .Values.gateway.gpkubeux.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/gpkubeux:{{ .Values.gateway.gpkubeux.imageTag }}
+{{- end }}
livenessProbe:
exec:
command:
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/gpcore-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/gpcore-deployment.yaml
index 8a250d4ff..c04244956 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/gpcore-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/gpcore-deployment.yaml
@@ -114,9 +114,13 @@ spec:
envFrom:
- secretRef:
name: gpcore-core-envsecret-51439
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/core:{{ .Values.gpcore.core.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/core:{{ .Values.gpcore.core.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8759
@@ -130,7 +134,7 @@ spec:
name: 8759-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8759
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/influxdb-statefulset.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/influxdb-statefulset.yaml
index 78c050c38..4a18ce23e 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/influxdb-statefulset.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/influxdb-statefulset.yaml
@@ -49,7 +49,7 @@ spec:
envFrom:
- secretRef:
name: influxdb-influxdb-envsecret-3nazp
- image: {{ template "gopaddle.influxdb" . }}:{{ .Values.influxdb.influxdb.imageTag }}
+ image: {{ .Values.influxdb.influxdb.image }}:{{ .Values.influxdb.influxdb.imageTag }}
name: influxdb
ports:
- containerPort: 8086
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/ingress-cluster-default-http-backend.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/ingress-cluster-default-http-backend.yaml
index 61f09f56c..f81fea8dc 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/ingress-cluster-default-http-backend.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/ingress-cluster-default-http-backend.yaml
@@ -24,7 +24,11 @@ spec:
released-by: gopaddle
spec:
containers:
- - image: {{ template "gopaddle.googleContainer.registryUrl" . }}/{{ template "gopaddle.defaultbackend" . }}:1.4
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ - image: {{ template "gopaddle.googleContainer.registryUrl" . }}/{{ .Values.defaultbackend.defaultbackend.imageArm }}:{{ .Values.defaultbackend.defaultbackend.imageTag }}
+{{- else }}
+ - image: {{ template "gopaddle.googleContainer.registryUrl" . }}/{{ .Values.defaultbackend.defaultbackend.image }}:{{ .Values.defaultbackend.defaultbackend.imageTag }}
+{{- end }}
livenessProbe:
httpGet:
path: /healthz
@@ -37,11 +41,11 @@ spec:
- containerPort: 8080
resources:
limits:
- cpu: 100m
- memory: 30Mi
+ cpu: 70m
+ memory: 300Mi
requests:
- cpu: 10m
- memory: 20Mi
+ cpu: 30m
+ memory: 50Mi
terminationGracePeriodSeconds: 60
{{- if .Values.global.airgapped.enabled }}
imagePullSecrets:
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/marketplace-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/marketplace-deployment.yaml
index 7f8799e72..b6056b259 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/marketplace-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/marketplace-deployment.yaml
@@ -46,8 +46,24 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > marketplace.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
- echo "----------- start conatainer ------------"
+ chmod +x helm
+ mv helm /usr/local/bin
+ # echo "----------- start conatainer ------------"
./marketplace kube > /var/log/gopaddle/marketplace.log
tail -f /var/log/gopaddle/marketplace.log
command:
@@ -63,9 +79,13 @@ spec:
envFrom:
- secretRef:
name: marketplace-marketplace-envsecret-rmadj
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/marketplace:{{ .Values.marketplace.marketplace.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/marketplace:{{ .Values.marketplace.marketplace.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8023
@@ -79,7 +99,7 @@ spec:
name: 8023-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8023
@@ -89,11 +109,11 @@ spec:
timeoutSeconds: 10
resources:
limits:
- cpu: 100m
- memory: 100M
+ cpu: 300m
+ memory: 500M
requests:
- cpu: 10m
- memory: 50M
+ cpu: 100m
+ memory: 200M
securityContext: {}
volumeMounts:
- mountPath: /app/config
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/mongodb-statefulset.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/mongodb-statefulset.yaml
index 1e95bf66b..5fe0a20da 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/mongodb-statefulset.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/mongodb-statefulset.yaml
@@ -53,7 +53,7 @@ spec:
envFrom:
- secretRef:
name: mongodb-mongo-envsecret-bd5xi
- image: {{ template "gopaddle.mongo" . }}:{{ .Values.mongodb.mongo.imageTag }}
+ image: {{ .Values.mongodb.mongo.image }}:{{ .Values.mongodb.mongo.imageTag }}
name: mongo
ports:
- containerPort: 27017
@@ -89,7 +89,7 @@ spec:
envFrom:
- secretRef:
name: mongodb-mongo-init-envsecret-b99qs
- image: {{ template "gopaddle.mongo" . }}:{{ .Values.mongodb.mongoInit.imageTag }}
+ image: {{ .Values.mongodb.mongo.image }}:{{ .Values.mongodb.mongoInit.imageTag }}
name: mongo-init
resources:
limits:
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/nginx-nginx-ingress-controller.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/nginx-nginx-ingress-controller.yaml
index 14c6ddbca..cd5fe21ed 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/nginx-nginx-ingress-controller.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/nginx-nginx-ingress-controller.yaml
@@ -48,7 +48,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: {{ template "gopaddle.nginx.registryUrl" . }}/ingress-nginx/controller:v1.3.0
+ image: {{ .Values.nginxIngress.nginxIngress.image }}:{{ .Values.nginxIngress.nginxIngress.imageTag }}
name: nginx-ingress-controller
resources:
limits:
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/nodechecker-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/nodechecker-deployment.yaml
index 5a311e0ab..f199e1a44 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/nodechecker-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/nodechecker-deployment.yaml
@@ -45,6 +45,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > nodechecker.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./nodechecker kube > /var/log/gopaddle/nodechecker.log
tail -f /var/log/gopaddle/nodechecker.log
command:
@@ -60,9 +75,13 @@ spec:
envFrom:
- secretRef:
name: nodechecker-nodechecker-envsecret-jdvy9
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/nodechecker:{{ .Values.nodechecker.nodechecker.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/nodechecker:{{ .Values.nodechecker.nodechecker.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8020
@@ -76,7 +95,7 @@ spec:
name: 8020-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8020
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-clusterip.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-clusterip.yaml
index 54d96de6d..af1c983d6 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-clusterip.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-clusterip.yaml
@@ -1,4 +1,3 @@
-{{- if eq (.Values.global.installer.edition | toString) "Enterprise" }}
apiVersion: v1
kind: Service
metadata:
@@ -23,4 +22,3 @@ spec:
type: ClusterIP
status:
loadBalancer: {}
-{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-deployment.yaml
index 16646e2d7..13029f131 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-deployment.yaml
@@ -1,4 +1,3 @@
-{{- if eq (.Values.global.installer.edition | toString) "Enterprise" }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -47,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > paymentmanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./paymentmanager kube > /var/log/gopaddle/paymentmanager.log
tail -f /var/log/gopaddle/paymentmanager.log
command:
@@ -62,9 +76,13 @@ spec:
envFrom:
- secretRef:
name: paymentmanager-paymentmanager-envsecret-cgatk
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/paymentmanager:{{ .Values.paymentmanager.paymentmanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/paymentmanager:{{ .Values.paymentmanager.paymentmanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8021
@@ -78,7 +96,7 @@ spec:
name: 8021-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8021
@@ -114,4 +132,3 @@ spec:
- emptyDir: {}
name: log
status: {}
-{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-hpa-vvqrl.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-hpa-vvqrl.yaml
index b6ea83db2..3f682d1b4 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-hpa-vvqrl.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-hpa-vvqrl.yaml
@@ -1,4 +1,3 @@
-{{- if eq (.Values.global.installer.edition | toString) "Enterprise" }}
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
@@ -21,4 +20,3 @@ spec:
status:
currentReplicas: 0
desiredReplicas: 0
-{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-netsec-r80a5.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-netsec-r80a5.yaml
index 3d0df9d5a..94d5aa8c7 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-netsec-r80a5.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-netsec-r80a5.yaml
@@ -1,4 +1,3 @@
-{{- if eq (.Values.global.installer.edition | toString) "Enterprise" }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
@@ -124,4 +123,3 @@ spec:
servicegroup: paymentmanager-3yqw8yo3
policyTypes:
- Ingress
-{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-configmap-f3pct.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-configmap-f3pct.yaml
index e66b426da..8612d382f 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-configmap-f3pct.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-configmap-f3pct.yaml
@@ -1,4 +1,3 @@
-{{- if eq (.Values.global.installer.edition | toString) "Enterprise" }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -15,4 +14,3 @@ data:
{{ (.Files.Glob "files/paymentmanager/paymentmanager/internal_api.json").AsConfig | indent 2 }}
{{ (.Files.Glob "files/paymentmanager/paymentmanager/profiles-kube.json").AsConfig | indent 2 }}
{{ (.Files.Glob "files/paymentmanager/paymentmanager/service_directory-kube.json").AsConfig | indent 2 }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-envsecret-cgatk.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-envsecret-cgatk.yaml
index b695ea7f8..21902a545 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-envsecret-cgatk.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/paymentmanager-paymentmanager-envsecret-cgatk.yaml
@@ -1,4 +1,3 @@
-{{- if eq (.Values.global.installer.edition| toString) "Enterprise" }}
apiVersion: v1
kind: Secret
metadata:
@@ -11,4 +10,3 @@ metadata:
servicegroup: paymentmanager-3yqw8yo3
name: paymentmanager-paymentmanager-envsecret-cgatk
namespace: {{ .Release.Namespace }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/rabbitmq-statefulset.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/rabbitmq-statefulset.yaml
index f354a6632..ebb233304 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/rabbitmq-statefulset.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/rabbitmq-statefulset.yaml
@@ -51,7 +51,7 @@ spec:
envFrom:
- secretRef:
name: rabbitmq-rabbitmq-envsecret-tgmx3
- image: {{ template "gopaddle.rabbitmq" . }}:{{ .Values.rabbitmq.rabbitmq.imageTag }}
+ image: {{ .Values.rabbitmq.rabbitmq.image }}:{{ .Values.rabbitmq.rabbitmq.imageTag }}
name: rabbitmq
ports:
- containerPort: 5672
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_role.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_role.yaml
index 4ad980e57..b5a5515af 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_role.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_role.yaml
@@ -2,324 +2,336 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: gopaddle
+ name: gopaddle
rules:
- - apiGroups:
- - "apps"
- resources:
- - deployments
- - statefulsets
- - replicasets
- - daemonsets
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - "batch"
- resources:
- - jobs
- - cronjobs
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - "autoscaling"
- resources:
- - horizontalpodautoscalers
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - ""
- resources:
- - rollBacks
- - namespaces
- - services
- - configmaps
- - secrets
- - pods
- - pods/log
- - pods/exec
- - pods/status
- - persistentVolumes
- - persistentVolumeClaims
- - networkpolicies
- - serviceaccounts
-
- - endpoints
- - limitranges
- - persistentvolumeclaims
- - persistentvolumes
- - replicationcontrollers
- - resourcequotas
- - ingresses
- - nodes/proxy
- - events
- - bindings
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - "extensions"
- - "networking.k8s.io"
- resources:
- - networkpolicies
- - ingresses
- - ingresses/status
- - daemonsets
- - deployments
- - replicasets
- - daemonsets/status
- - deployments/scale
- - deployments/status
- - replicasets/scale
- - replicasets/status
- - replicationcontrollers/scale
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - "extensions"
- - "networking.k8s.io"
- resources:
- - ingressclasses
- verbs:
- - get
- - list
- - watch
- - update
-
- - apiGroups:
- - "extensions"
- resources:
- - daemonsets
- - deployments
- - replicasets
-
- - ingresses/status
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - "storage.k8s.io"
- resources:
- - storageclasses
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - "rbac.authorization.k8s.io"
- resources:
- - roles
- - rolebindings
- - clusterroles
- - clusterrolebindings
- verbs:
- - get
- - list
- - watch
- - create
- - update
- - patch
- - delete
- - deletecollection
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - get
- - list
- - watch
- - update
- - nonResourceURLs:
- - "/metrics"
- - "/api/*/v1/*/application/clusterInfo/*/datacollector/eventhandler"
- verbs:
- - get
-
-# Promethus Cluster Roles
- - apiGroups:
- - ""
- resources:
- - namespaces
- - namespaces/status
- - nodes
- - persistentvolumeclaims
- - persistentvolumeclaims/status
- - pods
- - services
- - services/status
- - resourcequotas
- - replicationcontrollers
- - replicationcontrollers/scale
- - replicationcontrollers/status
- - limitranges
- - persistentvolumeclaims
- - persistentvolumes
- - endpoints
- - secrets
- - configmaps
- - resourcequotas/status
- verbs:
- - list
- - get
- - watch
- - apiGroups:
- - extensions
- resources:
- - daemonsets
- - deployments
- - replicasets
- verbs:
- - list
- - watch
- - apiGroups:
- - apps
- resources:
- - statefulsets
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - batch
- resources:
- - cronjobs
- - jobs
- - jobs/status
- - cronjobs/status
- verbs:
- - list
- - watch
- - get
- - apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- - horizontalpodautoscalers/status
- verbs:
- - list
- - get
- - watch
-
- - apiGroups:
- - ""
- resourceNames:
- - ingress-controller-leader
- resources:
- - configmaps
- verbs:
- - get
- - update
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - create
-
- - apiGroups:
- - "apps"
- resources:
- - controllerrevisions
- - daemonsets/status
- - deployments/scale
- - deployments/status
- - statefulsets/scale
- - statefulsets/status
- - replicasets/scale
- - replicasets/status
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "discovery.k8s.io"
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "policy"
- resources:
- - poddisruptionbudgets
- - poddisruptionbudgets/status
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "acme.cert-manager.io"
- resources:
- - challenges
- - orders
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "cert-manager.io"
- resources:
- - certificaterequests
- - issuers
- - certificates
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "metrics.k8s.io"
- resources:
- - nodes
- - pods
- verbs:
- - get
- - list
- - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - statefulsets
+ - replicasets
+ - daemonsets
+ - configmaps
+ - endpoints
+ - limitranges
+ - namespaces
+ - nodes
+ - persistentvolumeclaims
+ - persistentvolumes
+ - pods
+ - replicationcontrollers
+ - resourcequotas
+ - secrets
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ - cronjobs
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - autoscaling
+ resources:
+ - horizontalpodautoscalers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - ""
+ resources:
+ - rollBacks
+ - namespaces
+ - services
+ - configmaps
+ - secrets
+ - pods
+ - pods/log
+ - pods/status
+ - persistentVolumes
+ - persistentVolumeClaims
+ - networkpolicies
+ - serviceaccounts
+ - storageclasses
+ - endpoints
+ - limitranges
+ - persistentvolumeclaims
+ - persistentvolumes
+ - replicationcontrollers
+ - resourcequotas
+ - ingresses
+ - nodes/proxy
+ - events
+ - bindings
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - extensions
+ - networking.k8s.io
+ resources:
+ - networkpolicies
+ - ingresses
+ - ingresses/status
+ - daemonsets
+ - deployments
+ - replicasets
+ - daemonsets/status
+ - deployments/scale
+ - deployments/status
+ - replicasets/scale
+ - replicasets/status
+ - replicationcontrollers/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - extensions
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+- apiGroups:
+ - extensions
+ resources:
+ - daemonsets
+ - deployments
+ - replicasets
+ - ingresses/status
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ - volumeattachments
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - roles
+ - rolebindings
+ - clusterroles
+ - clusterrolebindings
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - deletecollection
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+- nonResourceURLs:
+ - /metrics
+ - /api/*/v1/*/application/clusterInfo/*/datacollector/eventhandler
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - namespaces/status
+ - nodes
+ - persistentvolumeclaims
+ - persistentvolumeclaims/status
+ - pods
+ - services
+ - services/status
+ - resourcequotas
+ - replicationcontrollers
+ - replicationcontrollers/scale
+ - replicationcontrollers/status
+ - limitranges
+ - persistentvolumeclaims
+ - persistentvolumes
+ - endpoints
+ - secrets
+ - configmaps
+ - resourcequotas/status
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - extensions
+ resources:
+ - daemonsets
+ - deployments
+ - replicasets
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - cronjobs
+ - jobs
+ - jobs/status
+ - cronjobs/status
+ verbs:
+ - list
+ - watch
+ - get
+- apiGroups:
+ - autoscaling
+ resources:
+ - horizontalpodautoscalers
+ - horizontalpodautoscalers/status
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - ""
+ resourceNames:
+ - ingress-controller-leader
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ - daemonsets/status
+ - deployments/scale
+ - deployments/status
+ - statefulsets/scale
+ - statefulsets/status
+ - replicasets/scale
+ - replicasets/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ - poddisruptionbudgets/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - acme.cert-manager.io
+ resources:
+ - challenges
+ - orders
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests
+ - issuers
+ - certificates
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metrics.k8s.io
+ resources:
+ - nodes
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/exec
+ verbs:
+ - create
{{- end }}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_rolebinding.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_rolebinding.yaml
index 63ea5c893..c4df05cb0 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_rolebinding.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/rancher_rolebinding.yaml
@@ -3,12 +3,12 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gopaddle
-subjects:
- - kind: ServiceAccount
- name: default
- namespace: gp-lite-4-2
roleRef:
+ apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gopaddle
- apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Release.Namespace }}
{{- end }}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/redis-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/redis-deployment.yaml
index a31f27b93..ec80cf867 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/redis-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/redis-deployment.yaml
@@ -52,7 +52,7 @@ spec:
envFrom:
- secretRef:
name: redis-redis-envsecret-6pack
- image: {{ template "gopaddle.redis" . }}:{{ .Values.redis.redis.imageTag }}
+ image: {{ .Values.redis.redis.image }}:{{ .Values.redis.redis.imageTag }}
name: redis
ports:
- containerPort: 6379
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/usermanager-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/usermanager-deployment.yaml
index 7926d76f8..755917962 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/usermanager-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/usermanager-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > usermanager.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./usermanager kube > /var/log/gopaddle/usermanager.log
tail -f /var/log/gopaddle/usermanager.log
command:
@@ -63,9 +78,13 @@ spec:
envFrom:
- secretRef:
name: usermanager-usermanager-envsecret-w8sg1
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/usermanager:{{ .Values.usermanager.usermanager.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/usermanager:{{ .Values.usermanager.usermanager.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8005
@@ -79,7 +98,7 @@ spec:
name: 8005-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 8005
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-clusterip.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-clusterip.yaml
index 44197bfa3..d030cfb30 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-clusterip.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-clusterip.yaml
@@ -1,3 +1,4 @@
+{{ $type := include "gopaddle.serviceType" . }}
apiVersion: v1
kind: Service
metadata:
@@ -13,12 +14,15 @@ metadata:
spec:
ports:
- name: 9090-tcp
+{{- if eq ($type | toString ) "NodePort" }}
+ nodePort: 30007
+{{- end }}
port: 9090
protocol: TCP
targetPort: 9090
selector:
family: servicegroup
servicegroup: webhook-xvi1s6em
- type: ClusterIP
+ type: {{ template "gopaddle.serviceType" . }}
status:
loadBalancer: {}
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-deployment.yaml b/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-deployment.yaml
index 7b1905404..21ff299c4 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-deployment.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/templates/webhook-deployment.yaml
@@ -46,6 +46,21 @@ spec:
- args:
- |-
#!/bin/bash
+ apk add --no-cache openrc busybox-initscripts
+ openrc
+ touch /run/openrc/softlevel
+ rc-service crond start
+ cat </etc/periodic/15min/logcleanscript
+ #!/bin/sh
+ cd /var/log/gopaddle/
+ rm -rf *.tar.gz
+ tar -cvzf log.tar.gz *.log
+ echo "" > webhook.log
+ EOF
+ chmod a+x /etc/periodic/15min/logcleanscript
+ echo "0 0 * * * /etc/periodic/15min/logcleanscript > /var/log/cron.log 2>&1" >> logclean.cron
+ /usr/bin/crontab logclean.cron
+
./webhook kube > /var/log/gopaddle/webhook.log
tail -f /var/log/gopaddle/webhook.log
command:
@@ -73,9 +88,13 @@ spec:
envFrom:
- secretRef:
name: webhook-webhook-envsecret-1bzkl
+{{- if eq (.Values.global.installer.arch | toString) "arm64" }}
+ image: {{ template "gopaddle.registryUrl" . }}/webhook:{{ .Values.webhook.webhook.imageTagArm }}
+{{- else }}
image: {{ template "gopaddle.registryUrl" . }}/webhook:{{ .Values.webhook.webhook.imageTag }}
+{{- end }}
livenessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 9090
@@ -89,7 +108,7 @@ spec:
name: 9090-tcp
protocol: TCP
readinessProbe:
- failureThreshold: 3
+ failureThreshold: 6
httpGet:
path: /api/status
port: 9090
diff --git a/charts/gopaddle/gopaddle/charts/gp-core/values.yaml b/charts/gopaddle/gopaddle/charts/gp-core/values.yaml
index e50fec25e..a26c11e26 100644
--- a/charts/gopaddle/gopaddle/charts/gp-core/values.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-core/values.yaml
@@ -2,118 +2,142 @@ activitymanager:
activitymanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
alertmanager:
alertmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
appscanner:
appscanner:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.4
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
appworker:
appworker:
envMap:
NODE_NAME: spec.nodeName
rabbitmq_user: admin
- imageTag: dev.lite.13
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
cloudmanager:
cloudmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
clustermanager:
clustermanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.11
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
clustertemplatemanager:
clustertemplatemanager:
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
configmanager:
configmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.8
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
costmanager:
costmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.4
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
deploymentmanager:
deploymanager:
envMap:
NODE_NAME: spec.nodeName
rabbitmq_user: admin
- imageTag: dev.lite.13
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
domainmanager:
domainmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.6
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
esearch:
esearch:
envMap:
discovery.type: single-node
+ image: elasticsearch:7.12.0
imageTag: 1.7.3
+ imageTagArm: 7.8.0
gateway:
gateway:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
gpkubeux:
envMap:
HOST: 0.0.0.0
- imageTag: dev.lite.14
- gpReleaseVersion: 4.2.6
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
+ gpReleaseVersion: 4.2.7
gpcore:
core:
envMap:
NODE_IP: rabbitmq-build-external.$(NAMESPACE).svc.cluster.local
NODE_NAME: spec.nodeName
NODE_PORT: "5672"
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
influxdb:
influxdb:
envMap:
INFLUXDB_ADMIN_PASSWORD: cGFzc3dvcmQ
INFLUXDB_ADMIN_USER: admin
INFLUXDB_HTTP_AUTH_ENABLED: "true"
+ image: influxdb
imageTag: 1.7.10
mongodb:
mongo:
envMap:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_LITE_USERNAME: lite
+ image: mongo
imageTag: 4.0.4
mongoInit:
+ image: mongo
imageTag: 4.0.4
nodechecker:
nodechecker:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
paymentmanager:
paymentmanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
rabbitmq:
rabbitmq:
envMap:
RABBITMQ_DEFAULT_PASS: cGFzc3dvcmQ
RABBITMQ_DEFAULT_USER: admin
+ image: rabbitmq
imageTag: 3.8.5
redis:
redis:
+ image: redis
imageTag: 3.2-alpine
usermanager:
usermanager:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
webhook:
webhook:
envMap:
@@ -121,9 +145,26 @@ webhook:
HOST_IP: status.hostIP
NODE_NAME: spec.nodeName
REPLICA_IP: status.podIP
- imageTag: dev.lite.4
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
marketplace:
marketplace:
envMap:
NODE_NAME: spec.nodeName
- imageTag: dev.lite.3
+ imageTag: multi-arch-4.2.7.lite.1
+ imageTagArm: multi-arch-4.2.7.lite.1
+emailer:
+ emailer:
+ envMap:
+ NODE_NAME: spec.nodeName
+ imageTag: 4.2.7.lite.17
+ imageTagArm: 4.2.7.lite-arm64.1
+defaultbackend:
+ defaultbackend:
+ image: defaultbackend
+ imageArm: defaultbackend-arm64
+ imageTag: 1.4
+nginxIngress:
+ nginxIngress:
+ image: nginx/nginx-ingress
+ imageTag: 3.1-alpine
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml
index 9ae51292b..c435c710b 100644
--- a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
-appVersion: 4.2.5
+appVersion: 4.2.7
description: A Helm chart for Kubernetes
name: gp-rabbitmq
type: application
-version: 4.2.5
+version: 4.2.7
diff --git a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/_helpers.tpl b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/_helpers.tpl
index 735235336..dd4f4cf52 100644
--- a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/_helpers.tpl
+++ b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/_helpers.tpl
@@ -41,12 +41,3 @@ routingType for rabbitmq
{{- "NodePort" -}}
{{- end -}}
{{- end -}}
-
-{{/* rabbitmq */}}
-{{- define "gopaddle.rabbitmq" -}}
-{{- if ne (.Values.global.installer.arch | toString) "arm64" -}}
- {{- printf "rabbitmq" -}}
-{{- else -}}
- {{- printf "arm64v8/rabbitmq" -}}
-{{- end -}}
-{{- end -}}
\ No newline at end of file
diff --git a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/rabbitmq-build-statefulset.yaml b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/rabbitmq-build-statefulset.yaml
index 6c492665c..369796174 100644
--- a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/rabbitmq-build-statefulset.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/templates/rabbitmq-build-statefulset.yaml
@@ -46,7 +46,7 @@ spec:
envFrom:
- secretRef:
name: rabbitmq-build-rabbitmq-envsecret-4jqe5
- image: {{ template "gopaddle.rabbitmq" . }}:{{ .Values.rabbitmqBuild.rabbitmq.imageTag }}
+ image: {{ .Values.rabbitmqBuild.rabbitmq.image }}:{{ .Values.rabbitmqBuild.rabbitmq.imageTag }}
name: rabbitmq
ports:
- containerPort: 5672
diff --git a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/values.yaml b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/values.yaml
index d2ffbf42e..38a016a22 100644
--- a/charts/gopaddle/gopaddle/charts/gp-rabbitmq/values.yaml
+++ b/charts/gopaddle/gopaddle/charts/gp-rabbitmq/values.yaml
@@ -3,4 +3,5 @@ rabbitmqBuild:
envMap:
RABBITMQ_DEFAULT_PASS: cGFzc3dvcmQ
RABBITMQ_DEFAULT_USER: admin
+ image: rabbitmq
imageTag: 3.8.5
diff --git a/charts/gopaddle/gopaddle/readme.md b/charts/gopaddle/gopaddle/readme.md
deleted file mode 100644
index 682247826..000000000
--- a/charts/gopaddle/gopaddle/readme.md
+++ /dev/null
@@ -1,92 +0,0 @@
-
-
-# [gopaddle](https://gopaddle.io/)
-
-[](https://artifacthub.io/packages/search?repo=gopaddle-lite)
-[](https://gopaddleio.slack.com/join/shared_invite/zt-1l73p8wfo-vYk1XcbLAZMo9wcV_AChvg#/shared-invite/email/expanded-email-form)
-[](https://twitter.com/gopaddleio)
-[](https://www.youtube.com/channel/UCtbfM3vjjJJBAka8DCzKKYg)
-
-
-## Installation
-
-### Minimum System Requirements
-gopaddle installation requires a minimum of `8GB RAM` and `4 vCPUs`
-
-### Step to install
-
-Add the helm repo
-
-```sh
-helm repo add gopaddle https://gopaddle-io.github.io/gopaddle-lite/
-helm repo update
-```
-Install the chart
-
-```sh
-helm install gp-lite gopaddle/gopaddle --namespace gp-lite-4-2 --create-namespace
-```
-
-### Validating the installation
-gopaddle installation can be validated by waiting for the gopaddle services to move to `ready` state.
-
-```sh
-root@localhost:~# kubectl wait --for=condition=ready pod -l released-by=gopaddle -n gp-lite-4-2 --timeout=15m
-pod/webhook-7c49ddfb78-ssvcz condition met
-pod/mongodb-0 condition met
-pod/esearch-0 condition met
-pod/deploymentmanager-65897c7b9c-qlgk8 condition met
-pod/appworker-8546598fd-7svzv condition met
-pod/influxdb-0 condition met
-pod/costmanager-6496dfd6c4-npqj8 condition met
-pod/rabbitmq-0 condition met
-pod/gpcore-85c7c6f65b-5vfmh condition met
-```
-
-One the installation is complete, gopaddle dashboard can be accessed at http://:30003/
-
-NodeIP can be obtained by executing the command below:
-
-```sh
-root@localhost:~# kubectl get nodes -o wide
-```
-
-
-## Getting started with gopaddle
-
-Once the gopaddle lite dashboard is available, developers can open the gopaddle dashboard in the browser, review the evaluation agreement and subscribe to the lite edition.
-
-
-
-
-### Containerize and Deploy
-
-Once the subscription is complete, developers can login to the gopaddle console, using their email ID and the initial password.
-
-In the main dashboard, the **Containerize and Deploy** Quickstart wizard helps to onboard a Source Code project from GitHub using the GitHub personal access token, build and push the generated container image to the Docker Registry. Once the build completes, gopaddle generates the necessary YAML files and deploys the docker image to the local microk8s cluster.
-
-
-
-#### Pre-requisites
-
-[Docker Access Token with Read & Write Permissions](https://www.docker.com/blog/docker-hub-new-personal-access-tokens/)
-
-[GitHub Person Access Token for containerizing Private Repositories](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
-
-In the final step of the Containerize and Deploy Quickstart wizard, enable the option to **Disable TLS verification**.
-
-
-
-All the artificats generated during the process can be edited and re-deployed at a later stage.
-
-### Application Templates - Marketplace
-
-Under Templates, the Marketplace Applications hosts a variety of pre-built Kubernetes templates. Developers can subscribe to these templates and deploy them on the local microk8s cluster.
-
-
-
-## Help
-
-For help related to gopaddle community (lite) edition, visit the gopaddle Help Center at: https://help.gopaddle.io
-
-
diff --git a/charts/gopaddle/gopaddle/values.yaml b/charts/gopaddle/gopaddle/values.yaml
index 12f412ab2..6dc182bfe 100644
--- a/charts/gopaddle/gopaddle/values.yaml
+++ b/charts/gopaddle/gopaddle/values.yaml
@@ -4,6 +4,7 @@ global:
# - edition: Possible values - 'Enterprise' or 'Lite'
# (1) Enterprise - Installs the Enterprise edition of gopaddle
# (2) Lite - Install the community edition of gopaddle
+ # - arch: Possible values - 'amd64' or 'arm64'
# - chart: Sub-chart to be installed.
# 'gp-core' sub-chart has the gopaddle core services.
# 'rabbitmq' sub-chart has the rabbitmq service required for gopaddle build agent.
@@ -14,7 +15,7 @@ global:
# ******************************************************
installer:
edition: Lite
- arch: adm64
+ arch: amd64
chart:
gp-core: true
rabbitmq: true
diff --git a/charts/haproxy/haproxy/Chart.yaml b/charts/haproxy/haproxy/Chart.yaml
index f260ad74b..b5fe66da2 100644
--- a/charts/haproxy/haproxy/Chart.yaml
+++ b/charts/haproxy/haproxy/Chart.yaml
@@ -1,12 +1,12 @@
annotations:
artifacthub.io/changes: |
- - Use Ingress Controller 1.10.2 version for base image
+ - Use Ingress Controller 1.10.4 version for base image
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: haproxy
apiVersion: v2
-appVersion: 1.10.2
+appVersion: 1.10.4
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
@@ -21,4 +21,4 @@ name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
-version: 1.30.5
+version: 1.30.6
diff --git a/charts/intel/intel-device-plugins-operator/Chart.yaml b/charts/intel/intel-device-plugins-operator/Chart.yaml
index d7527fc3b..f9d32b423 100644
--- a/charts/intel/intel-device-plugins-operator/Chart.yaml
+++ b/charts/intel/intel-device-plugins-operator/Chart.yaml
@@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: intel-device-plugins-operator
apiVersion: v2
-appVersion: 0.27.0
+appVersion: 0.27.1
description: A Helm chart for Intel Device Plugins Operator for Kubernetes
icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
name: intel-device-plugins-operator
type: application
-version: 0.27.0
+version: 0.27.1
diff --git a/charts/intel/intel-device-plugins-qat/Chart.yaml b/charts/intel/intel-device-plugins-qat/Chart.yaml
index d5c85b890..1c56c7d5f 100644
--- a/charts/intel/intel-device-plugins-qat/Chart.yaml
+++ b/charts/intel/intel-device-plugins-qat/Chart.yaml
@@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: intel-device-plugins-qat
apiVersion: v2
-appVersion: 0.27.0
+appVersion: 0.27.1
description: A Helm chart for Intel QAT Device Plugin
icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
name: intel-device-plugins-qat
type: application
-version: 0.27.0
+version: 0.27.1
diff --git a/charts/intel/intel-device-plugins-sgx/Chart.yaml b/charts/intel/intel-device-plugins-sgx/Chart.yaml
index 7bc8dbbbe..50ad5d4dc 100644
--- a/charts/intel/intel-device-plugins-sgx/Chart.yaml
+++ b/charts/intel/intel-device-plugins-sgx/Chart.yaml
@@ -4,9 +4,9 @@ annotations:
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: intel-device-plugins-sgx
apiVersion: v2
-appVersion: 0.27.0
+appVersion: 0.27.1
description: A Helm chart for Intel SGX Device Plugin
icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
name: intel-device-plugins-sgx
type: application
-version: 0.27.0
+version: 0.27.1
diff --git a/charts/intel/intel-device-plugins-sgx/templates/sgx.yaml b/charts/intel/intel-device-plugins-sgx/templates/sgx.yaml
index d998d4798..6eeb5f15d 100644
--- a/charts/intel/intel-device-plugins-sgx/templates/sgx.yaml
+++ b/charts/intel/intel-device-plugins-sgx/templates/sgx.yaml
@@ -25,14 +25,16 @@ spec:
- name: "intel.sgx"
labels:
"intel.feature.node.kubernetes.io/sgx": "true"
+ extendedResources:
+ sgx.intel.com/epc: "@cpu.security.sgx.epc"
matchFeatures:
- feature: cpu.cpuid
matchExpressions:
SGX: {op: Exists}
SGXLC: {op: Exists}
- - feature: cpu.sgx
+ - feature: cpu.security
matchExpressions:
- enabled: {op: IsTrue}
+ sgx.enabled: {op: IsTrue}
- feature: kernel.config
matchExpressions:
X86_SGX: {op: Exists}
diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml
index ff62ccd97..2b656980e 100644
--- a/charts/kuma/kuma/Chart.yaml
+++ b/charts/kuma/kuma/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/namespace: kuma-system
catalog.cattle.io/release-name: kuma
apiVersion: v2
-appVersion: 2.2.1
+appVersion: 2.2.2
description: A Helm chart for the Kuma Control Plane
home: https://github.com/kumahq/kuma
icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
@@ -20,4 +20,4 @@ maintainers:
name: nickolaev
name: kuma
type: application
-version: 2.2.1
+version: 2.2.2
diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md
index c02084b6a..81ca544b9 100644
--- a/charts/kuma/kuma/README.md
+++ b/charts/kuma/kuma/README.md
@@ -2,7 +2,7 @@
A Helm chart for the Kuma Control Plane
-  
+  
**Homepage:**
diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock
index d912387f3..0aab180e4 100644
--- a/charts/new-relic/nri-bundle/Chart.lock
+++ b/charts/new-relic/nri-bundle/Chart.lock
@@ -1,7 +1,7 @@
dependencies:
- name: newrelic-infrastructure
repository: https://newrelic.github.io/nri-kubernetes
- version: 3.19.0
+ version: 3.20.0
- name: nri-prometheus
repository: https://newrelic.github.io/nri-prometheus
version: 2.1.16
@@ -28,9 +28,9 @@ dependencies:
version: 2.1.1
- name: pixie-operator-chart
repository: https://pixie-operator-charts.storage.googleapis.com
- version: 0.1.2
+ version: 0.1.4
- name: newrelic-infra-operator
repository: https://newrelic.github.io/newrelic-infra-operator
version: 2.2.1
-digest: sha256:50ecd96c0b1c50e2aae3f2e2511ce2d109e56ea3622dfdc440fe74524ebb9b1e
-generated: "2023-06-15T22:40:52.687794112Z"
+digest: sha256:c67084b781f3a0a9002d9420c65b52ae375d836810f5c6cb26b78bd52f556e5d
+generated: "2023-06-21T20:45:09.905627656Z"
diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml
index 1108289b1..7e1a94310 100644
--- a/charts/new-relic/nri-bundle/Chart.yaml
+++ b/charts/new-relic/nri-bundle/Chart.yaml
@@ -7,7 +7,7 @@ dependencies:
- condition: infrastructure.enabled,newrelic-infrastructure.enabled
name: newrelic-infrastructure
repository: file://./charts/newrelic-infrastructure
- version: 3.19.0
+ version: 3.20.0
- condition: prometheus.enabled,nri-prometheus.enabled
name: nri-prometheus
repository: file://./charts/nri-prometheus
@@ -44,7 +44,7 @@ dependencies:
condition: pixie-chart.enabled
name: pixie-operator-chart
repository: file://./charts/pixie-operator-chart
- version: 0.1.2
+ version: 0.1.4
- condition: newrelic-infra-operator.enabled
name: newrelic-infra-operator
repository: file://./charts/newrelic-infra-operator
@@ -89,4 +89,4 @@ sources:
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
- https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
- https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
-version: 5.0.19
+version: 5.0.20
diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml
index d90aff0bf..a0fc1e4e2 100644
--- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml
+++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml
@@ -1,5 +1,5 @@
apiVersion: v2
-appVersion: 3.14.0
+appVersion: 3.15.0
dependencies:
- name: common-library
repository: https://helm-charts.newrelic.com
@@ -35,4 +35,4 @@ sources:
- https://github.com/newrelic/nri-kubernetes/
- https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure
- https://github.com/newrelic/infrastructure-agent/
-version: 3.19.0
+version: 3.20.0
diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml
index 44b5f8f44..ab149bb74 100644
--- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml
+++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml
@@ -23,14 +23,14 @@ images:
forwarder:
registry: ""
repository: newrelic/k8s-events-forwarder
- tag: 1.42.3
+ tag: 1.43.0
pullPolicy: IfNotPresent
# -- Image for the New Relic Infrastructure Agent plus integrations.
# @default -- See `values.yaml`
agent:
registry: ""
repository: newrelic/infrastructure-bundle
- tag: 3.2.4
+ tag: 3.2.7
pullPolicy: IfNotPresent
# -- Image for the New Relic Kubernetes integration.
# @default -- See `values.yaml`
diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml
index 783192a8c..55b9bdfda 100644
--- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml
+++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/Chart.yaml
@@ -1,4 +1,4 @@
apiVersion: v2
name: pixie-operator-chart
type: application
-version: 0.1.2
+version: 0.1.4
diff --git a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml
index 960029618..038bd9b70 100644
--- a/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml
+++ b/charts/new-relic/nri-bundle/charts/pixie-operator-chart/templates/deleter.yaml
@@ -19,7 +19,7 @@ spec:
fieldPath: metadata.namespace
- name: PL_VIZIER_NAME
value: '{{ .Values.name }}'
- image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.1.2
+ image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.1.4
name: delete-job
restartPolicy: Never
serviceAccountName: pl-deleter-service-account
diff --git a/charts/pixie/pixie-operator-chart/Chart.yaml b/charts/pixie/pixie-operator-chart/Chart.yaml
index 350c5e611..99caf472a 100644
--- a/charts/pixie/pixie-operator-chart/Chart.yaml
+++ b/charts/pixie/pixie-operator-chart/Chart.yaml
@@ -6,4 +6,4 @@ apiVersion: v2
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/pixie/icon/color/pixie-icon-color.svg
name: pixie-operator-chart
type: application
-version: 0.1.301
+version: 0.1.401
diff --git a/charts/pixie/pixie-operator-chart/templates/deleter.yaml b/charts/pixie/pixie-operator-chart/templates/deleter.yaml
index c7ebd232a..038bd9b70 100644
--- a/charts/pixie/pixie-operator-chart/templates/deleter.yaml
+++ b/charts/pixie/pixie-operator-chart/templates/deleter.yaml
@@ -19,7 +19,7 @@ spec:
fieldPath: metadata.namespace
- name: PL_VIZIER_NAME
value: '{{ .Values.name }}'
- image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.1.3
+ image: gcr.io/pixie-oss/pixie-prod/operator/vizier_deleter:0.1.4
name: delete-job
restartPolicy: Never
serviceAccountName: pl-deleter-service-account
diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock
index aeac498f2..0e01f84e7 100644
--- a/charts/redpanda/redpanda/Chart.lock
+++ b/charts/redpanda/redpanda/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
repository: https://charts.redpanda.com
version: 0.6.6
digest: sha256:af20a82c5cb646895892b783bdcfc50ca41f3f67ec14606c40236969c6a166e4
-generated: "2023-06-20T14:40:23.650823928Z"
+generated: "2023-06-22T15:05:08.850034033Z"
diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml
index 636185c4c..5c16b2884 100644
--- a/charts/redpanda/redpanda/Chart.yaml
+++ b/charts/redpanda/redpanda/Chart.yaml
@@ -4,6 +4,8 @@ annotations:
image: docker.redpanda.com/redpandadata/redpanda:v23.1.10
- name: busybox
image: busybox:latest
+ - name: mintel/docker-alpine-bash-curl-jq
+ image: mintel/docker-alpine-bash-curl-jq:latest
artifacthub.io/license: Apache-2.0
artifacthub.io/links: |
- name: Documentation
@@ -31,4 +33,4 @@ name: redpanda
sources:
- https://github.com/redpanda-data/helm-charts
type: application
-version: 4.0.42
+version: 4.0.45
diff --git a/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml b/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml
index 6754d4572..012fd1beb 100644
--- a/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml
+++ b/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml
@@ -14,8 +14,10 @@
# limitations under the License.
statefulset:
replicas: 1
+
tls:
enabled: true
+
auth:
sasl:
enabled: true
diff --git a/charts/redpanda/redpanda/ci/13-loadbalancer-tls-values.yaml b/charts/redpanda/redpanda/ci/13-loadbalancer-tls-values.yaml
new file mode 100644
index 000000000..255976b1e
--- /dev/null
+++ b/charts/redpanda/redpanda/ci/13-loadbalancer-tls-values.yaml
@@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+external:
+ enabled: true
+ type: LoadBalancer
+ # If specified, then it will be appended to the `external.addresses` values as each broker's advertised address
+ domain: random-domain
+
+tls:
+ enabled: true
+ certs:
+ default:
+ caEnabled: true
+ external:
+ secretRef:
+ name: external-tls-secret
+ caEnabled: true
diff --git a/charts/redpanda/redpanda/templates/service.loadbalancer.yaml b/charts/redpanda/redpanda/templates/service.loadbalancer.yaml
index 24de7d5ac..3147aaf0d 100644
--- a/charts/redpanda/redpanda/templates/service.loadbalancer.yaml
+++ b/charts/redpanda/redpanda/templates/service.loadbalancer.yaml
@@ -82,7 +82,7 @@ spec:
{{- if $enabled }}
- name: schema-{{ $name }}
protocol: TCP
- targetPort: {{ $values.listeners.schemaRegistry.port }}
+ targetPort: {{ $listener.port }}
port: {{ dig "nodePort" (first (dig "advertisedPorts" (list $listener.port) $listener)) $listener }}
{{- end }}
{{- end }}
diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml
index 7a360abd3..525ae4541 100644
--- a/charts/redpanda/redpanda/templates/statefulset.yaml
+++ b/charts/redpanda/redpanda/templates/statefulset.yaml
@@ -331,6 +331,9 @@ spec:
- /bin/bash # could be expanded for multiple scripts
- -c
- /etc/secrets/config-watcher/scripts/sasl-user.sh
+ {{- if get .Values.statefulset.sideCars.configWatcher "resources" }}
+ resources: {{- toYaml .Values.statefulset.sideCars.configWatcher.resources | nindent 12 }}
+ {{- end }}
volumeMounts:
- name: {{ template "redpanda.fullname" . }}-config-watcher
mountPath: /etc/secrets/config-watcher/scripts
diff --git a/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml b/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml
index 90a0df166..bf567c29f 100644
--- a/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml
+++ b/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml
@@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
-{{- if (include "tls-enabled" . | fromJson).bool }}
+{{- if and (include "tls-enabled" . | fromJson).bool ( eq .Values.external.types "NodePort" ) }}
{{- $values := .Values }}
{{- $root := deepCopy . }}
apiVersion: v1
diff --git a/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml b/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml
new file mode 100644
index 000000000..df5637103
--- /dev/null
+++ b/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml
@@ -0,0 +1,152 @@
+{{/*
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+{{- if and .Values.tls.enabled ( eq .Values.external.type "LoadBalancer" ) -}}
+ {{- $values := .Values }}
+ {{- $root := deepCopy . }}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "redpanda.fullname" . }}-test-loadbalancer-tls
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- with include "full.labels" . }}
+ {{- . | nindent 4 }}
+ {{- end }}
+ annotations:
+ "helm.sh/hook": test
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ serviceAccountName: redpanda-user
+ restartPolicy: Never
+ securityContext:
+ runAsUser: 65535
+ runAsGroup: 65535
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml . | nindent 4 }}
+ {{- end }}
+ containers:
+ - name: {{ template "redpanda.name" . }}
+ image: mintel/docker-alpine-bash-curl-jq:latest
+ command:
+ - bash
+ - -c
+ - |
+ set -x
+ export APISERVER=https://kubernetes.default.svc
+ export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+ export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
+ export TOKEN=$(cat ${SERVICEACCOUNT}/token)
+ export CACERT=${SERVICEACCOUNT}/ca.crt
+
+ ip_list=""
+
+ replicas={{ .Values.statefulset.replicas }}
+ if [ "${replicas}" -lt "1" ]; then
+ echo "replicas cannot be less than 1"
+ exit 1
+ fi
+
+ range=$(expr $replicas - 1)
+ ordinal_list=$(seq 0 $range)
+
+ set -e
+
+ for i in $ordinal_list
+ do
+ POD_DESC=$(curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
+ -X GET ${APISERVER}/api/v1/namespaces/{{ .Release.Namespace }}/services/lb-{{ template "redpanda.fullname" . }}-$i)
+ ip=$(echo $POD_DESC | jq -r .status.loadBalancer.ingress[0].ip )
+ ip_list="$ip $ip_list"
+ done
+
+ echo test will be run against $ip_list
+ echo testing LoadBalancer connectivity
+
+ {{- range $name, $cert := $values.tls.certs }}
+ {{- if $cert.secretRef }}
+ {{- if eq $cert.secretRef.name "external-tls-secret" }}
+ echo "---> testing external tls"
+
+ {{- if eq $values.listeners.kafka.external.default.tls.cert $name }}
+ echo "-----> testing external tls: kafka api"
+ {{- $port := ( first $values.listeners.kafka.external.default.advertisedPorts ) }}
+
+ for ip in $ip_list
+ do
+ openssl s_client -verify_return_error -prexit \
+ {{- if $cert.caEnabled -}}
+ -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \
+ {{- end -}}
+ -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key -connect $ip:{{ $port }}
+ done
+ {{- end }}
+
+ {{- if (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }}
+ {{- if eq $values.listeners.schemaRegistry.external.default.tls.cert $name }}
+ echo "-----> testing external tls: schema registry"
+ {{- $port := ( first $values.listeners.schemaRegistry.external.default.advertisedPorts ) }}
+ for ip in $ip_list
+ do
+ openssl s_client -verify_return_error -prexit \
+ {{- if $cert.caEnabled -}}
+ -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \
+ {{- end -}}
+ -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key -connect $ip:{{ $port }}
+ done
+ {{- end }}
+
+ {{- if eq $values.listeners.http.external.default.tls.cert $name }}
+ echo "-----> testing external tls: http api"
+ {{- $port := ( first $values.listeners.http.external.default.advertisedPorts ) }}
+ for ip in $ip_list
+ do
+ openssl s_client -verify_return_error -prexit \
+ {{- if $cert.caEnabled -}}
+ -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \
+ {{- end -}}
+ -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key -connect $ip:{{ $port }}
+ done
+ {{- end }}
+ {{- end }}
+
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ {{- range $name, $cert := .Values.tls.certs }}
+ - name: redpanda-{{ $name }}-cert
+ mountPath: {{ printf "/etc/tls/certs/%s" $name }}
+ {{- end }}
+ volumes:
+ {{- range $name, $cert := .Values.tls.certs }}
+ {{- $r := set $root "tempCert" ( dict "name" $name "cert" $cert ) }}
+ - name: redpanda-{{ $name }}-cert
+ secret:
+ defaultMode: 420
+ items:
+ - key: tls.key
+ path: tls.key
+ - key: tls.crt
+ path: tls.crt
+ {{- if $cert.caEnabled }}
+ - key: ca.crt
+ path: ca.crt
+ {{- end }}
+ secretName: {{ template "cert-secret-name" $r }}
+ {{- end }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml b/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml
new file mode 100644
index 000000000..9a2820671
--- /dev/null
+++ b/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml
@@ -0,0 +1,153 @@
+{{/*
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */}}
+{{- if and .Values.tls.enabled ( eq .Values.external.type "NodePort" ) -}}
+ {{- $values := .Values }}
+ {{- $root := deepCopy . }}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "redpanda.fullname" . }}-test-nodeport-tls
+ namespace: {{ .Release.Namespace | quote }}
+ labels:
+ {{- with include "full.labels" . }}
+ {{- . | nindent 4 }}
+ {{- end }}
+ annotations:
+ "helm.sh/hook": test
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ serviceAccountName: redpanda-user
+ restartPolicy: Never
+ securityContext:
+ runAsUser: 65535
+ runAsGroup: 65535
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets: {{- toYaml . | nindent 4 }}
+ {{- end }}
+ containers:
+ - name: {{ template "redpanda.name" . }}
+ image: mintel/docker-alpine-bash-curl-jq:latest
+ command:
+ - bash
+ - -c
+ - |
+ set -x
+ export APISERVER=https://kubernetes.default.svc
+ export SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
+ export NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
+ export TOKEN=$(cat ${SERVICEACCOUNT}/token)
+ export CACERT=${SERVICEACCOUNT}/ca.crt
+
+ ip_list=""
+
+ replicas={{ .Values.statefulset.replicas }}
+ if [ "${replicas}" -lt "1" ]; then
+ echo "replicas cannot be less than 1"
+ exit 1
+ fi
+
+ range=$(expr $replicas - 1)
+ ordinal_list=$(seq 0 $range)
+
+ set -e
+
+ for i in $ordinal_list
+ do
+ POD_DESC=$(curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" \
+ -X GET ${APISERVER}/api/v1/namespaces/{{ .Release.Namespace }}/pods/{{ template "redpanda.fullname" . }}-$i)
+ ip=$(echo $POD_DESC | jq -r .status.hostIP )
+ ip_list="$ip $ip_list"
+ done
+
+ echo test will be run against $ip_list
+ echo testing NodePort connectivity
+ {{- range $name, $cert := $values.tls.certs }}
+ {{- if $cert.secretRef }}
+ {{- if eq $cert.secretRef.name "external-tls-secret" }}
+ echo "---> testing external tls"
+
+ {{- if eq $values.listeners.kafka.external.default.tls.cert $name }}
+ echo "-----> testing external tls: kafka api"
+ {{- $port := ( first $values.listeners.kafka.external.default.advertisedPorts ) }}
+ for ip in $ip_list
+ do
+ openssl s_client -verify_return_error -prexit \
+ {{- if $cert.caEnabled }}
+ -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \
+ {{- end }}
+ -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \
+ -connect ${ip}:{{ $port }}
+ done
+ {{- end }}
+
+ {{- if (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }}
+ {{- if eq $values.listeners.schemaRegistry.external.default.tls.cert $name }}
+ echo "-----> testing external tls: schema registry"
+ {{- $port := ( first $values.listeners.schemaRegistry.external.default.advertisedPorts ) }}
+ for ip in $ip_list
+ do
+ openssl s_client -verify_return_error -prexit \
+ {{- if $cert.caEnabled }}
+ -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \
+ {{- end }}
+ -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \
+ -connect ${ip}:{{ $port }}
+ done
+ {{- end }}
+
+ {{- if eq $values.listeners.http.external.default.tls.cert $name }}
+ echo "-----> testing external tls: http api"
+ {{- $port := ( first $values.listeners.http.external.default.advertisedPorts ) }}
+ for ip in $ip_list
+ do
+ openssl s_client -verify_return_error -prexit \
+ {{- if $cert.caEnabled }}
+ -CAfile {{ printf "/etc/tls/certs/%s" $name }}/ca.crt \
+ {{- end }}
+ -key {{ printf "/etc/tls/certs/%s" $name }}/tls.key \
+ -connect ${ip}:{{ $port }}
+ done
+ {{- end }}
+ {{- end }}
+
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ {{- range $name, $cert := .Values.tls.certs }}
+ - name: redpanda-{{ $name }}-cert
+ mountPath: {{ printf "/etc/tls/certs/%s" $name }}
+ {{- end }}
+ volumes:
+ {{- range $name, $cert := .Values.tls.certs }}
+ {{- $r := set $root "tempCert" ( dict "name" $name "cert" $cert ) }}
+ - name: redpanda-{{ $name }}-cert
+ secret:
+ defaultMode: 420
+ items:
+ - key: tls.key
+ path: tls.key
+ - key: tls.crt
+ path: tls.crt
+ {{- if $cert.caEnabled }}
+ - key: ca.crt
+ path: ca.crt
+ {{- end }}
+ secretName: {{ template "cert-secret-name" $r }}
+ {{- end }}
+
+{{- end -}}
\ No newline at end of file
diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml
index 8868cc53c..fea725d73 100644
--- a/charts/speedscale/speedscale-operator/Chart.yaml
+++ b/charts/speedscale/speedscale-operator/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: speedscale-operator
apiVersion: v1
-appVersion: 1.3.117
+appVersion: 1.3.122
description: Stress test your APIs with real world scenarios. Collect and replay
traffic without scripting.
home: https://speedscale.com
@@ -24,4 +24,4 @@ maintainers:
- email: support@speedscale.com
name: Speedscale Support
name: speedscale-operator
-version: 1.3.16
+version: 1.3.17
diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md
index e7d8b4c4d..0c0e7b4f5 100644
--- a/charts/speedscale/speedscale-operator/README.md
+++ b/charts/speedscale/speedscale-operator/README.md
@@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
-### Upgrade to 1.3.16
+### Upgrade to 1.3.17
```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.16/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.17/templates/crds/trafficreplays.yaml
```
### Upgrade to 1.1.0
diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md
index e7d8b4c4d..0c0e7b4f5 100644
--- a/charts/speedscale/speedscale-operator/app-readme.md
+++ b/charts/speedscale/speedscale-operator/app-readme.md
@@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
-### Upgrade to 1.3.16
+### Upgrade to 1.3.17
```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.16/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.17/templates/crds/trafficreplays.yaml
```
### Upgrade to 1.1.0
diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml
index 638f15b60..048a3f95a 100644
--- a/charts/speedscale/speedscale-operator/values.yaml
+++ b/charts/speedscale/speedscale-operator/values.yaml
@@ -20,7 +20,7 @@ clusterName: "my-cluster"
# Speedscale components image settings.
image:
registry: gcr.io/speedscale
- tag: v1.3.117
+ tag: v1.3.122
pullPolicy: Always
# Log level for Speedscale components.
diff --git a/charts/weka/csi-wekafsplugin/CHANGELOG.md b/charts/weka/csi-wekafsplugin/CHANGELOG.md
index 3fed993ba..ebaf0bb83 100644
--- a/charts/weka/csi-wekafsplugin/CHANGELOG.md
+++ b/charts/weka/csi-wekafsplugin/CHANGELOG.md
@@ -1,8 +1,17 @@
## What's Changed
-### Bug Fixes
-* fix(CSI-74): no error returned when fetching info from weka cluster fails by @dontbreakit & @sergeyberezansky in https://github.com/weka/csi-wekafs/pull/102
-* fix(CSI-107): revert csi-attacher by @dontbreakit in https://github.com/weka/csi-wekafs/pull/103
+### New features
+* feat(CSI-67): sign helm chart by @dontbreakit in https://github.com/weka/csi-wekafs/pull/116
+
+
+### Security
+* fix(CSI-109): update registry.k8s.io/sig-storage/csi-snapshotter to v6.2.2 by @renovate in https://github.com/weka/csi-wekafs/pull/113
+* update Golang dependencies for the csi binary
+ * fix(deps): update module golang.org/x/sync to v0.3.0 by @renovate in https://github.com/weka/csi-wekafs/pull/105
+ * fix(deps): update module k8s.io/apimachinery to v0.27.3 by @renovate in https://github.com/weka/csi-wekafs/pull/106
+ * fix(deps): update module github.com/prometheus/client_golang to v1.16.0 by @renovate in https://github.com/weka/csi-wekafs/pull/107
+ * fix(deps): update module google.golang.org/grpc to v1.56.1 by @renovate in https://github.com/weka/csi-wekafs/pull/108
+ * fix(deps): update module github.com/kubernetes-csi/csi-lib-utils to v0.14.0 by @renovate in https://github.com/weka/csi-wekafs/pull/117
diff --git a/charts/weka/csi-wekafsplugin/Chart.yaml b/charts/weka/csi-wekafsplugin/Chart.yaml
index 444d93ba0..f7351256b 100644
--- a/charts/weka/csi-wekafsplugin/Chart.yaml
+++ b/charts/weka/csi-wekafsplugin/Chart.yaml
@@ -1,14 +1,17 @@
annotations:
artifacthub.io/category: storage
- artifacthub.io/containsSecurityUpdates: "false"
+ artifacthub.io/containsSecurityUpdates: "true"
artifacthub.io/license: Apache-2.0
artifacthub.io/prerelease: "false"
+ artifacthub.io/signKey: |
+ fingerprint: BA9F2D31BE9193E01FA17450BCE0A5CF67AC0C59
+ url: https://weka.github.io/csi-wekafs/csi-public.gpg
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: WekaFS CSI Driver
catalog.cattle.io/kube-version: '>=1.18.0'
catalog.cattle.io/release-name: csi-wekafsplugin
apiVersion: v2
-appVersion: v2.0.1
+appVersion: v2.1.0
description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI)
plugin for WekaFS - the world fastest filesystem
home: https://github.com/weka/csi-wekafs
@@ -24,6 +27,6 @@ maintainers:
url: https://weka.io
name: csi-wekafsplugin
sources:
-- https://github.com/weka/csi-wekafs/tree/v2.0.1
+- https://github.com/weka/csi-wekafs/tree/v2.1.0
type: application
-version: 2.0.1
+version: 2.1.0
diff --git a/charts/weka/csi-wekafsplugin/README.md b/charts/weka/csi-wekafsplugin/README.md
index 559b737df..815b513d7 100644
--- a/charts/weka/csi-wekafsplugin/README.md
+++ b/charts/weka/csi-wekafsplugin/README.md
@@ -3,7 +3,7 @@ Helm chart for Deployment of WekaIO Container Storage Interface (CSI) plugin for
[](https://opensource.org/licenses/Apache-2.0)
[](https://artifacthub.io/packages/search?repo=csi-wekafs)
-  
+  
## Homepage
https://github.com/weka/csi-wekafs
@@ -56,15 +56,15 @@ Kubernetes: `>=1.18.0`
|-----|------|---------|-------------|
| dynamicProvisionPath | string | `"csi-volumes"` | Directory in root of file system where dynamic volumes are provisioned |
| csiDriverName | string | `"csi.weka.io"` | Name of the driver (and provisioner) |
-| csiDriverVersion | string | `"2.0.1"` | CSI driver version |
+| csiDriverVersion | string | `"2.1.0"` | CSI driver version |
| images.livenessprobesidecar | string | `"registry.k8s.io/sig-storage/livenessprobe:v2.10.0"` | CSI liveness probe sidecar image URL |
| images.attachersidecar | string | `"registry.k8s.io/sig-storage/csi-attacher:v4.3.0"` | CSI attacher sidecar image URL |
| images.provisionersidecar | string | `"registry.k8s.io/sig-storage/csi-provisioner:v3.5.0"` | CSI provisioner sidecar image URL |
| images.registrarsidecar | string | `"registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0"` | CSI registrar sidercar |
| images.resizersidecar | string | `"registry.k8s.io/sig-storage/csi-resizer:v1.8.0"` | CSI resizer sidecar image URL |
-| images.snapshottersidecar | string | `"registry.k8s.io/sig-storage/csi-snapshotter:v6.2.1"` | CSI snapshotter sidecar image URL |
+| images.snapshottersidecar | string | `"registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2"` | CSI snapshotter sidecar image URL |
| images.csidriver | string | `"quay.io/weka.io/csi-wekafs"` | CSI driver main image URL |
-| images.csidriverTag | string | `"2.0.1"` | CSI driver tag |
+| images.csidriverTag | string | `"2.1.0"` | CSI driver tag |
| globalPluginTolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"}]` | Tolerations for all CSI driver components |
| controllerPluginTolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"}]` | Tolerations for CSI controller component only (by default same as global) |
| nodePluginTolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"}]` | Tolerations for CSI node component only (by default same as global) |
diff --git a/charts/weka/csi-wekafsplugin/values.yaml b/charts/weka/csi-wekafsplugin/values.yaml
index bd1818ec6..df102f978 100644
--- a/charts/weka/csi-wekafsplugin/values.yaml
+++ b/charts/weka/csi-wekafsplugin/values.yaml
@@ -5,7 +5,7 @@ dynamicProvisionPath: "csi-volumes"
# -- Name of the driver (and provisioner)
csiDriverName: "csi.weka.io"
# -- CSI driver version
-csiDriverVersion: &csiDriverVersion 2.0.1
+csiDriverVersion: &csiDriverVersion 2.1.0
images:
# -- CSI liveness probe sidecar image URL
livenessprobesidecar: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
@@ -18,7 +18,7 @@ images:
# -- CSI resizer sidecar image URL
resizersidecar: registry.k8s.io/sig-storage/csi-resizer:v1.8.0
# -- CSI snapshotter sidecar image URL
- snapshottersidecar: registry.k8s.io/sig-storage/csi-snapshotter:v6.2.1
+ snapshottersidecar: registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2
# -- CSI driver main image URL
csidriver: quay.io/weka.io/csi-wekafs
# -- CSI driver tag
diff --git a/index.yaml b/index.yaml
index fca577dd0..432f47b91 100644
--- a/index.yaml
+++ b/index.yaml
@@ -1182,6 +1182,47 @@ entries:
- assets/ambassador/ambassador-6.7.1100.tgz
version: 6.7.1100
argo-cd:
+ - annotations:
+ artifacthub.io/changes: |
+ - kind: changed
+ description: Upgrade Argo CD to v2.7.6
+ - kind: changed
+ description: applicationSet.containerPorts.metrics to 8085
+ artifacthub.io/signKey: |
+ fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
+ url: https://argoproj.github.io/argo-helm/pgp_keys.asc
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Argo CD
+ catalog.cattle.io/kube-version: '>=1.23.0-0'
+ catalog.cattle.io/release-name: argo-cd
+ apiVersion: v2
+ appVersion: v2.7.6
+ created: "2023-06-22T17:04:52.527211154Z"
+ dependencies:
+ - condition: redis-ha.enabled
+ name: redis-ha
+ repository: file://./charts/redis-ha
+ version: 4.23.0
+ description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery
+ tool for Kubernetes.
+ digest: 1fd968cf9a6af74a88f54b34e0804554f84775a5c7945e767792bdbe4ae4bdf7
+ home: https://github.com/argoproj/argo-helm
+ icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
+ keywords:
+ - argoproj
+ - argocd
+ - gitops
+ kubeVersion: '>=1.23.0-0'
+ maintainers:
+ - name: argoproj
+ url: https://argoproj.github.io/
+ name: argo-cd
+ sources:
+ - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd
+ - https://github.com/argoproj/argo-cd
+ urls:
+ - assets/argo/argo-cd-5.36.6.tgz
+ version: 5.36.6
- annotations:
artifacthub.io/changes: |
- kind: added
@@ -7899,6 +7940,28 @@ entries:
urls:
- assets/codefresh/cf-runtime-1.7.8.tgz
version: 1.7.8
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Codefresh
+ catalog.cattle.io/kube-version: '>=1.18-0'
+ catalog.cattle.io/release-name: cf-runtime
+ apiVersion: v2
+ created: "2023-06-22T17:04:55.327811908Z"
+ description: A Helm chart for Codefresh Runner
+ digest: 7b4be556cd168420dde71eb39f7dd8c84d20016b6d52380469837746028f448d
+ home: https://github.com/codefresh-io/venona
+ icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
+ keywords:
+ - codefresh
+ - runner
+ kubeVersion: '>=1.18-0'
+ maintainers:
+ - name: codefresh
+ url: https://codefresh-io.github.io/
+ name: cf-runtime
+ urls:
+ - assets/codefresh/cf-runtime-1.0.8.tgz
+ version: 1.0.8
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
@@ -8930,6 +8993,27 @@ entries:
- assets/cloudcasa/cloudcasa-0.1.000.tgz
version: 0.1.000
cockroachdb:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: CockroachDB
+ catalog.cattle.io/kube-version: '>=1.8-0'
+ catalog.cattle.io/release-name: cockroachdb
+ apiVersion: v1
+ appVersion: 23.1.4
+ created: "2023-06-22T17:04:55.313651112Z"
+ description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
+ digest: 578f995c9db6c922a53d1dc250510a3ae2533f38c55534c8390808b79c93dc7c
+ home: https://www.cockroachlabs.com
+ icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
+ maintainers:
+ - email: helm-charts@cockroachlabs.com
+ name: cockroachlabs
+ name: cockroachdb
+ sources:
+ - https://github.com/cockroachdb/cockroach
+ urls:
+ - assets/cockroach-labs/cockroachdb-11.0.3.tgz
+ version: 11.0.3
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: CockroachDB
@@ -11294,6 +11378,42 @@ entries:
- assets/dell/csi-vxflexos-2.1.0.tgz
version: 2.1.0
csi-wekafsplugin:
+ - annotations:
+ artifacthub.io/category: storage
+ artifacthub.io/containsSecurityUpdates: "true"
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/prerelease: "false"
+ artifacthub.io/signKey: |
+ fingerprint: BA9F2D31BE9193E01FA17450BCE0A5CF67AC0C59
+ url: https://weka.github.io/csi-wekafs/csi-public.gpg
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: WekaFS CSI Driver
+ catalog.cattle.io/kube-version: '>=1.18.0'
+ catalog.cattle.io/release-name: csi-wekafsplugin
+ apiVersion: v2
+ appVersion: v2.1.0
+ created: "2023-06-22T17:04:59.686930746Z"
+ description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI)
+ plugin for WekaFS - the world fastest filesystem
+ digest: 056266cf393a509e98a7b2129fe49a42b6f022e62a40ce963ed1c6cfe103f033
+ home: https://github.com/weka/csi-wekafs
+ icon: https://weka.github.io/csi-wekafs/logo.png
+ keywords:
+ - storage
+ - filesystem
+ - HPC
+ kubeVersion: '>=1.18.0'
+ maintainers:
+ - email: csi@weka.io
+ name: WekaIO, Inc.
+ url: https://weka.io
+ name: csi-wekafsplugin
+ sources:
+ - https://github.com/weka/csi-wekafs/tree/v2.1.0
+ type: application
+ urls:
+ - assets/weka/csi-wekafsplugin-2.1.0.tgz
+ version: 2.1.0
- annotations:
artifacthub.io/category: storage
artifacthub.io/containsSecurityUpdates: "false"
@@ -11416,6 +11536,43 @@ entries:
- assets/weka/csi-wekafsplugin-0.6.400.tgz
version: 0.6.400
datadog:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Datadog
+ catalog.cattle.io/kube-version: '>=1.10-0'
+ catalog.cattle.io/release-name: datadog
+ apiVersion: v1
+ appVersion: "7"
+ created: "2023-06-22T17:04:55.751408902Z"
+ dependencies:
+ - condition: clusterAgent.metricsProvider.useDatadogMetrics
+ name: datadog-crds
+ repository: https://helm.datadoghq.com
+ tags:
+ - install-crds
+ version: 0.4.7
+ - condition: datadog.kubeStateMetricsEnabled
+ name: kube-state-metrics
+ repository: https://prometheus-community.github.io/helm-charts
+ version: 2.13.2
+ description: Datadog Agent
+ digest: a8a9c6cfb9faa7f7a51dda223a9e35005f4a02c1b972107f1ca3c5bf7ecc5f06
+ home: https://www.datadoghq.com
+ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png
+ keywords:
+ - monitoring
+ - alerting
+ - metric
+ maintainers:
+ - email: support@datadoghq.com
+ name: Datadog
+ name: datadog
+ sources:
+ - https://app.datadoghq.com/account/settings#agent/kubernetes
+ - https://github.com/DataDog/datadog-agent
+ urls:
+ - assets/datadog/datadog-3.32.4.tgz
+ version: 3.32.4
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Datadog
@@ -13410,6 +13567,29 @@ entries:
- assets/dkube/dkube-deployer-1.0.601.tgz
version: 1.0.601
dxemssql:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
+ catalog.cattle.io/kube-version: '>= 1.20.0-0'
+ catalog.cattle.io/release-name: dxemssql
+ charts.openshift.io/name: DxEnterprise for Microsoft SQL AG
+ apiVersion: v2
+ appVersion: "22.0"
+ created: "2023-06-22T17:04:55.872725612Z"
+ description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server
+ availability groups
+ digest: 82de7238fcf99e99263f9c3ed645796d2b4cf0f2f35bcea8e47a1b553a6f3334
+ icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
+ kubeVersion: '>= 1.20.0-0'
+ maintainers:
+ - email: support@dh2i.com
+ name: DH2i Company
+ url: https://dh2i.com
+ name: dxemssql
+ type: application
+ urls:
+ - assets/dh2i/dxemssql-1.0.4.tgz
+ version: 1.0.4
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
@@ -13556,6 +13736,33 @@ entries:
- assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000
dynatrace-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Dynatrace Operator
+ catalog.cattle.io/kube-version: '>=1.19.0-0'
+ catalog.cattle.io/release-name: dynatrace-operator
+ apiVersion: v2
+ appVersion: 0.12.0
+ created: "2023-06-22T17:04:55.904508479Z"
+ description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
+ digest: a302498cfe0de31f650950fefb7a476c70e2cb9ae0d6aacc4dd4d737218e6930
+ home: https://www.dynatrace.com/
+ icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
+ kubeVersion: '>=1.19.0-0'
+ maintainers:
+ - email: marcell.sevcsik@dynatrace.com
+ name: 0sewa0
+ - email: christoph.muellner@dynatrace.com
+ name: chrismuellner
+ - email: lukas.hinterreiter@dynatrace.com
+ name: luhi-DT
+ name: dynatrace-operator
+ sources:
+ - https://github.com/Dynatrace/dynatrace-operator
+ type: application
+ urls:
+ - assets/dynatrace/dynatrace-operator-0.12.0.tgz
+ version: 0.12.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dynatrace Operator
@@ -14438,6 +14645,38 @@ entries:
- assets/f5/f5-bigip-ctlr-0.0.1901.tgz
version: 0.0.1901
falcon-sensor:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: CrowdStrike Falcon Platform
+ catalog.cattle.io/kube-version: '>1.22.0-0'
+ catalog.cattle.io/release-name: falcon-sensor
+ apiVersion: v2
+ appVersion: 1.20.1
+ created: "2023-06-22T17:04:55.421223023Z"
+ description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes
+ clusters.
+ digest: 2daa1ce6633c2e951d73b0ebd2305291595eebeb9767cd12385402aee58548c2
+ home: https://crowdstrike.com
+ icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
+ keywords:
+ - CrowdStrike
+ - Falcon
+ - EDR
+ - kubernetes
+ - security
+ - monitoring
+ - alerting
+ kubeVersion: '>1.22.0-0'
+ maintainers:
+ - email: integrations@crowdstrike.com
+ name: CrowdStrike Solutions Architecture
+ name: falcon-sensor
+ sources:
+ - https://github.com/CrowdStrike/falcon-helm
+ type: application
+ urls:
+ - assets/crowdstrike/falcon-sensor-1.20.1.tgz
+ version: 1.20.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: CrowdStrike Falcon Platform
@@ -16023,6 +16262,45 @@ entries:
- assets/gluu/gluu-5.0.10.tgz
version: 5.0.10
gopaddle:
+ - annotations:
+ artifacthub.io/changes: |-
+ - kind: added
+ description: Docker Compose based installer for Docker Desktop extension
+ - kind: changed
+ description: Docker Image size optimization for faster installation
+ - kind: added
+ description: Gitlab person access token support added
+ - kind: changed
+ description: EKS cluster create - UX improvements for Master role ARN, Node role ARN & ALB role
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: gopaddle
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/namespace: gp-lite-4-2
+ catalog.cattle.io/release-name: gopaddle
+ apiVersion: v2
+ appVersion: 4.2.7
+ created: "2023-06-22T17:04:56.145567812Z"
+ dependencies:
+ - condition: global.installer.chart.gp-core
+ name: gp-core
+ repository: file://./charts/gp-core
+ - condition: global.installer.chart.rabbitmq
+ name: gp-rabbitmq
+ repository: file://./charts/gp-rabbitmq
+ description: Simple low-code platform for Kubernetes developers and operators
+ digest: 8e0392099c800635e94645b39aae0d554cede36c4a30fb08513d36dba03b10a7
+ home: https://gopaddle.io
+ icon: https://gopaddle-marketing.s3.ap-southeast-2.amazonaws.com/gopaddle.png
+ keywords:
+ - low-code
+ - Internal Developer Platform
+ - PaaS
+ - Community Edition
+ kubeVersion: '>=1.21-0'
+ name: gopaddle
+ urls:
+ - assets/gopaddle/gopaddle-4.2.7.tgz
+ version: 4.2.7
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: gopaddle
@@ -16084,6 +16362,34 @@ entries:
- assets/gopaddle/gopaddle-4.2.5.tgz
version: 4.2.5
haproxy:
+ - annotations:
+ artifacthub.io/changes: |
+ - Use Ingress Controller 1.10.4 version for base image
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
+ catalog.cattle.io/kube-version: '>=1.22.0-0'
+ catalog.cattle.io/release-name: haproxy
+ apiVersion: v2
+ appVersion: 1.10.4
+ created: "2023-06-22T17:04:56.190921179Z"
+ description: A Helm chart for HAProxy Kubernetes Ingress Controller
+ digest: ddfb0c720bb03d589faa30125a1e8713681246d6f7419588b511d89018fca0c9
+ home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
+ icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png
+ keywords:
+ - ingress
+ - haproxy
+ kubeVersion: '>=1.22.0-0'
+ maintainers:
+ - email: dkorunic@haproxy.com
+ name: Dinko Korunic
+ name: haproxy
+ sources:
+ - https://github.com/haproxytech/kubernetes-ingress
+ type: application
+ urls:
+ - assets/haproxy/haproxy-1.30.6.tgz
+ version: 1.30.6
- annotations:
artifacthub.io/changes: |
- Use Ingress Controller 1.10.2 version for base image
@@ -17664,6 +17970,22 @@ entries:
- assets/instana/instana-agent-1.0.2900.tgz
version: 1.0.2900
intel-device-plugins-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Intel Device Plugins Operator
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: intel-device-plugins-operator
+ apiVersion: v2
+ appVersion: 0.27.1
+ created: "2023-06-22T17:04:56.374744032Z"
+ description: A Helm chart for Intel Device Plugins Operator for Kubernetes
+ digest: 887fd06170df8c4eac6ad5b03d0704ecc3898bf5168d2b9b71ba709162df7ab4
+ icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
+ name: intel-device-plugins-operator
+ type: application
+ urls:
+ - assets/intel/intel-device-plugins-operator-0.27.1.tgz
+ version: 0.27.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Intel Device Plugins Operator
@@ -17761,6 +18083,22 @@ entries:
- assets/intel/intel-device-plugins-operator-0.24.1.tgz
version: 0.24.1
intel-device-plugins-qat:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Intel QAT Device Plugin
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: intel-device-plugins-qat
+ apiVersion: v2
+ appVersion: 0.27.1
+ created: "2023-06-22T17:04:56.375877923Z"
+ description: A Helm chart for Intel QAT Device Plugin
+ digest: 61111c0865f447670d274381f2342b51c572a404a7783fbe2e107534e44c42e3
+ icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
+ name: intel-device-plugins-qat
+ type: application
+ urls:
+ - assets/intel/intel-device-plugins-qat-0.27.1.tgz
+ version: 0.27.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Intel QAT Device Plugin
@@ -17810,6 +18148,22 @@ entries:
- assets/intel/intel-device-plugins-qat-0.26.0.tgz
version: 0.26.0
intel-device-plugins-sgx:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Intel SGX Device Plugin
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: intel-device-plugins-sgx
+ apiVersion: v2
+ appVersion: 0.27.1
+ created: "2023-06-22T17:04:56.376840816Z"
+ description: A Helm chart for Intel SGX Device Plugin
+ digest: 591a365c15caad3522e13dd6c828cf8ce5bd025a1825f3a602b3d0cfab0c3ad6
+ icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4
+ name: intel-device-plugins-sgx
+ type: application
+ urls:
+ - assets/intel/intel-device-plugins-sgx-0.27.1.tgz
+ version: 0.27.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Intel SGX Device Plugin
@@ -23585,6 +23939,33 @@ entries:
- assets/avesha/kubeslice-worker-0.4.5.tgz
version: 0.4.5
kuma:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Kuma
+ catalog.cattle.io/namespace: kuma-system
+ catalog.cattle.io/release-name: kuma
+ apiVersion: v2
+ appVersion: 2.2.2
+ created: "2023-06-22T17:04:57.972510416Z"
+ description: A Helm chart for the Kuma Control Plane
+ digest: 45bca714c4dc5b06706c535d81be8eb36f44b65786f89a158728e4bb21f7eb54
+ home: https://github.com/kumahq/kuma
+ icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
+ keywords:
+ - service mesh
+ - control plane
+ maintainers:
+ - email: austin.cawley@gmail.com
+ name: austince
+ - email: jakub.dyszkiewicz@konghq.com
+ name: jakubdyszkiewicz
+ - email: nikolay.nikolaev@konghq.com
+ name: nickolaev
+ name: kuma
+ type: application
+ urls:
+ - assets/kuma/kuma-2.2.2.tgz
+ version: 2.2.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Kuma
@@ -27253,6 +27634,102 @@ entries:
- assets/f5/nginx-service-mesh-0.2.100.tgz
version: 0.2.100
nri-bundle:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: New Relic
+ catalog.cattle.io/release-name: nri-bundle
+ apiVersion: v2
+ created: "2023-06-22T17:04:58.293409363Z"
+ dependencies:
+ - condition: infrastructure.enabled,newrelic-infrastructure.enabled
+ name: newrelic-infrastructure
+ repository: file://./charts/newrelic-infrastructure
+ version: 3.20.0
+ - condition: prometheus.enabled,nri-prometheus.enabled
+ name: nri-prometheus
+ repository: file://./charts/nri-prometheus
+ version: 2.1.16
+ - condition: newrelic-prometheus-agent.enabled
+ name: newrelic-prometheus-agent
+ repository: file://./charts/newrelic-prometheus-agent
+ version: 1.2.2
+ - condition: webhook.enabled,nri-metadata-injection.enabled
+ name: nri-metadata-injection
+ repository: file://./charts/nri-metadata-injection
+ version: 4.3.1
+ - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled
+ name: newrelic-k8s-metrics-adapter
+ repository: file://./charts/newrelic-k8s-metrics-adapter
+ version: 1.2.1
+ - condition: ksm.enabled,kube-state-metrics.enabled
+ name: kube-state-metrics
+ repository: file://./charts/kube-state-metrics
+ version: 4.23.0
+ - condition: kubeEvents.enabled,nri-kube-events.enabled
+ name: nri-kube-events
+ repository: file://./charts/nri-kube-events
+ version: 3.1.0
+ - condition: logging.enabled,newrelic-logging.enabled
+ name: newrelic-logging
+ repository: file://./charts/newrelic-logging
+ version: 1.14.2
+ - condition: newrelic-pixie.enabled
+ name: newrelic-pixie
+ repository: file://./charts/newrelic-pixie
+ version: 2.1.1
+ - alias: pixie-chart
+ condition: pixie-chart.enabled
+ name: pixie-operator-chart
+ repository: file://./charts/pixie-operator-chart
+ version: 0.1.4
+ - condition: newrelic-infra-operator.enabled
+ name: newrelic-infra-operator
+ repository: file://./charts/newrelic-infra-operator
+ version: 2.2.1
+ description: Groups together the individual charts for the New Relic Kubernetes
+ solution for a more comfortable deployment.
+ digest: fe31726541f841a66c883908f0169c0881baff23880844bd2765c76d199237f2
+ home: https://github.com/newrelic/helm-charts
+ icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg
+ keywords:
+ - infrastructure
+ - newrelic
+ - monitoring
+ maintainers:
+ - name: nserrino
+ url: https://github.com/nserrino
+ - name: philkuz
+ url: https://github.com/philkuz
+ - name: htroisi
+ url: https://github.com/htroisi
+ - name: juanjjaramillo
+ url: https://github.com/juanjjaramillo
+ - name: svetlanabrennan
+ url: https://github.com/svetlanabrennan
+ - name: nrepai
+ url: https://github.com/nrepai
+ - name: csongnr
+ url: https://github.com/csongnr
+ - name: vuqtran88
+ url: https://github.com/vuqtran88
+ - name: xqi-nr
+ url: https://github.com/xqi-nr
+ name: nri-bundle
+ sources:
+ - https://github.com/newrelic/nri-bundle/
+ - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle
+ - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure
+ - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus
+ - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent
+ - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection
+ - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter
+ - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events
+ - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging
+ - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie
+ - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator
+ urls:
+ - assets/new-relic/nri-bundle-5.0.20.tgz
+ version: 5.0.20
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: New Relic
@@ -29967,6 +30444,19 @@ entries:
- assets/openebs/openebs-1.12.300.tgz
version: 1.12.300
pixie-operator-chart:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Pixie
+ catalog.cattle.io/release-name: pixie
+ apiVersion: v2
+ created: "2023-06-22T17:04:58.737754805Z"
+ digest: bb9e2ef6f66101c74af6231b120ccef07ce7a62053909d28ab7e910b96f179c6
+ icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/pixie/icon/color/pixie-icon-color.svg
+ name: pixie-operator-chart
+ type: application
+ urls:
+ - assets/pixie/pixie-operator-chart-0.1.401.tgz
+ version: 0.1.401
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Pixie
@@ -33491,6 +33981,46 @@ entries:
- assets/bitnami/redis-17.3.7.tgz
version: 17.3.7
redpanda:
+ - annotations:
+ artifacthub.io/images: |
+ - name: redpanda
+ image: docker.redpanda.com/redpandadata/redpanda:v23.1.10
+ - name: busybox
+ image: busybox:latest
+ - name: mintel/docker-alpine-bash-curl-jq
+ image: mintel/docker-alpine-bash-curl-jq:latest
+ artifacthub.io/license: Apache-2.0
+ artifacthub.io/links: |
+ - name: Documentation
+ url: https://docs.redpanda.com
+ - name: "Helm (>= 3.6.0)"
+ url: https://helm.sh/docs/intro/install/
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Redpanda
+ catalog.cattle.io/kube-version: '>=1.21-0'
+ catalog.cattle.io/release-name: redpanda
+ apiVersion: v2
+ appVersion: v23.1.12
+ created: "2023-06-22T17:04:58.949548752Z"
+ dependencies:
+ - condition: console.enabled
+ name: console
+ repository: file://./charts/console
+ version: '>=0.5 <1.0'
+ description: Redpanda is the real-time engine for modern apps.
+ digest: 10a42a1d49a9ea220fa28dc46719eefb1c0034529d8b63412be7842d09687917
+ icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
+ kubeVersion: '>=1.21-0'
+ maintainers:
+ - name: redpanda-data
+ url: https://github.com/orgs/redpanda-data/people
+ name: redpanda
+ sources:
+ - https://github.com/redpanda-data/helm-charts
+ type: application
+ urls:
+ - assets/redpanda/redpanda-4.0.45.tgz
+ version: 4.0.45
- annotations:
artifacthub.io/images: |
- name: redpanda
@@ -36961,6 +37491,37 @@ entries:
- assets/bitnami/spark-6.3.8.tgz
version: 6.3.8
speedscale-operator:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Speedscale Operator
+ catalog.cattle.io/kube-version: '>= 1.17.0-0'
+ catalog.cattle.io/release-name: speedscale-operator
+ apiVersion: v1
+ appVersion: 1.3.122
+ created: "2023-06-22T17:04:59.042793069Z"
+ description: Stress test your APIs with real world scenarios. Collect and replay
+ traffic without scripting.
+ digest: 8e6681693bf4815a80301f8a8b7f9d638e7ef36fc95c7fa661707d2365cec745
+ home: https://speedscale.com
+ icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png
+ keywords:
+ - speedscale
+ - test
+ - testing
+ - regression
+ - reliability
+ - load
+ - replay
+ - network
+ - traffic
+ kubeVersion: '>= 1.17.0-0'
+ maintainers:
+ - email: support@speedscale.com
+ name: Speedscale Support
+ name: speedscale-operator
+ urls:
+ - assets/speedscale/speedscale-operator-1.3.17.tgz
+ version: 1.3.17
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Speedscale Operator
@@ -42214,6 +42775,53 @@ entries:
- assets/hashicorp/vault-0.22.0.tgz
version: 0.22.0
wordpress:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: WordPress
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: wordpress
+ category: CMS
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 6.2.2
+ created: "2023-06-22T17:04:55.038650528Z"
+ dependencies:
+ - condition: memcached.enabled
+ name: memcached
+ repository: file://./charts/memcached
+ version: 6.x.x
+ - condition: mariadb.enabled
+ name: mariadb
+ repository: file://./charts/mariadb
+ version: 12.x.x
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: WordPress is the world's most popular blogging and content management
+ platform. Powerful yet simple, everyone from students to global corporations
+ use it to build beautiful, functional websites.
+ digest: d1522c4052b0ca0aceaae4f67d961e1b1db8ed184ff2b68bd0c52a687cfbbeba
+ home: https://bitnami.com
+ icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png
+ keywords:
+ - application
+ - blog
+ - cms
+ - http
+ - php
+ - web
+ - wordpress
+ maintainers:
+ - name: VMware, Inc.
+ url: https://github.com/bitnami/charts
+ name: wordpress
+ sources:
+ - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
+ urls:
+ - assets/bitnami/wordpress-16.1.18.tgz
+ version: 16.1.18
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: WordPress
@@ -45506,6 +46114,38 @@ entries:
- assets/netfoundry/ziti-host-1.5.1.tgz
version: 1.5.1
zookeeper:
+ - annotations:
+ catalog.cattle.io/certified: partner
+ catalog.cattle.io/display-name: Apache Zookeeper
+ catalog.cattle.io/kube-version: '>=1.19-0'
+ catalog.cattle.io/release-name: zookeeper
+ category: Infrastructure
+ licenses: Apache-2.0
+ apiVersion: v2
+ appVersion: 3.8.1
+ created: "2023-06-22T17:04:55.15022481Z"
+ dependencies:
+ - name: common
+ repository: file://./charts/common
+ tags:
+ - bitnami-common
+ version: 2.x.x
+ description: Apache ZooKeeper provides a reliable, centralized register of configuration
+ data and services for distributed applications.
+ digest: fb7ed9d3cc080a352eb2fbc4cb40840b156123c4c808a5e2f07ea697d999b7bc
+ home: https://bitnami.com
+ icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg
+ keywords:
+ - zookeeper
+ maintainers:
+ - name: VMware, Inc.
+ url: https://github.com/bitnami/charts
+ name: zookeeper
+ sources:
+ - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
+ urls:
+ - assets/bitnami/zookeeper-11.4.3.tgz
+ version: 11.4.3
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Apache Zookeeper