diff --git a/assets/aquarist-labs/s3gw-0.20.0.tgz b/assets/aquarist-labs/s3gw-0.20.0.tgz new file mode 100644 index 000000000..75bbe4fe9 Binary files /dev/null and b/assets/aquarist-labs/s3gw-0.20.0.tgz differ diff --git a/assets/bitnami/kafka-25.1.5.tgz b/assets/bitnami/kafka-25.1.5.tgz new file mode 100644 index 000000000..fc7c940c8 Binary files /dev/null and b/assets/bitnami/kafka-25.1.5.tgz differ diff --git a/assets/bitnami/wordpress-17.1.6.tgz b/assets/bitnami/wordpress-17.1.6.tgz new file mode 100644 index 000000000..594a447db Binary files /dev/null and b/assets/bitnami/wordpress-17.1.6.tgz differ diff --git a/assets/kong/kong-2.26.5.tgz b/assets/kong/kong-2.26.5.tgz new file mode 100644 index 000000000..77e1ff1bf Binary files /dev/null and b/assets/kong/kong-2.26.5.tgz differ diff --git a/assets/redpanda/redpanda-5.3.0.tgz b/assets/redpanda/redpanda-5.3.0.tgz new file mode 100644 index 000000000..cf28de217 Binary files /dev/null and b/assets/redpanda/redpanda-5.3.0.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.3.29.tgz b/assets/speedscale/speedscale-operator-1.3.29.tgz new file mode 100644 index 000000000..660a23ff3 Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.29.tgz differ diff --git a/assets/trilio/k8s-triliovault-operator-3.1.2.tgz b/assets/trilio/k8s-triliovault-operator-3.1.2.tgz new file mode 100644 index 000000000..e161c97b9 Binary files /dev/null and b/assets/trilio/k8s-triliovault-operator-3.1.2.tgz differ diff --git a/charts/aquarist-labs/s3gw/Chart.yaml b/charts/aquarist-labs/s3gw/Chart.yaml index 82a1ab37c..0df590cbd 100644 --- a/charts/aquarist-labs/s3gw/Chart.yaml +++ b/charts/aquarist-labs/s3gw/Chart.yaml @@ -35,4 +35,4 @@ sources: - https://github.com/aquarist-labs/s3gw-cosi-driver - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar type: application -version: 0.19.0 +version: 0.20.0 diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index de988de9c..0dc286801 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -45,4 +45,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 25.1.4 +version: 25.1.5 diff --git a/charts/bitnami/kafka/templates/scripts-configmap.yaml b/charts/bitnami/kafka/templates/scripts-configmap.yaml index f46db2143..599e6214f 100644 --- a/charts/bitnami/kafka/templates/scripts-configmap.yaml +++ b/charts/bitnami/kafka/templates/scripts-configmap.yaml @@ -187,6 +187,10 @@ data: cp "/mounted-certs/kafka.crt" /certs/tls.crt # Copy the PEM key ensuring the key used PEM format with PKCS#8 openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/kafka.key" > /certs/tls.key + elif [[ -f /mounted-certs/tls.crt && -f /mounted-certs/tls.key ]]; then + cp "/mounted-certs/tls.crt" /certs/tls.crt + # Copy the PEM key ensuring the key used PEM format with PKCS#8 + openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/tls.key" > /certs/tls.key else error "PEM key and cert files not found" fi @@ -195,6 +199,8 @@ data: # Copy CA certificate if [[ -f /mounted-certs/kafka-ca.crt ]]; then cp /mounted-certs/kafka-ca.crt /certs/ca.crt + elif [[ -f /mounted-certs/ca.crt ]]; then + cp /mounted-certs/ca.crt /certs/ca.crt else error "CA certificate file not found" fi diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index c8e6cb728..3513f07b7 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -268,6 +268,7 @@ tls: ## --from-file=kafka-broker-0.crt=./kafka-broker-0.crt --from-file=kafka-broker-0.key=./kafka-broker-0.key ... ## ## NOTE: Alternatively, a single key and certificate can be provided for all nodes under the keys 'kafka.crt' and 'kafka.key'. These certificates will be used by all nodes unless overridden by the 'kafka--X.key' and 'kafka--X.crt' files + ## NOTE: Alternatively, a single key and certificate can be provided for all nodes under the keys 'tls.crt' and 'tls.key'. These certificates will be used by all nodes unless overridden by the 'kafka--X.key' and 'kafka--X.crt' files ## existingSecret: "" ## @param tls.autoGenerated Generate automatically self-signed TLS certificates for Kafka brokers. Currently only supported if `tls.type` is `PEM` diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index 2e18fffa0..3f506f1ad 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 13.1.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.9.1 -digest: sha256:5df6e862af69422cc6e287bf9dd560b3a1e56d3b49b4bc81132b0db10903cd80 -generated: "2023-08-30T09:41:25.351778314Z" + version: 2.9.2 +digest: sha256:467adda3c6f9bea1762beb6c252fd4d1a5ba52942ab1b9b48af60ac4e375783d +generated: "2023-08-31T19:21:10.315977353Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index f3668fe61..64001dff2 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: CMS images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r29 + image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r32 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r51 + image: docker.io/bitnami/os-shell:11-debian-11-r54 - name: wordpress - image: docker.io/bitnami/wordpress:6.3.1-debian-11-r0 + image: docker.io/bitnami/wordpress:6.3.1-debian-11-r2 licenses: Apache-2.0 apiVersion: v2 appVersion: 6.3.1 @@ -47,4 +47,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 17.1.4 +version: 17.1.6 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 89eaad526..e560fd44c 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.1-debian-11-r0` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.1-debian-11-r2` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r51` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r54` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r29` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r32` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/charts/common/Chart.yaml b/charts/bitnami/wordpress/charts/common/Chart.yaml index 5669a24b3..67e9a92ce 100644 --- a/charts/bitnami/wordpress/charts/common/Chart.yaml +++ b/charts/bitnami/wordpress/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.9.1 +appVersion: 2.9.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.9.1 +version: 2.9.2 diff --git a/charts/bitnami/wordpress/charts/common/templates/_tplvalues.tpl b/charts/bitnami/wordpress/charts/common/templates/_tplvalues.tpl index dc15f7fdc..edf99392c 100644 --- a/charts/bitnami/wordpress/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/wordpress/charts/common/templates/_tplvalues.tpl @@ -11,17 +11,14 @@ Usage: {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} -{{- if .scope }} - {{- if typeIs "string" .value }} - {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} {{- else }} - {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- tpl $value .context }} {{- end }} {{- else }} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} + {{- $value }} +{{- end }} {{- end -}} diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 35374622d..7b04b1889 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.3.1-debian-11-r0 + tag: 6.3.1-debian-11-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -766,7 +766,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r51 + tag: 11-debian-11-r54 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -860,7 +860,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.1-debian-11-r29 + tag: 1.0.1-debian-11-r32 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 8f55bfdb0..fcc8c252e 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -4,6 +4,14 @@ Nothing yet. +## 2.26.5 + +### Fixed + +* Kuma ServiceAccount Token hints and volumes are also available in migrations + Pods. + [#877](https://github.com/Kong/charts/pull/877) + ## 2.26.4 ### Fixed diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 8b933208b..9919211dc 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.26.4 +version: 2.26.5 diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index e2f7eb0b7..1cb0f069b 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -552,6 +552,41 @@ The name of the service used for the ingress controller's validation webhook - name: {{ template "kong.fullname" . }}-tmp emptyDir: sizeLimit: {{ .Values.deployment.tmpDir.sizeLimit }} +{{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} +- name: {{ template "kong.serviceAccountTokenName" . }} + {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. + See the related documentation of semver module that Helm depends on for semverCompare: + https://github.com/Masterminds/semver#working-with-prerelease-versions + Related Helm issue: https://github.com/helm/helm/issues/3810 */}} + {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + {{- else }} + secret: + secretName: {{ template "kong.serviceAccountTokenName" . }} + items: + - key: token + path: token + - key: ca.crt + path: ca.crt + - key: namespace + path: namespace + {{- end }} +{{- end }} {{- if and ( .Capabilities.APIVersions.Has "cert-manager.io/v1" ) .Values.certificates.enabled -}} {{- if .Values.certificates.cluster.enabled }} - name: {{ include "kong.fullname" . }}-cluster-cert diff --git a/charts/kong/kong/templates/deployment.yaml b/charts/kong/kong/templates/deployment.yaml index 0d9e28a66..0aa46ceea 100644 --- a/charts/kong/kong/templates/deployment.yaml +++ b/charts/kong/kong/templates/deployment.yaml @@ -302,39 +302,4 @@ spec: volumes: {{- include "kong.volumes" . | nindent 8 -}} {{- include "kong.userDefinedVolumes" . | nindent 8 -}} - {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} - - name: {{ template "kong.serviceAccountTokenName" . }} - {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. - See the related documentation of semver module that Helm depends on for semverCompare: - https://github.com/Masterminds/semver#working-with-prerelease-versions - Related Helm issue: https://github.com/helm/helm/issues/3810 */}} - {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} - projected: - sources: - - serviceAccountToken: - expirationSeconds: 3607 - path: token - - configMap: - items: - - key: ca.crt - path: ca.crt - name: kube-root-ca.crt - - downwardAPI: - items: - - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - path: namespace - {{- else }} - secret: - secretName: {{ template "kong.serviceAccountTokenName" . }} - items: - - key: token - path: token - - key: ca.crt - path: ca.crt - - key: namespace - path: namespace - {{- end }} - {{- end }} {{- end }} diff --git a/charts/kong/kong/templates/migrations-post-upgrade.yaml b/charts/kong/kong/templates/migrations-post-upgrade.yaml index 04fd569ae..6b1b38e32 100644 --- a/charts/kong/kong/templates/migrations-post-upgrade.yaml +++ b/charts/kong/kong/templates/migrations-post-upgrade.yaml @@ -29,6 +29,9 @@ spec: {{- range $key, $value := .Values.migrations.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} + kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }} + {{- end }} {{- end }} spec: {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} diff --git a/charts/kong/kong/templates/migrations-pre-upgrade.yaml b/charts/kong/kong/templates/migrations-pre-upgrade.yaml index a98213d2a..f5002aec9 100644 --- a/charts/kong/kong/templates/migrations-pre-upgrade.yaml +++ b/charts/kong/kong/templates/migrations-pre-upgrade.yaml @@ -31,6 +31,9 @@ spec: {{- range $key, $value := .Values.migrations.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} + kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }} + {{- end }} {{- end }} spec: {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} diff --git a/charts/kong/kong/templates/migrations.yaml b/charts/kong/kong/templates/migrations.yaml index c410a4a71..a996fcd13 100644 --- a/charts/kong/kong/templates/migrations.yaml +++ b/charts/kong/kong/templates/migrations.yaml @@ -39,6 +39,9 @@ spec: {{- range $key, $value := .Values.migrations.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} + kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }} + {{- end }} {{- end }} spec: {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index cba1014c1..0b7fd7f20 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: https://charts.redpanda.com version: 0.1.5 digest: sha256:dd7afd55f6eb7e9b3a91b0e5eeda47138e23c255b32d277ad4cb3a7ad3ec1b1f -generated: "2023-08-29T23:24:16.635099387Z" +generated: "2023-08-31T03:08:33.366208928Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 866b5a362..1c899a8f5 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -37,4 +37,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 5.2.0 +version: 5.3.0 diff --git a/charts/redpanda/redpanda/templates/_configmap.tpl b/charts/redpanda/redpanda/templates/_configmap.tpl new file mode 100644 index 000000000..237203ba1 --- /dev/null +++ b/charts/redpanda/redpanda/templates/_configmap.tpl @@ -0,0 +1,463 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "configmap-content-no-seed" -}} +{{- /* + configmap content without seed list. +*/ -}} +{{- $root := . }} +{{- $values := .Values }} + +{{- /* + It's impossible to do a rolling upgrade from not-tls-enabled rpc to tls-enabled rpc. +*/ -}} +{{- $check := list + (include "redpanda-atleast-23-1-2" .|fromJson).bool + (include "redpanda-22-3-atleast-22-3-13" .|fromJson).bool + (include "redpanda-22-2-atleast-22-2-10" .|fromJson).bool +-}} +{{- $wantedRPCTLS := (include "rpc-tls-enabled" . | fromJson).bool -}} +{{- if and (not (mustHas true $check)) $wantedRPCTLS -}} + {{- fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (include "redpanda.semver" .)) -}} +{{- end -}} +{{- $cm := lookup "v1" "ConfigMap" .Release.Namespace (include "redpanda.fullname" .) -}} +{{- $redpandaYAML := dig "data" "redpanda.yaml" "" $cm | fromYaml -}} +{{- $currentRPCTLS := dig "redpanda" "rpc_server_tls" "enabled" false $redpandaYAML -}} +{{- /* Lookup will return an empty map when running `helm template` or when `--dry-run` is passed. */ -}} +{{- if (and .Release.IsUpgrade $cm) -}} + {{- if ne $currentRPCTLS $wantedRPCTLS -}} + {{- if eq (get .Values "force" | default false) false -}} + {{- fail (join "\n" (list + (printf "\n\nError: Cannot do a rolling restart to enable or disable tls at the RPC layer: changing listeners.rpc.tls.enabled (redpanda.yaml:repdanda.rpc_server_tls.enabled) from %v to %v" $currentRPCTLS $wantedRPCTLS) + "***WARNING The following instructions will result in a short period of downtime." + "To accept this risk, run the upgrade again adding `--force=true` and do the following:\n" + "While helm is upgrading the release, manually delete ALL the pods:" + (printf " kubectl -n %s delete pod -l app.kubernetes.io/component=redpanda-statefulset" .Release.Namespace) + "\nIf you got here thinking rpc tls was already enabled, see technical service bulletin 2023-01." + )) + -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- $users := list -}} +{{- if (include "sasl-enabled" . | fromJson).bool -}} + {{- range $user := .Values.auth.sasl.users -}} + {{- $users = append $users $user.name -}} + {{- end -}} +{{- end -}} + + bootstrap.yaml: | + kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }} + enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }} + enable_rack_awareness: {{ .Values.rackAwareness.enabled }} + {{- if $users }} + superusers: {{ toJson $users }} + {{- end }} + {{- with (dig "cluster" dict .Values.config) }} + {{- range $key, $element := .}} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} + {{- end }} + {{- end }} + {{- include "tunable" . }} + {{- if and (not (hasKey .Values.config.cluster "storage_min_free_bytes")) ((include "redpanda-atleast-22-2-0" . | fromJson).bool) }} + storage_min_free_bytes: {{ include "storage-min-free-bytes" . }} + {{- end }} +{{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} + {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }} + {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_cache_directory" }} + {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }} + {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}} + {{- end }} + {{- range $key, $element := $tieredStorageConfig}} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} + {{- end }} +{{- end }} + redpanda.yaml: | + config_file: /etc/redpanda/redpanda.yaml +{{- if .Values.logging.usageStats.enabled }} + {{- with (dig "usageStats" "organization" "" .Values.logging) }} + organization: {{ . }} + {{- end }} + {{- with (dig "usageStats" "clusterId" "" .Values.logging) }} + cluster_id: {{ . }} + {{- end }} +{{- end }} + redpanda: +{{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }} + empty_seed_starts_cluster: false +{{- end }} + kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }} + enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }} + {{- if $users }} + superusers: {{ toJson $users }} + {{- end }} + {{- with (dig "cluster" dict .Values.config) }} + {{- range $key, $element := . }} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} + {{- end }} + {{- end }} + {{- with (dig "tunable" dict .Values.config) }} + {{- range $key, $element := .}} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} + {{- end }} + {{- end }} + {{- if not (hasKey .Values.config.cluster "storage_min_free_bytes") }} + storage_min_free_bytes: {{ include "storage-min-free-bytes" . }} + {{- end }} + {{- with dig "node" dict .Values.config }} + {{- range $key, $element := .}} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} + {{- end }} + {{- end }} +{{- /* LISTENERS */}} +{{- /* Admin API */}} +{{- $service := .Values.listeners.admin }} + admin: + - name: internal + address: 0.0.0.0 + port: {{ $service.port }} +{{- range $name, $listener := $service.external }} +{{- if and $listener.port $name }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} +{{- end }} +{{- end }} + admin_api_tls: +{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} +{{- end }} +{{- range $name, $listener := $service.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "admin-external-tls-enabled" $k | fromJson).bool }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "admin-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined" $certName)}} + {{- end }} + - name: {{ $name }} + enabled: true + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} +{{- end }} +{{- /* Kafka API */}} +{{- $kafkaService := .Values.listeners.kafka }} + kafka_api: + - name: internal + address: 0.0.0.0 + port: {{ $kafkaService.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $kafkaService.authenticationMethod }} + authentication_method: {{ default "sasl" $kafkaService.authenticationMethod }} + {{- end }} +{{- range $name, $listener := $kafkaService.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} + authentication_method: {{ default "sasl" $listener.authenticationMethod }} + {{- end }} +{{- end }} + kafka_api_tls: +{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.key + require_client_auth: {{ $kafkaService.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $kafkaService.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} +{{- end }} +{{- range $name, $listener := $kafkaService.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "kafka-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined" $certName)}} + {{- end }} + - name: {{ $name }} + enabled: true + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} +{{- end }} +{{- /* RPC Server */}} +{{- $service = .Values.listeners.rpc }} + rpc_server: + address: 0.0.0.0 + port: {{ $service.port }} +{{- if (include "rpc-tls-enabled" . | fromJson).bool }} + rpc_server_tls: + enabled: true + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} +{{- end }} + seed_servers: +{{- with $root.tempConfigMapServerList -}} + {{- . | trim | nindent 8 }} +{{- end -}} +{{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} + {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }} + {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }} + {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}} + {{- end }} + {{- range $key, $element := $tieredStorageConfig}} + {{- if or (eq (typeOf $element) "bool") $element }} + {{ $key }}: {{ $element | toYaml }} + {{- end }} + {{- end }} +{{- end }} +{{- /* Schema Registry API */}} +{{- if and .Values.listeners.schemaRegistry.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }} + {{- $schemaRegistryService := .Values.listeners.schemaRegistry }} + schema_registry: + schema_registry_api: + - name: internal + address: 0.0.0.0 + port: {{ $schemaRegistryService.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $schemaRegistryService.authenticationMethod }} + authentication_method: {{ default "http_basic" $schemaRegistryService.authenticationMethod }} + {{- end }} + {{- range $name, $listener := $schemaRegistryService.external }} + - name: {{ $name }} + address: 0.0.0.0 + {{- /* + when upgrading from an older version that had a missing port, fail if we cannot guess a default + this should work in all cases as the older versions would have failed with multiple listeners anyway + */}} + {{- if and (empty $listener.port) (ne (len $schemaRegistryService.external) 1) }} + {{- fail "missing required port for schemaRegistry listener $listener.name" }} + {{- end }} + port: {{ $listener.port | default 8084 }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} + authentication_method: {{ default "http_basic" $listener.authenticationMethod }} + {{- end }} + {{- end }} + schema_registry_api_tls: + {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.key + require_client_auth: {{ $schemaRegistryService.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $schemaRegistryService.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} + {{- range $name, $listener := $schemaRegistryService.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "schemaRegistry-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + - name: {{ $name }} + enabled: true + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* HTTP Proxy */}} +{{- if and .Values.listeners.http.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }} + {{- $HTTPService := .Values.listeners.http }} + pandaproxy: + pandaproxy_api: + - name: internal + address: 0.0.0.0 + port: {{ $HTTPService.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $HTTPService.authenticationMethod }} + authentication_method: {{ default "http_basic" $HTTPService.authenticationMethod }} + {{- end }} + {{- range $name, $listener := $HTTPService.external }} + - name: {{ $name }} + address: 0.0.0.0 + port: {{ $listener.port }} + {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} + authentication_method: {{ default "http_basic" $listener.authenticationMethod }} + {{- end }} + {{- end }} + pandaproxy_api_tls: + {{- if (include "http-internal-tls-enabled" . | fromJson).bool }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.key + require_client_auth: {{ $HTTPService.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $HTTPService.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} + {{- range $name, $listener := $HTTPService.external }} + {{- $k := dict "Values" $values "listener" $listener }} + {{- if (include "http-external-tls-enabled" $k | fromJson).bool }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "http-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + - name: {{ $name }} + enabled: true + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- /* END LISTENERS */}} + + rpk: +{{- with (dig "rpk" dict .Values.config) }} + {{- . | toYaml | nindent 6}} +{{- end }} + enable_usage_stats: {{ .Values.logging.usageStats.enabled }} + overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }} + enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }} +{{- if hasKey .Values.tuning "tune_aio_events" }} + tune_aio_events: {{ .Values.tuning.tune_aio_events }} +{{- end }} +{{- if hasKey .Values.tuning "tune_clocksource" }} + tune_clocksource: {{ .Values.tuning.tune_clocksource }} +{{- end }} +{{- if hasKey .Values.tuning "tune_ballast_file" }} + tune_ballast_file: {{ .Values.tuning.tune_ballast_file }} +{{- end }} +{{- if hasKey .Values.tuning "ballast_file_path" }} + ballast_file_path: {{ .Values.tuning.ballast_file_path }} +{{- end }} +{{- if hasKey .Values.tuning "ballast_file_size" }} + ballast_file_size: {{ .Values.tuning.ballast_file_size }} +{{- end }} +{{- if hasKey .Values.tuning "well_known_io" }} + well_known_io: {{ .Values.tuning.well_known_io }} +{{- end }} +{{- end -}} + +{{- define "configmap-server-list" -}} +{{- $root := . }} +{{- range (include "seed-server-list" $root | mustFromJson) }} +- host: + address: {{ . }} + port: {{ $root.Values.listeners.rpc.port }} +{{- end }} +{{- end -}} + +{{- define "configmap-with-server-list" -}} +{{- $root := . }} +{{- $serverList := (include "configmap-server-list" $root ) -}} +{{- $r := set $root "tempConfigMapServerList" ( $serverList ) }} +{{ include "configmap-content-no-seed" $r }} +{{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/configmap.yaml b/charts/redpanda/redpanda/templates/configmap.yaml index 6e92b99f2..e87531719 100644 --- a/charts/redpanda/redpanda/templates/configmap.yaml +++ b/charts/redpanda/redpanda/templates/configmap.yaml @@ -14,47 +14,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- $root := . }} -{{- $values := .Values }} - -{{- /* - It's impossible to do a rolling upgrade from not-tls-enabled rpc to tls-enabled rpc. -*/ -}} -{{- $check := list - (include "redpanda-atleast-23-1-2" .|fromJson).bool - (include "redpanda-22-3-atleast-22-3-13" .|fromJson).bool - (include "redpanda-22-2-atleast-22-2-10" .|fromJson).bool --}} -{{- $wantedRPCTLS := (include "rpc-tls-enabled" . | fromJson).bool -}} -{{- if and (not (mustHas true $check)) $wantedRPCTLS -}} - {{- fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (include "redpanda.semver" .)) -}} -{{- end -}} -{{- $cm := lookup "v1" "ConfigMap" .Release.Namespace (include "redpanda.fullname" .) -}} -{{- $redpandaYAML := dig "data" "redpanda.yaml" "" $cm | fromYaml -}} -{{- $currentRPCTLS := dig "redpanda" "rpc_server_tls" "enabled" false $redpandaYAML -}} -{{- /* Lookup will return an empty map when running `helm template` or when `--dry-run` is passed. */ -}} -{{- if (and .Release.IsUpgrade $cm) -}} - {{- if ne $currentRPCTLS $wantedRPCTLS -}} - {{- if eq (get .Values "force" | default false) false -}} - {{- fail (join "\n" (list - (printf "\n\nError: Cannot do a rolling restart to enable or disable tls at the RPC layer: changing listeners.rpc.tls.enabled (redpanda.yaml:repdanda.rpc_server_tls.enabled) from %v to %v" $currentRPCTLS $wantedRPCTLS) - "***WARNING The following instructions will result in a short period of downtime." - "To accept this risk, run the upgrade again adding `--force=true` and do the following:\n" - "While helm is upgrading the release, manually delete ALL the pods:" - (printf " kubectl -n %s delete pod -l app.kubernetes.io/component=redpanda-statefulset" .Release.Namespace) - "\nIf you got here thinking rpc tls was already enabled, see technical service bulletin 2023-01." - )) - -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{- $users := list -}} -{{- if (include "sasl-enabled" . | fromJson).bool -}} - {{- range $user := .Values.auth.sasl.users -}} - {{- $users = append $users $user.name -}} - {{- end -}} -{{- end -}} --- apiVersion: v1 kind: ConfigMap @@ -66,388 +25,4 @@ metadata: {{- . | nindent 4 }} {{- end }} data: - bootstrap.yaml: | - kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }} - enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }} - enable_rack_awareness: {{ .Values.rackAwareness.enabled }} - {{- if $users }} - superusers: {{ toJson $users }} - {{- end }} - {{- with (dig "cluster" dict .Values.config) }} - {{- range $key, $element := .}} - {{- if or (eq (typeOf $element) "bool") $element }} - {{ $key }}: {{ $element | toYaml }} - {{- end }} - {{- end }} - {{- end }} - {{- include "tunable" . }} - {{- if and (not (hasKey .Values.config.cluster "storage_min_free_bytes")) ((include "redpanda-atleast-22-2-0" . | fromJson).bool) }} - storage_min_free_bytes: {{ include "storage-min-free-bytes" . }} - {{- end }} -{{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} - {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }} - {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_cache_directory" }} - {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }} - {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}} - {{- end }} - {{- range $key, $element := $tieredStorageConfig}} - {{- if or (eq (typeOf $element) "bool") $element }} - {{ $key }}: {{ $element | toYaml }} - {{- end }} - {{- end }} -{{- end }} - redpanda.yaml: | - config_file: /etc/redpanda/redpanda.yaml -{{- if .Values.logging.usageStats.enabled }} - {{- with (dig "usageStats" "organization" "" .Values.logging) }} - organization: {{ . }} - {{- end }} - {{- with (dig "usageStats" "clusterId" "" .Values.logging) }} - cluster_id: {{ . }} - {{- end }} -{{- end }} - redpanda: -{{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }} - empty_seed_starts_cluster: false -{{- end }} - kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }} - enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }} - {{- if $users }} - superusers: {{ toJson $users }} - {{- end }} - {{- with (dig "cluster" dict .Values.config) }} - {{- range $key, $element := . }} - {{- if or (eq (typeOf $element) "bool") $element }} - {{ $key }}: {{ $element | toYaml }} - {{- end }} - {{- end }} - {{- end }} - {{- with (dig "tunable" dict .Values.config) }} - {{- range $key, $element := .}} - {{- if or (eq (typeOf $element) "bool") $element }} - {{ $key }}: {{ $element | toYaml }} - {{- end }} - {{- end }} - {{- end }} - {{- if not (hasKey .Values.config.cluster "storage_min_free_bytes") }} - storage_min_free_bytes: {{ include "storage-min-free-bytes" . }} - {{- end }} - {{- with dig "node" dict .Values.config }} - {{- range $key, $element := .}} - {{- if or (eq (typeOf $element) "bool") $element }} - {{ $key }}: {{ $element | toYaml }} - {{- end }} - {{- end }} - {{- end }} -{{- /* LISTENERS */}} -{{- /* Admin API */}} -{{- $service := .Values.listeners.admin }} - admin: - - name: internal - address: 0.0.0.0 - port: {{ $service.port }} -{{- range $name, $listener := $service.external }} -{{- if and $listener.port $name }} - - name: {{ $name }} - address: 0.0.0.0 - port: {{ $listener.port }} -{{- end }} -{{- end }} - admin_api_tls: -{{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} - - name: internal - enabled: true - cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key - require_client_auth: {{ $service.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $service.tls.cert }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} -{{- end }} -{{- range $name, $listener := $service.external }} - {{- $k := dict "Values" $values "listener" $listener }} - {{- if (include "admin-external-tls-enabled" $k | fromJson).bool }} - {{- $mtls := dig "tls" "requireClientAuth" false $listener }} - {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} - {{- $certName := include "admin-external-tls-cert" $k }} - {{- $certPath := printf "/etc/tls/certs/%s" $certName }} - {{- $cert := get $values.tls.certs $certName }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined" $certName)}} - {{- end }} - - name: {{ $name }} - enabled: true - cert_file: {{ $certPath }}/tls.crt - key_file: {{ $certPath }}/tls.key - require_client_auth: {{ $mtls }} - {{- if $cert.caEnabled }} - truststore_file: {{ $certPath }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} - {{- end }} -{{- end }} -{{- /* Kafka API */}} -{{- $kafkaService := .Values.listeners.kafka }} - kafka_api: - - name: internal - address: 0.0.0.0 - port: {{ $kafkaService.port }} - {{- if or (include "sasl-enabled" $root | fromJson).bool $kafkaService.authenticationMethod }} - authentication_method: {{ default "sasl" $kafkaService.authenticationMethod }} - {{- end }} -{{- range $name, $listener := $kafkaService.external }} - - name: {{ $name }} - address: 0.0.0.0 - port: {{ $listener.port }} - {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} - authentication_method: {{ default "sasl" $listener.authenticationMethod }} - {{- end }} -{{- end }} - kafka_api_tls: -{{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} - - name: internal - enabled: true - cert_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.key - require_client_auth: {{ $kafkaService.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $kafkaService.tls.cert }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} -{{- end }} -{{- range $name, $listener := $kafkaService.external }} - {{- $k := dict "Values" $values "listener" $listener }} - {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }} - {{- $mtls := dig "tls" "requireClientAuth" false $listener }} - {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} - {{- $certName := include "kafka-external-tls-cert" $k }} - {{- $certPath := printf "/etc/tls/certs/%s" $certName }} - {{- $cert := get $values.tls.certs $certName }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined" $certName)}} - {{- end }} - - name: {{ $name }} - enabled: true - cert_file: {{ $certPath }}/tls.crt - key_file: {{ $certPath }}/tls.key - require_client_auth: {{ $mtls }} - {{- if $cert.caEnabled }} - truststore_file: {{ $certPath }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} - {{- end }} -{{- end }} -{{- /* RPC Server */}} -{{- $service = .Values.listeners.rpc }} - rpc_server: - address: 0.0.0.0 - port: {{ $service.port }} -{{- if (include "rpc-tls-enabled" . | fromJson).bool }} - rpc_server_tls: - enabled: true - cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key - require_client_auth: {{ $service.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $service.tls.cert }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} -{{- end }} - seed_servers: -{{- range (include "seed-server-list" . | mustFromJson) }} - - host: - address: {{ . }} - port: {{ $values.listeners.rpc.port }} -{{- end }} -{{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} - {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }} - {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }} - {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}} - {{- end }} - {{- range $key, $element := $tieredStorageConfig}} - {{- if or (eq (typeOf $element) "bool") $element }} - {{ $key }}: {{ $element | toYaml }} - {{- end }} - {{- end }} -{{- end }} -{{- /* Schema Registry API */}} -{{- if and .Values.listeners.schemaRegistry.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }} - {{- $schemaRegistryService := .Values.listeners.schemaRegistry }} - schema_registry: - schema_registry_api: - - name: internal - address: 0.0.0.0 - port: {{ $schemaRegistryService.port }} - {{- if or (include "sasl-enabled" $root | fromJson).bool $schemaRegistryService.authenticationMethod }} - authentication_method: {{ default "http_basic" $schemaRegistryService.authenticationMethod }} - {{- end }} - {{- range $name, $listener := $schemaRegistryService.external }} - - name: {{ $name }} - address: 0.0.0.0 - {{- /* - when upgrading from an older version that had a missing port, fail if we cannot guess a default - this should work in all cases as the older versions would have failed with multiple listeners anyway - */}} - {{- if and (empty $listener.port) (ne (len $schemaRegistryService.external) 1) }} - {{- fail "missing required port for schemaRegistry listener $listener.name" }} - {{- end }} - port: {{ $listener.port | default 8084 }} - {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} - authentication_method: {{ default "http_basic" $listener.authenticationMethod }} - {{- end }} - {{- end }} - schema_registry_api_tls: - {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }} - - name: internal - enabled: true - cert_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.key - require_client_auth: {{ $schemaRegistryService.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $schemaRegistryService.tls.cert }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} - {{- end }} - {{- range $name, $listener := $schemaRegistryService.external }} - {{- $k := dict "Values" $values "listener" $listener }} - {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }} - {{- $mtls := dig "tls" "requireClientAuth" false $listener }} - {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} - {{- $certName := include "schemaRegistry-external-tls-cert" $k }} - {{- $certPath := printf "/etc/tls/certs/%s" $certName }} - {{- $cert := get $values.tls.certs $certName }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - - name: {{ $name }} - enabled: true - cert_file: {{ $certPath }}/tls.crt - key_file: {{ $certPath }}/tls.key - require_client_auth: {{ $mtls }} - {{- if $cert.caEnabled }} - truststore_file: {{ $certPath }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- /* HTTP Proxy */}} -{{- if and .Values.listeners.http.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }} - {{- $HTTPService := .Values.listeners.http }} - pandaproxy: - pandaproxy_api: - - name: internal - address: 0.0.0.0 - port: {{ $HTTPService.port }} - {{- if or (include "sasl-enabled" $root | fromJson).bool $HTTPService.authenticationMethod }} - authentication_method: {{ default "http_basic" $HTTPService.authenticationMethod }} - {{- end }} - {{- range $name, $listener := $HTTPService.external }} - - name: {{ $name }} - address: 0.0.0.0 - port: {{ $listener.port }} - {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }} - authentication_method: {{ default "http_basic" $listener.authenticationMethod }} - {{- end }} - {{- end }} - pandaproxy_api_tls: - {{- if (include "http-internal-tls-enabled" . | fromJson).bool }} - - name: internal - enabled: true - cert_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.key - require_client_auth: {{ $HTTPService.tls.requireClientAuth }} - {{- $cert := get .Values.tls.certs $HTTPService.tls.cert }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - {{- if $cert.caEnabled }} - truststore_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} - {{- end }} - {{- range $name, $listener := $HTTPService.external }} - {{- $k := dict "Values" $values "listener" $listener }} - {{- if (include "http-external-tls-enabled" $k | fromJson).bool }} - {{- $mtls := dig "tls" "requireClientAuth" false $listener }} - {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} - {{- $certName := include "http-external-tls-cert" $k }} - {{- $certPath := printf "/etc/tls/certs/%s" $certName }} - {{- $cert := get $values.tls.certs $certName }} - {{- if empty $cert }} - {{- fail (printf "Certificate, '%s', used but not defined")}} - {{- end }} - - name: {{ $name }} - enabled: true - cert_file: {{ $certPath }}/tls.crt - key_file: {{ $certPath }}/tls.key - require_client_auth: {{ $mtls }} - {{- if $cert.caEnabled }} - truststore_file: {{ $certPath }}/ca.crt - {{- else }} - {{- /* This is a required field so we use the default in the redpanda debian container */}} - truststore_file: /etc/ssl/certs/ca-certificates.crt - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- /* END LISTENERS */}} - - rpk: -{{- with (dig "rpk" dict .Values.config) }} - {{- . | toYaml | nindent 6}} -{{- end }} - enable_usage_stats: {{ .Values.logging.usageStats.enabled }} - overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }} - enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }} -{{- if hasKey .Values.tuning "tune_aio_events" }} - tune_aio_events: {{ .Values.tuning.tune_aio_events }} -{{- end }} -{{- if hasKey .Values.tuning "tune_clocksource" }} - tune_clocksource: {{ .Values.tuning.tune_clocksource }} -{{- end }} -{{- if hasKey .Values.tuning "tune_ballast_file" }} - tune_ballast_file: {{ .Values.tuning.tune_ballast_file }} -{{- end }} -{{- if hasKey .Values.tuning "ballast_file_path" }} - ballast_file_path: {{ .Values.tuning.ballast_file_path }} -{{- end }} -{{- if hasKey .Values.tuning "ballast_file_size" }} - ballast_file_size: {{ .Values.tuning.ballast_file_size }} -{{- end }} -{{- if hasKey .Values.tuning "well_known_io" }} - well_known_io: {{ .Values.tuning.well_known_io }} -{{- end }} + {{ include "configmap-with-server-list" . | trim }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 0c08bb5fa..8918658fb 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -57,7 +57,7 @@ spec: labels: {{ (include "statefulset-pod-labels" .) | nindent 8 }} redpanda.com/poddisruptionbudget: {{ template "redpanda.name" . }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ include "configmap-content-no-seed" . | sha256sum }} {{- with $.Values.statefulset.annotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index e08b4831c..23eec1c9b 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.3.320 +appVersion: 1.3.335 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.3.28 +version: 1.3.29 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 2904df1b5..88da453fd 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.28 +### Upgrade to 1.3.29 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.28/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.29/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 2904df1b5..88da453fd 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.28 +### Upgrade to 1.3.29 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.28/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.29/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index b20164ada..c01bd1b68 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.3.320 + tag: v1.3.335 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/trilio/k8s-triliovault-operator/Chart.yaml b/charts/trilio/k8s-triliovault-operator/Chart.yaml index f6f55f4de..0b09d0dfb 100644 --- a/charts/trilio/k8s-triliovault-operator/Chart.yaml +++ b/charts/trilio/k8s-triliovault-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19.0-0' catalog.cattle.io/release-name: k8s-triliovault-operator apiVersion: v2 -appVersion: 3.1.1 +appVersion: 3.1.2 dependencies: - condition: observability.enabled name: observability @@ -21,4 +21,4 @@ maintainers: name: k8s-triliovault-operator sources: - https://github.com/trilioData/k8s-triliovault-operator -version: 3.1.1 +version: 3.1.2 diff --git a/charts/trilio/k8s-triliovault-operator/templates/NOTES.txt b/charts/trilio/k8s-triliovault-operator/templates/NOTES.txt index 12b2a8c9c..1af1d0303 100644 --- a/charts/trilio/k8s-triliovault-operator/templates/NOTES.txt +++ b/charts/trilio/k8s-triliovault-operator/templates/NOTES.txt @@ -56,4 +56,4 @@ Once all the pods are in running state, you can access the TVK UI from your brow For more details on how to access the TVK UI, follow this guide: https://docs.trilio.io/kubernetes/management-console-ui/accessing-the-ui You can start backup and restore of your application using TVK. For more details on how to do that, please follow our -getting started guide: https://docs.trilio.io/kubernetes/getting-started-3/getting-started-with-management-console +getting started guide: https://docs.trilio.io/kubernetes/advanced-configuration/management-console diff --git a/charts/trilio/k8s-triliovault-operator/values.yaml b/charts/trilio/k8s-triliovault-operator/values.yaml index 8ea205a7a..c7812609f 100644 --- a/charts/trilio/k8s-triliovault-operator/values.yaml +++ b/charts/trilio/k8s-triliovault-operator/values.yaml @@ -4,7 +4,7 @@ operator-webhook-init: repository: operator-webhook-init k8s-triliovault-operator: repository: k8s-triliovault-operator -tag: "3.1.1" +tag: "3.1.2" # create image pull secrets and specify the name here. imagePullSecret: "" priorityClassName: "" @@ -174,8 +174,8 @@ podLabels: linkerd.io/inject: disabled relatedImages: tags: - tvk: "3.1.1" - event: "3.1.1" + tvk: "3.1.2" + event: "3.1.2" control-plane: image: "control-plane" metamover: diff --git a/index.yaml b/index.yaml index efeeaf92e..50ac5d132 100644 --- a/index.yaml +++ b/index.yaml @@ -25046,6 +25046,34 @@ entries: - assets/jenkins/jenkins-4.2.9.tgz version: 4.2.9 k8s-triliovault-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: k8s-triliovault-operator + apiVersion: v2 + appVersion: 3.1.2 + created: "2023-09-01T15:03:24.560392195Z" + dependencies: + - condition: observability.enabled + name: observability + repository: file://./charts/observability + version: ^0.1.0 + description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. + digest: 712d5508b98bcf391b45099ea68fe8823adfbca55e1450586c66778b7bcf9a82 + home: https://github.com/trilioData/k8s-triliovault-operator + icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png + kubeVersion: '>=1.19.0-0' + maintainers: + - email: prafull.ladha@trilio.io + name: prafull11 + name: k8s-triliovault-operator + sources: + - https://github.com/trilioData/k8s-triliovault-operator + urls: + - assets/trilio/k8s-triliovault-operator-3.1.2.tgz + version: 3.1.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator @@ -26683,6 +26711,58 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + images: | + - name: jmx-exporter + image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r57 + - name: kafka-exporter + image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r93 + - name: kafka + image: docker.io/bitnami/kafka:3.5.1-debian-11-r35 + - name: kubectl + image: docker.io/bitnami/kubectl:1.25.13-debian-11-r5 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r51 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.1 + created: "2023-09-01T15:03:16.825486077Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: b4aa6f0626e742d2165b0fbb347a0f25c6d5116b7dfd46cbb98545be6be3759b + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/kafka + urls: + - assets/bitnami/kafka-25.1.5.tgz + version: 25.1.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -29165,6 +29245,33 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.3" + created: "2023-09-01T15:03:22.032680464Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: de6bbed8ac0dfb2bd3d25612417db8e3c4ea24b6fe036e029a992adeecd4959c + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.26.5.tgz + version: 2.26.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -43689,6 +43796,50 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.2.7 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.2.7 + created: "2023-09-01T15:03:23.741247578Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: file://./charts/connectors + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 61dcd3ac0abe8dd9ab74e3bd57a84ac317bfd29fe27709b8850f60fa2194ec82 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.3.0.tgz + version: 5.3.0 - annotations: artifacthub.io/images: | - name: redpanda @@ -46455,6 +46606,48 @@ entries: - assets/redpanda/redpanda-2.1.7.tgz version: 2.1.7 s3gw: + - annotations: + app.aquarist-labs.io/name: s3gw + artifacthub.io/category: storage + artifacthub.io/links: | + - name: homepage + url: https://s3gw.io/ + - name: support + url: https://github.com/aquarist-labs/s3gw/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: S3 Gateway + catalog.cattle.io/experimental: "true" + catalog.cattle.io/kube-version: '>=1.14' + catalog.cattle.io/namespace: s3gw + catalog.cattle.io/release-name: s3gw + apiVersion: v2 + appVersion: latest + created: "2023-09-01T15:03:14.160391249Z" + description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s + Kubernetes. ' + digest: a160a0c536d48ee0cd0eb81afc5c374958d3e85b87f40c019f060e2be7f43048 + home: https://github.com/aquarist-labs/s3gw + icon: https://s3gw.io/img/logo-xl.png + keywords: + - storage + - s3 + kubeVersion: '>=1.14' + maintainers: + - email: s3gw@suse.com + name: s3gw maintainers + url: https://github.com/orgs/aquarist-labs/projects/5 + name: s3gw + sources: + - https://github.com/aquarist-labs/s3gw-charts + - https://github.com/aquarist-labs/s3gw + - https://github.com/aquarist-labs/ceph + - https://github.com/aquarist-labs/s3gw-ui + - https://github.com/aquarist-labs/s3gw-cosi-driver + - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar + type: application + urls: + - assets/aquarist-labs/s3gw-0.20.0.tgz + version: 0.20.0 - annotations: app.aquarist-labs.io/name: s3gw artifacthub.io/category: storage @@ -48318,6 +48511,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.3.335 + created: "2023-09-01T15:03:23.838581351Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: e8b2a8598ca6040fc58ce49429404a9b1c449f3f04cf14a0464f0d002fd06d02 + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.3.29.tgz + version: 1.3.29 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -54753,6 +54977,60 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r32 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r54 + - name: wordpress + image: docker.io/bitnami/wordpress:6.3.1-debian-11-r2 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.3.1 + created: "2023-09-01T15:03:18.6233484Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 13.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 67809561f34f3fa58fd45d6c0bb791d6c3a92bc590ee1d9c7c6e84ab6fa53731 + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-17.1.6.tgz + version: 17.1.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress