Merge pull request #873 from nflondo/main-source

Charts CI
2023-09-01 09:14:47 -06:00 · 2023-09-01 09:14:47 -06:00 · e97c3f1212
parent dc731a8a3b d067833ee4
commit e97c3f1212
37 changed files with 842 additions and 505 deletions
--- a/assets/aquarist-labs/s3gw-0.20.0.tgz
+++ b/assets/aquarist-labs/s3gw-0.20.0.tgz
--- a/assets/bitnami/kafka-25.1.5.tgz
+++ b/assets/bitnami/kafka-25.1.5.tgz
--- a/assets/bitnami/wordpress-17.1.6.tgz
+++ b/assets/bitnami/wordpress-17.1.6.tgz
--- a/assets/kong/kong-2.26.5.tgz
+++ b/assets/kong/kong-2.26.5.tgz
--- a/assets/redpanda/redpanda-5.3.0.tgz
+++ b/assets/redpanda/redpanda-5.3.0.tgz
--- a/assets/speedscale/speedscale-operator-1.3.29.tgz
+++ b/assets/speedscale/speedscale-operator-1.3.29.tgz
--- a/assets/trilio/k8s-triliovault-operator-3.1.2.tgz
+++ b/assets/trilio/k8s-triliovault-operator-3.1.2.tgz
--- a/charts/aquarist-labs/s3gw/Chart.yaml
+++ b/charts/aquarist-labs/s3gw/Chart.yaml
@ -35,4 +35,4 @@ sources:
 - https://github.com/aquarist-labs/s3gw-cosi-driver
 - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar
 type: application
-version: 0.19.0
+version: 0.20.0
--- a/charts/bitnami/kafka/Chart.yaml
+++ b/charts/bitnami/kafka/Chart.yaml
@ -45,4 +45,4 @@ maintainers:
 name: kafka
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kafka
-version: 25.1.4
+version: 25.1.5
--- a/charts/bitnami/kafka/templates/scripts-configmap.yaml
+++ b/charts/bitnami/kafka/templates/scripts-configmap.yaml
@ -187,6 +187,10 @@ data:
          cp "/mounted-certs/kafka.crt" /certs/tls.crt
          # Copy the PEM key ensuring the key used PEM format with PKCS#8
          openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/kafka.key" > /certs/tls.key
        elif [[ -f /mounted-certs/tls.crt && -f /mounted-certs/tls.key ]]; then
          cp "/mounted-certs/tls.crt" /certs/tls.crt
          # Copy the PEM key ensuring the key used PEM format with PKCS#8
          openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/tls.key" > /certs/tls.key
        else
          error "PEM key and cert files not found"
        fi
@ -195,6 +199,8 @@ data:
        # Copy CA certificate
        if [[ -f /mounted-certs/kafka-ca.crt ]]; then
          cp /mounted-certs/kafka-ca.crt /certs/ca.crt
        elif [[ -f /mounted-certs/ca.crt ]]; then
          cp /mounted-certs/ca.crt /certs/ca.crt
        else
          error "CA certificate file not found"
        fi
--- a/charts/bitnami/kafka/values.yaml
+++ b/charts/bitnami/kafka/values.yaml
@ -268,6 +268,7 @@ tls:
  ##        --from-file=kafka-broker-0.crt=./kafka-broker-0.crt --from-file=kafka-broker-0.key=./kafka-broker-0.key ...
  ##
  ## NOTE: Alternatively, a single key and certificate can be provided for all nodes under the keys 'kafka.crt' and 'kafka.key'. These certificates will be used by all nodes unless overridden by the 'kafka-<role>-X.key' and 'kafka-<role>-X.crt' files
  ## NOTE: Alternatively, a single key and certificate can be provided for all nodes under the keys 'tls.crt' and 'tls.key'. These certificates will be used by all nodes unless overridden by the 'kafka-<role>-X.key' and 'kafka-<role>-X.crt' files
  ##
  existingSecret: ""
  ## @param tls.autoGenerated Generate automatically self-signed TLS certificates for Kafka brokers. Currently only supported if `tls.type` is `PEM`
--- a/charts/bitnami/wordpress/Chart.lock
+++ b/charts/bitnami/wordpress/Chart.lock
@ -7,6 +7,6 @@ dependencies:
  version: 13.1.2
 - name: common
  repository: oci://registry-1.docker.io/bitnamicharts
-  version: 2.9.1
+  version: 2.9.2
-digest: sha256:5df6e862af69422cc6e287bf9dd560b3a1e56d3b49b4bc81132b0db10903cd80
+digest: sha256:467adda3c6f9bea1762beb6c252fd4d1a5ba52942ab1b9b48af60ac4e375783d
-generated: "2023-08-30T09:41:25.351778314Z"
+generated: "2023-08-31T19:21:10.315977353Z"
--- a/charts/bitnami/wordpress/Chart.yaml
+++ b/charts/bitnami/wordpress/Chart.yaml
@ -6,11 +6,11 @@ annotations:
  category: CMS
  images: |
    - name: apache-exporter
-      image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r29
+      image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r32
    - name: os-shell
-      image: docker.io/bitnami/os-shell:11-debian-11-r51
+      image: docker.io/bitnami/os-shell:11-debian-11-r54
    - name: wordpress
-      image: docker.io/bitnami/wordpress:6.3.1-debian-11-r0
+      image: docker.io/bitnami/wordpress:6.3.1-debian-11-r2
  licenses: Apache-2.0
 apiVersion: v2
 appVersion: 6.3.1
@ -47,4 +47,4 @@ maintainers:
 name: wordpress
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
-version: 17.1.4
+version: 17.1.6
--- a/charts/bitnami/wordpress/README.md
+++ b/charts/bitnami/wordpress/README.md
@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- |
 | `image.registry`    | WordPress image registry                                                                                  | `docker.io`          |
 | `image.repository`  | WordPress image repository                                                                                | `bitnami/wordpress`  |
-| `image.tag`         | WordPress image tag (immutable tags are recommended)                                                      | `6.3.1-debian-11-r0` |
+| `image.tag`         | WordPress image tag (immutable tags are recommended)                                                      | `6.3.1-debian-11-r2` |
 | `image.digest`      | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                 |
 | `image.pullPolicy`  | WordPress image pull policy                                                                               | `IfNotPresent`       |
 | `image.pullSecrets` | WordPress image pull secrets                                                                              | `[]`                 |
@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `volumePermissions.enabled`                            | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`                    | `false`            |
 | `volumePermissions.image.registry`                     | OS Shell + Utility image registry                                                                                  | `docker.io`        |
 | `volumePermissions.image.repository`                   | OS Shell + Utility image repository                                                                                | `bitnami/os-shell` |
-| `volumePermissions.image.tag`                          | OS Shell + Utility image tag (immutable tags are recommended)                                                      | `11-debian-11-r51` |
+| `volumePermissions.image.tag`                          | OS Shell + Utility image tag (immutable tags are recommended)                                                      | `11-debian-11-r54` |
 | `volumePermissions.image.digest`                       | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`               |
 | `volumePermissions.image.pullPolicy`                   | OS Shell + Utility image pull policy                                                                               | `IfNotPresent`     |
 | `volumePermissions.image.pullSecrets`                  | OS Shell + Utility image pull secrets                                                                              | `[]`               |
@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `metrics.enabled`                            | Start a sidecar prometheus exporter to expose metrics                                                           | `false`                   |
 | `metrics.image.registry`                     | Apache exporter image registry                                                                                  | `docker.io`               |
 | `metrics.image.repository`                   | Apache exporter image repository                                                                                | `bitnami/apache-exporter` |
-| `metrics.image.tag`                          | Apache exporter image tag (immutable tags are recommended)                                                      | `1.0.1-debian-11-r29`     |
+| `metrics.image.tag`                          | Apache exporter image tag (immutable tags are recommended)                                                      | `1.0.1-debian-11-r32`     |
 | `metrics.image.digest`                       | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""`                      |
 | `metrics.image.pullPolicy`                   | Apache exporter image pull policy                                                                               | `IfNotPresent`            |
 | `metrics.image.pullSecrets`                  | Apache exporter image pull secrets                                                                              | `[]`                      |
--- a/charts/bitnami/wordpress/charts/common/Chart.yaml
+++ b/charts/bitnami/wordpress/charts/common/Chart.yaml
@ -2,7 +2,7 @@ annotations:
  category: Infrastructure
  licenses: Apache-2.0
 apiVersion: v2
-appVersion: 2.9.1
+appVersion: 2.9.2
 description: A Library Helm Chart for grouping common logic between bitnami charts.
  This chart is not deployable by itself.
 home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
 sources:
 - https://github.com/bitnami/charts
 type: library
-version: 2.9.1
+version: 2.9.2
--- a/charts/bitnami/wordpress/charts/common/templates/_tplvalues.tpl
+++ b/charts/bitnami/wordpress/charts/common/templates/_tplvalues.tpl
@ -11,17 +11,14 @@ Usage:
 {{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }}
 */}}
 {{- define "common.tplvalues.render" -}}
-{{- if .scope }}
+{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
-  {{- if typeIs "string" .value }}
+{{- if contains "{{" (toJson .value) }}
-    {{- tpl (cat "{{- with $.RelativeScope -}}" .value  "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+  {{- if .scope }}
      {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
  {{- else }}
-    {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml)  "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+    {{- tpl $value .context }}
  {{- end }}
 {{- else }}
-  {{- if typeIs "string" .value }}
+    {{- $value }}
-    {{- tpl .value .context }}
+{{- end }}
  {{- else }}
    {{- tpl (.value | toYaml) .context }}
  {{- end }}
 {{- end -}}
 {{- end -}}
--- a/charts/bitnami/wordpress/values.yaml
+++ b/charts/bitnami/wordpress/values.yaml
@ -76,7 +76,7 @@ diagnosticMode:
 image:
  registry: docker.io
  repository: bitnami/wordpress
-  tag: 6.3.1-debian-11-r0
+  tag: 6.3.1-debian-11-r2
  digest: ""
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -766,7 +766,7 @@ volumePermissions:
  image:
    registry: docker.io
    repository: bitnami/os-shell
-    tag: 11-debian-11-r51
+    tag: 11-debian-11-r54
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
@ -860,7 +860,7 @@ metrics:
  image:
    registry: docker.io
    repository: bitnami/apache-exporter
-    tag: 1.0.1-debian-11-r29
+    tag: 1.0.1-debian-11-r32
    digest: ""
    pullPolicy: IfNotPresent
    ## Optionally specify an array of imagePullSecrets.
--- a/charts/kong/kong/CHANGELOG.md
+++ b/charts/kong/kong/CHANGELOG.md
@ -4,6 +4,14 @@
 Nothing yet.
 ## 2.26.5
 ### Fixed 
 * Kuma ServiceAccount Token hints and volumes are also available in migrations
  Pods.
  [#877](https://github.com/Kong/charts/pull/877)
 ## 2.26.4
 ### Fixed 
--- a/charts/kong/kong/Chart.yaml
+++ b/charts/kong/kong/Chart.yaml
@ -20,4 +20,4 @@ maintainers:
 name: kong
 sources:
 - https://github.com/Kong/charts/tree/main/charts/kong
-version: 2.26.4
+version: 2.26.5
--- a/charts/kong/kong/templates/_helpers.tpl
+++ b/charts/kong/kong/templates/_helpers.tpl
@ -552,6 +552,41 @@ The name of the service used for the ingress controller's validation webhook
 - name: {{ template "kong.fullname" . }}-tmp
  emptyDir:
    sizeLimit: {{ .Values.deployment.tmpDir.sizeLimit }}
 {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
 - name: {{ template "kong.serviceAccountTokenName" . }}
  {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well.
  See the related documentation of semver module that Helm depends on for semverCompare:
  https://github.com/Masterminds/semver#working-with-prerelease-versions
  Related Helm issue: https://github.com/helm/helm/issues/3810 */}}
  {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
  projected:
    sources:
    - serviceAccountToken:
        expirationSeconds: 3607
        path: token
    - configMap:
        items:
        - key: ca.crt
          path: ca.crt
        name: kube-root-ca.crt
    - downwardAPI:
        items:
        - fieldRef:
            apiVersion: v1
            fieldPath: metadata.namespace
          path: namespace
  {{- else }}
  secret:
    secretName: {{ template "kong.serviceAccountTokenName" . }}
    items:
    - key: token
      path: token
    - key: ca.crt
      path: ca.crt
    - key: namespace
      path: namespace
  {{- end }}
 {{- end }}
 {{- if and ( .Capabilities.APIVersions.Has "cert-manager.io/v1" ) .Values.certificates.enabled -}}
 {{- if .Values.certificates.cluster.enabled }}
 - name: {{ include "kong.fullname" . }}-cluster-cert
--- a/charts/kong/kong/templates/deployment.yaml
+++ b/charts/kong/kong/templates/deployment.yaml
@ -302,39 +302,4 @@ spec:
      volumes:
      {{- include "kong.volumes" . | nindent 8 -}}
      {{- include "kong.userDefinedVolumes" . | nindent 8 -}}
      {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
        - name: {{ template "kong.serviceAccountTokenName" . }}
          {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well.
          See the related documentation of semver module that Helm depends on for semverCompare:
          https://github.com/Masterminds/semver#working-with-prerelease-versions
          Related Helm issue: https://github.com/helm/helm/issues/3810 */}}
          {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }}
          projected:
            sources:
            - serviceAccountToken:
                expirationSeconds: 3607
                path: token
            - configMap:
                items:
                - key: ca.crt
                  path: ca.crt
                name: kube-root-ca.crt
            - downwardAPI:
                items:
                - fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
                  path: namespace
          {{- else }}
          secret:
            secretName: {{ template "kong.serviceAccountTokenName" . }}
            items:
            - key: token
              path: token
            - key: ca.crt
              path: ca.crt
            - key: namespace
              path: namespace
          {{- end }}
      {{- end }}
 {{- end }}
--- a/charts/kong/kong/templates/migrations-post-upgrade.yaml
+++ b/charts/kong/kong/templates/migrations-post-upgrade.yaml
@ -29,6 +29,9 @@ spec:
      {{- range $key, $value := .Values.migrations.annotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
        kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }}
      {{- end }}
      {{- end }}
    spec:
      {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
--- a/charts/kong/kong/templates/migrations-pre-upgrade.yaml
+++ b/charts/kong/kong/templates/migrations-pre-upgrade.yaml
@ -31,6 +31,9 @@ spec:
      {{- range $key, $value := .Values.migrations.annotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
        kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }}
      {{- end }}
      {{- end }}
    spec:
      {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
--- a/charts/kong/kong/templates/migrations.yaml
+++ b/charts/kong/kong/templates/migrations.yaml
@ -39,6 +39,9 @@ spec:
      {{- range $key, $value := .Values.migrations.annotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
        kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }}
      {{- end }}
      {{- end }}
    spec:
      {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
--- a/charts/redpanda/redpanda/Chart.lock
+++ b/charts/redpanda/redpanda/Chart.lock
@ -6,4 +6,4 @@ dependencies:
  repository: https://charts.redpanda.com
  version: 0.1.5
 digest: sha256:dd7afd55f6eb7e9b3a91b0e5eeda47138e23c255b32d277ad4cb3a7ad3ec1b1f
-generated: "2023-08-29T23:24:16.635099387Z"
+generated: "2023-08-31T03:08:33.366208928Z"
--- a/charts/redpanda/redpanda/Chart.yaml
+++ b/charts/redpanda/redpanda/Chart.yaml
@ -37,4 +37,4 @@ name: redpanda
 sources:
 - https://github.com/redpanda-data/helm-charts
 type: application
-version: 5.2.0
+version: 5.3.0
--- a/charts/redpanda/redpanda/templates/_configmap.tpl
+++ b/charts/redpanda/redpanda/templates/_configmap.tpl
@ -0,0 +1,463 @@
 {{/*
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 {{- define "configmap-content-no-seed" -}}
 {{- /*
  configmap content without seed list.
 */ -}}
 {{- $root := . }}
 {{- $values := .Values }}
 {{- /*
  It's impossible to do a rolling upgrade from not-tls-enabled rpc to tls-enabled rpc.
 */ -}}
 {{- $check := list
    (include "redpanda-atleast-23-1-2" .|fromJson).bool
    (include "redpanda-22-3-atleast-22-3-13" .|fromJson).bool
    (include "redpanda-22-2-atleast-22-2-10" .|fromJson).bool
 -}}
 {{- $wantedRPCTLS := (include "rpc-tls-enabled" . | fromJson).bool -}}
 {{- if and (not (mustHas true $check)) $wantedRPCTLS -}}
  {{- fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (include "redpanda.semver" .)) -}}
 {{- end -}}
 {{- $cm := lookup "v1" "ConfigMap" .Release.Namespace (include "redpanda.fullname" .) -}}
 {{- $redpandaYAML := dig "data" "redpanda.yaml" "" $cm | fromYaml -}}
 {{- $currentRPCTLS := dig "redpanda" "rpc_server_tls" "enabled" false $redpandaYAML -}}
 {{- /* Lookup will return an empty map when running `helm template` or when `--dry-run` is passed. */ -}}
 {{- if (and .Release.IsUpgrade $cm) -}}
  {{- if ne $currentRPCTLS $wantedRPCTLS -}}
    {{- if eq (get .Values "force" | default false) false -}}
      {{- fail (join "\n" (list
          (printf "\n\nError: Cannot do a rolling restart to enable or disable tls at the RPC layer: changing listeners.rpc.tls.enabled (redpanda.yaml:repdanda.rpc_server_tls.enabled) from %v to %v" $currentRPCTLS $wantedRPCTLS)
          "***WARNING The following instructions will result in a short period of downtime."
          "To accept this risk, run the upgrade again adding `--force=true` and do the following:\n"
          "While helm is upgrading the release, manually delete ALL the pods:"
          (printf "    kubectl -n %s delete pod -l app.kubernetes.io/component=redpanda-statefulset" .Release.Namespace)
          "\nIf you got here thinking rpc tls was already enabled, see technical service bulletin 2023-01."
          ))
      -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- $users := list -}}
 {{- if (include "sasl-enabled" . | fromJson).bool -}}
  {{- range $user := .Values.auth.sasl.users -}}
    {{- $users = append $users $user.name -}}
  {{- end -}}
 {{- end -}}
  bootstrap.yaml: |
    kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }}
    enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }}
    enable_rack_awareness: {{ .Values.rackAwareness.enabled }}
  {{- if $users }}
    superusers: {{ toJson $users }}
  {{- end }}
  {{- with (dig "cluster" dict .Values.config) }}
      {{- range $key, $element := .}}
        {{- if or (eq (typeOf $element) "bool") $element }}
    {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
  {{- end }}
  {{- include "tunable" . }}
  {{- if and (not (hasKey .Values.config.cluster "storage_min_free_bytes")) ((include "redpanda-atleast-22-2-0" . | fromJson).bool) }}
    storage_min_free_bytes: {{ include "storage-min-free-bytes" . }}
  {{- end }}
 {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }}
  {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }}
  {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_cache_directory" }}
  {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }}
    {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}}
  {{- end }}
  {{- range $key, $element := $tieredStorageConfig}}
    {{- if or (eq (typeOf $element) "bool") $element }}
    {{ $key }}: {{ $element | toYaml }}
    {{- end }}
  {{- end }}
 {{- end }}
  redpanda.yaml: |
    config_file: /etc/redpanda/redpanda.yaml
 {{- if .Values.logging.usageStats.enabled }}
  {{- with (dig "usageStats" "organization" "" .Values.logging) }}
    organization: {{ . }}
  {{- end }}
  {{- with (dig "usageStats" "clusterId" "" .Values.logging) }}
    cluster_id: {{ . }}
  {{- end }}
 {{- end }}
    redpanda:
 {{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }}
      empty_seed_starts_cluster: false
 {{- end }}
      kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }}
      enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }}
  {{- if $users }}
      superusers: {{ toJson $users }}
  {{- end }}
  {{- with (dig "cluster" dict .Values.config) }}
      {{- range $key, $element := . }}
        {{- if or (eq (typeOf $element) "bool") $element }}
      {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
  {{- end }}
  {{- with (dig "tunable" dict .Values.config) }}
      {{- range $key, $element := .}}
        {{- if or (eq (typeOf $element) "bool") $element }}
      {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
  {{- end }}
  {{- if not (hasKey .Values.config.cluster "storage_min_free_bytes") }}
      storage_min_free_bytes: {{ include "storage-min-free-bytes" . }}
  {{- end }}
      {{- with dig "node" dict .Values.config }}
      {{- range $key, $element := .}}
        {{- if or (eq (typeOf $element) "bool") $element }}
      {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
      {{- end }}
 {{- /* LISTENERS */}}
 {{- /* Admin API */}}
 {{- $service := .Values.listeners.admin }}
      admin:
        - name: internal
          address: 0.0.0.0
          port: {{ $service.port }}
 {{- range $name, $listener := $service.external }}
 {{- if and $listener.port $name }}
        - name: {{ $name }}
          address: 0.0.0.0
          port: {{ $listener.port }}
 {{- end }}
 {{- end }}
      admin_api_tls:
 {{- if (include "admin-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key
          require_client_auth: {{ $service.tls.requireClientAuth }}
  {{- $cert := get .Values.tls.certs $service.tls.cert }}
  {{- if empty $cert }}
    {{- fail (printf "Certificate, '%s', used but not defined")}}
  {{- end }}
  {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt
  {{- else }}
        {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
  {{- end }}
 {{- end }}
 {{- range $name, $listener := $service.external }}
  {{- $k := dict "Values" $values "listener" $listener }}
  {{- if (include "admin-external-tls-enabled" $k | fromJson).bool }}
    {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
    {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
    {{- $certName := include "admin-external-tls-cert" $k }}
    {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
    {{- $cert := get $values.tls.certs $certName }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined" $certName)}}
    {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
    {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* Kafka API */}}
 {{- $kafkaService := .Values.listeners.kafka }}
      kafka_api:
        - name: internal
          address: 0.0.0.0
          port: {{ $kafkaService.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $kafkaService.authenticationMethod }}
          authentication_method: {{ default "sasl" $kafkaService.authenticationMethod }}
          {{- end }}
 {{- range $name, $listener := $kafkaService.external }}
        - name: {{ $name }}
          address: 0.0.0.0
          port: {{ $listener.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }}
          authentication_method: {{ default "sasl" $listener.authenticationMethod }}
          {{- end }}
 {{- end }}
      kafka_api_tls:
 {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.key
          require_client_auth: {{ $kafkaService.tls.requireClientAuth }}
  {{- $cert := get .Values.tls.certs $kafkaService.tls.cert }}
  {{- if empty $cert }}
    {{- fail (printf "Certificate, '%s', used but not defined")}}
  {{- end }}
  {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/ca.crt
  {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
  {{- end }}
 {{- end }}
 {{- range $name, $listener := $kafkaService.external }}
  {{- $k := dict "Values" $values "listener" $listener }}
  {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }}
    {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
    {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
    {{- $certName := include "kafka-external-tls-cert" $k }}
    {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
    {{- $cert := get $values.tls.certs $certName }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined" $certName)}}
    {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
    {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* RPC Server */}}
 {{- $service = .Values.listeners.rpc }}
      rpc_server:
        address: 0.0.0.0
        port: {{ $service.port }}
 {{- if (include "rpc-tls-enabled" . | fromJson).bool }}
      rpc_server_tls:
        enabled: true
        cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt
        key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key
        require_client_auth: {{ $service.tls.requireClientAuth }}
  {{- $cert := get .Values.tls.certs $service.tls.cert }}
  {{- if empty $cert }}
    {{- fail (printf "Certificate, '%s', used but not defined")}}
  {{- end }}
  {{- if $cert.caEnabled }}
        truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt
  {{- else }}
        {{- /* This is a required field so we use the default in the redpanda debian container */}}
        truststore_file: /etc/ssl/certs/ca-certificates.crt
  {{- end }}
 {{- end }}
      seed_servers:
 {{- with $root.tempConfigMapServerList -}}
  {{- . | trim | nindent 8 }}
 {{- end -}}
 {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }}
  {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }}
  {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }}
    {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}}
  {{- end }}
  {{- range $key, $element := $tieredStorageConfig}}
    {{- if or (eq (typeOf $element) "bool") $element }}
    {{ $key }}: {{ $element | toYaml }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* Schema Registry API */}}
 {{- if and .Values.listeners.schemaRegistry.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }}
  {{- $schemaRegistryService := .Values.listeners.schemaRegistry }}
    schema_registry:
      schema_registry_api:
        - name: internal
          address: 0.0.0.0
          port: {{ $schemaRegistryService.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $schemaRegistryService.authenticationMethod }}
          authentication_method: {{ default "http_basic" $schemaRegistryService.authenticationMethod }}
          {{- end }}
  {{- range $name, $listener := $schemaRegistryService.external }}
        - name: {{ $name }}
          address: 0.0.0.0
          {{- /*
            when upgrading from an older version that had a missing port, fail if we cannot guess a default
            this should work in all cases as the older versions would have failed with multiple listeners anyway
          */}}
          {{- if and (empty $listener.port) (ne (len $schemaRegistryService.external) 1) }}
            {{- fail "missing required port for schemaRegistry listener $listener.name" }}
          {{- end }}
          port: {{ $listener.port | default 8084 }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }}
          authentication_method: {{ default "http_basic" $listener.authenticationMethod }}
          {{- end }}
  {{- end }}
      schema_registry_api_tls:
  {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.key
          require_client_auth: {{ $schemaRegistryService.tls.requireClientAuth }}
    {{- $cert := get .Values.tls.certs $schemaRegistryService.tls.cert }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined")}}
    {{- end }}
    {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
  {{- range $name, $listener := $schemaRegistryService.external }}
    {{- $k := dict "Values" $values "listener" $listener }}
    {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }}
      {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
      {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
      {{- $certName := include "schemaRegistry-external-tls-cert" $k }}
      {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
      {{- $cert := get $values.tls.certs $certName }}
      {{- if empty $cert }}
        {{- fail (printf "Certificate, '%s', used but not defined")}}
      {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
      {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
      {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
      {{- end }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* HTTP Proxy */}}
 {{- if and .Values.listeners.http.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }}
  {{- $HTTPService := .Values.listeners.http }}
    pandaproxy:
      pandaproxy_api:
        - name: internal
          address: 0.0.0.0
          port: {{ $HTTPService.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $HTTPService.authenticationMethod }}
          authentication_method: {{ default "http_basic" $HTTPService.authenticationMethod }}
          {{- end }}
  {{- range $name, $listener := $HTTPService.external }}
        - name: {{ $name }}
          address: 0.0.0.0
          port: {{ $listener.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }}
          authentication_method: {{ default "http_basic" $listener.authenticationMethod }}
          {{- end }}
  {{- end }}
      pandaproxy_api_tls:
  {{- if (include "http-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.key
          require_client_auth: {{ $HTTPService.tls.requireClientAuth }}
    {{- $cert := get .Values.tls.certs $HTTPService.tls.cert }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined")}}
    {{- end }}
    {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
  {{- range $name, $listener := $HTTPService.external }}
    {{- $k := dict "Values" $values "listener" $listener }}
    {{- if (include "http-external-tls-enabled" $k | fromJson).bool }}
      {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
      {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
      {{- $certName := include "http-external-tls-cert" $k }}
      {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
      {{- $cert := get $values.tls.certs $certName }}
      {{- if empty $cert }}
        {{- fail (printf "Certificate, '%s', used but not defined")}}
      {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
      {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
      {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
      {{- end }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* END LISTENERS */}}
    rpk:
 {{- with (dig "rpk" dict .Values.config) }}
  {{- . | toYaml | nindent 6}}
 {{- end }}
      enable_usage_stats: {{ .Values.logging.usageStats.enabled }}
      overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }}
      enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }}
 {{- if hasKey .Values.tuning "tune_aio_events" }}
      tune_aio_events: {{ .Values.tuning.tune_aio_events }}
 {{- end }}
 {{- if hasKey .Values.tuning "tune_clocksource" }}
      tune_clocksource: {{ .Values.tuning.tune_clocksource }}
 {{- end }}
 {{- if hasKey .Values.tuning "tune_ballast_file" }}
      tune_ballast_file: {{ .Values.tuning.tune_ballast_file }}
 {{- end }}
 {{- if hasKey .Values.tuning "ballast_file_path" }}
      ballast_file_path: {{ .Values.tuning.ballast_file_path }}
 {{- end }}
 {{- if hasKey .Values.tuning "ballast_file_size" }}
      ballast_file_size: {{ .Values.tuning.ballast_file_size }}
 {{- end }}
 {{- if hasKey .Values.tuning "well_known_io" }}
      well_known_io: {{ .Values.tuning.well_known_io }}
 {{- end }}
 {{- end -}}
 {{- define "configmap-server-list" -}}
 {{- $root := . }}
 {{- range (include "seed-server-list" $root | mustFromJson) }}
 - host:
    address: {{ . }}
    port: {{  $root.Values.listeners.rpc.port }}
 {{- end }}
 {{- end -}}
 {{- define "configmap-with-server-list" -}}
 {{- $root := . }}
 {{- $serverList := (include "configmap-server-list" $root ) -}}
 {{- $r := set $root "tempConfigMapServerList" ( $serverList ) }}
 {{ include "configmap-content-no-seed" $r  }}
 {{- end -}}
--- a/charts/redpanda/redpanda/templates/configmap.yaml
+++ b/charts/redpanda/redpanda/templates/configmap.yaml
@ -14,47 +14,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 {{- $root := . }}
 {{- $values := .Values }}
 {{- /*
  It's impossible to do a rolling upgrade from not-tls-enabled rpc to tls-enabled rpc.
 */ -}}
 {{- $check := list
    (include "redpanda-atleast-23-1-2" .|fromJson).bool
    (include "redpanda-22-3-atleast-22-3-13" .|fromJson).bool
    (include "redpanda-22-2-atleast-22-2-10" .|fromJson).bool
 -}}
 {{- $wantedRPCTLS := (include "rpc-tls-enabled" . | fromJson).bool -}}
 {{- if and (not (mustHas true $check)) $wantedRPCTLS -}}
  {{- fail (printf "Redpanda version v%s does not support TLS on the RPC port. Please upgrade. See technical service bulletin 2023-01." (include "redpanda.semver" .)) -}}
 {{- end -}}
 {{- $cm := lookup "v1" "ConfigMap" .Release.Namespace (include "redpanda.fullname" .) -}}
 {{- $redpandaYAML := dig "data" "redpanda.yaml" "" $cm | fromYaml -}}
 {{- $currentRPCTLS := dig "redpanda" "rpc_server_tls" "enabled" false $redpandaYAML -}}
 {{- /* Lookup will return an empty map when running `helm template` or when `--dry-run` is passed. */ -}}
 {{- if (and .Release.IsUpgrade $cm) -}}
  {{- if ne $currentRPCTLS $wantedRPCTLS -}}
    {{- if eq (get .Values "force" | default false) false -}}
      {{- fail (join "\n" (list
          (printf "\n\nError: Cannot do a rolling restart to enable or disable tls at the RPC layer: changing listeners.rpc.tls.enabled (redpanda.yaml:repdanda.rpc_server_tls.enabled) from %v to %v" $currentRPCTLS $wantedRPCTLS)
          "***WARNING The following instructions will result in a short period of downtime."
          "To accept this risk, run the upgrade again adding `--force=true` and do the following:\n"
          "While helm is upgrading the release, manually delete ALL the pods:"
          (printf "    kubectl -n %s delete pod -l app.kubernetes.io/component=redpanda-statefulset" .Release.Namespace)
          "\nIf you got here thinking rpc tls was already enabled, see technical service bulletin 2023-01."
          ))
      -}}
    {{- end -}}
  {{- end -}}
 {{- end -}}
 {{- $users := list -}}
 {{- if (include "sasl-enabled" . | fromJson).bool -}}
  {{- range $user := .Values.auth.sasl.users -}}
    {{- $users = append $users $user.name -}}
  {{- end -}}
 {{- end -}}
 ---
 apiVersion: v1
 kind: ConfigMap
@ -66,388 +25,4 @@ metadata:
  {{- . | nindent 4 }}
 {{- end }}
 data:
-  bootstrap.yaml: |
+  {{ include "configmap-with-server-list" . | trim }}
    kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }}
    enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }}
    enable_rack_awareness: {{ .Values.rackAwareness.enabled }}
  {{- if $users }}
    superusers: {{ toJson $users }}
  {{- end }}
  {{- with (dig "cluster" dict .Values.config) }}
      {{- range $key, $element := .}}
        {{- if or (eq (typeOf $element) "bool") $element }}
    {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
  {{- end }}
  {{- include "tunable" . }}
  {{- if and (not (hasKey .Values.config.cluster "storage_min_free_bytes")) ((include "redpanda-atleast-22-2-0" . | fromJson).bool) }}
    storage_min_free_bytes: {{ include "storage-min-free-bytes" . }}
  {{- end }}
 {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }}
  {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }}
  {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_cache_directory" }}
  {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }}
    {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}}
  {{- end }}
  {{- range $key, $element := $tieredStorageConfig}}
    {{- if or (eq (typeOf $element) "bool") $element }}
    {{ $key }}: {{ $element | toYaml }}
    {{- end }}
  {{- end }}
 {{- end }}
  redpanda.yaml: |
    config_file: /etc/redpanda/redpanda.yaml
 {{- if .Values.logging.usageStats.enabled }}
  {{- with (dig "usageStats" "organization" "" .Values.logging) }}
    organization: {{ . }}
  {{- end }}
  {{- with (dig "usageStats" "clusterId" "" .Values.logging) }}
    cluster_id: {{ . }}
  {{- end }}
 {{- end }}
    redpanda:
 {{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }}
      empty_seed_starts_cluster: false
 {{- end }}
      kafka_enable_authorization: {{ (include "sasl-enabled" . | fromJson).bool }}
      enable_sasl: {{ (include "sasl-enabled" . | fromJson).bool }}
  {{- if $users }}
      superusers: {{ toJson $users }}
  {{- end }}
  {{- with (dig "cluster" dict .Values.config) }}
      {{- range $key, $element := . }}
        {{- if or (eq (typeOf $element) "bool") $element }}
      {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
  {{- end }}
  {{- with (dig "tunable" dict .Values.config) }}
      {{- range $key, $element := .}}
        {{- if or (eq (typeOf $element) "bool") $element }}
      {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
  {{- end }}
  {{- if not (hasKey .Values.config.cluster "storage_min_free_bytes") }}
      storage_min_free_bytes: {{ include "storage-min-free-bytes" . }}
  {{- end }}
      {{- with dig "node" dict .Values.config }}
      {{- range $key, $element := .}}
        {{- if or (eq (typeOf $element) "bool") $element }}
      {{ $key }}: {{ $element | toYaml }}
        {{- end }}
      {{- end }}
      {{- end }}
 {{- /* LISTENERS */}}
 {{- /* Admin API */}}
 {{- $service := .Values.listeners.admin }}
      admin:
        - name: internal
          address: 0.0.0.0
          port: {{ $service.port }}
 {{- range $name, $listener := $service.external }}
 {{- if and $listener.port $name }}
        - name: {{ $name }}
          address: 0.0.0.0
          port: {{ $listener.port }}
 {{- end }}
 {{- end }}
      admin_api_tls:
 {{- if (include "admin-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key
          require_client_auth: {{ $service.tls.requireClientAuth }}
  {{- $cert := get .Values.tls.certs $service.tls.cert }}
  {{- if empty $cert }}
    {{- fail (printf "Certificate, '%s', used but not defined")}}
  {{- end }}
  {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt
  {{- else }}
        {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
  {{- end }}
 {{- end }}
 {{- range $name, $listener := $service.external }}
  {{- $k := dict "Values" $values "listener" $listener }}
  {{- if (include "admin-external-tls-enabled" $k | fromJson).bool }}
    {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
    {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
    {{- $certName := include "admin-external-tls-cert" $k }}
    {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
    {{- $cert := get $values.tls.certs $certName }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined" $certName)}}
    {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
    {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* Kafka API */}}
 {{- $kafkaService := .Values.listeners.kafka }}
      kafka_api:
        - name: internal
          address: 0.0.0.0
          port: {{ $kafkaService.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $kafkaService.authenticationMethod }}
          authentication_method: {{ default "sasl" $kafkaService.authenticationMethod }}
          {{- end }}
 {{- range $name, $listener := $kafkaService.external }}
        - name: {{ $name }}
          address: 0.0.0.0
          port: {{ $listener.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }}
          authentication_method: {{ default "sasl" $listener.authenticationMethod }}
          {{- end }}
 {{- end }}
      kafka_api_tls:
 {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/tls.key
          require_client_auth: {{ $kafkaService.tls.requireClientAuth }}
  {{- $cert := get .Values.tls.certs $kafkaService.tls.cert }}
  {{- if empty $cert }}
    {{- fail (printf "Certificate, '%s', used but not defined")}}
  {{- end }}
  {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $kafkaService.tls.cert }}/ca.crt
  {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
  {{- end }}
 {{- end }}
 {{- range $name, $listener := $kafkaService.external }}
  {{- $k := dict "Values" $values "listener" $listener }}
  {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }}
    {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
    {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
    {{- $certName := include "kafka-external-tls-cert" $k }}
    {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
    {{- $cert := get $values.tls.certs $certName }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined" $certName)}}
    {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
    {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* RPC Server */}}
 {{- $service = .Values.listeners.rpc }}
      rpc_server:
        address: 0.0.0.0
        port: {{ $service.port }}
 {{- if (include "rpc-tls-enabled" . | fromJson).bool }}
      rpc_server_tls:
        enabled: true
        cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt
        key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key
        require_client_auth: {{ $service.tls.requireClientAuth }}
  {{- $cert := get .Values.tls.certs $service.tls.cert }}
  {{- if empty $cert }}
    {{- fail (printf "Certificate, '%s', used but not defined")}}
  {{- end }}
  {{- if $cert.caEnabled }}
        truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt
  {{- else }}
        {{- /* This is a required field so we use the default in the redpanda debian container */}}
        truststore_file: /etc/ssl/certs/ca-certificates.crt
  {{- end }}
 {{- end }}
      seed_servers:
 {{- range (include "seed-server-list" . | mustFromJson) }}
        - host:
            address: {{ . }}
            port: {{ $values.listeners.rpc.port }}
 {{- end }}
 {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }}
  {{- $tieredStorageConfig := deepCopy .Values.storage.tieredConfig }}
  {{- if not (include "redpanda-atleast-22-3-0" . | fromJson).bool }}
    {{- $tieredStorageConfig = unset $tieredStorageConfig "cloud_storage_credentials_source"}}
  {{- end }}
  {{- range $key, $element := $tieredStorageConfig}}
    {{- if or (eq (typeOf $element) "bool") $element }}
    {{ $key }}: {{ $element | toYaml }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* Schema Registry API */}}
 {{- if and .Values.listeners.schemaRegistry.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }}
  {{- $schemaRegistryService := .Values.listeners.schemaRegistry }}
    schema_registry:
      schema_registry_api:
        - name: internal
          address: 0.0.0.0
          port: {{ $schemaRegistryService.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $schemaRegistryService.authenticationMethod }}
          authentication_method: {{ default "http_basic" $schemaRegistryService.authenticationMethod }}
          {{- end }}
  {{- range $name, $listener := $schemaRegistryService.external }}
        - name: {{ $name }}
          address: 0.0.0.0
          {{- /*
            when upgrading from an older version that had a missing port, fail if we cannot guess a default
            this should work in all cases as the older versions would have failed with multiple listeners anyway
          */}}
          {{- if and (empty $listener.port) (ne (len $schemaRegistryService.external) 1) }}
            {{- fail "missing required port for schemaRegistry listener $listener.name" }}
          {{- end }}
          port: {{ $listener.port | default 8084 }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }}
          authentication_method: {{ default "http_basic" $listener.authenticationMethod }}
          {{- end }}
  {{- end }}
      schema_registry_api_tls:
  {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/tls.key
          require_client_auth: {{ $schemaRegistryService.tls.requireClientAuth }}
    {{- $cert := get .Values.tls.certs $schemaRegistryService.tls.cert }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined")}}
    {{- end }}
    {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $schemaRegistryService.tls.cert }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
  {{- range $name, $listener := $schemaRegistryService.external }}
    {{- $k := dict "Values" $values "listener" $listener }}
    {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }}
      {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
      {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
      {{- $certName := include "schemaRegistry-external-tls-cert" $k }}
      {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
      {{- $cert := get $values.tls.certs $certName }}
      {{- if empty $cert }}
        {{- fail (printf "Certificate, '%s', used but not defined")}}
      {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
      {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
      {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
      {{- end }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* HTTP Proxy */}}
 {{- if and .Values.listeners.http.enabled (include "redpanda-22-2-x-without-sasl" $root | fromJson).bool }}
  {{- $HTTPService := .Values.listeners.http }}
    pandaproxy:
      pandaproxy_api:
        - name: internal
          address: 0.0.0.0
          port: {{ $HTTPService.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $HTTPService.authenticationMethod }}
          authentication_method: {{ default "http_basic" $HTTPService.authenticationMethod }}
          {{- end }}
  {{- range $name, $listener := $HTTPService.external }}
        - name: {{ $name }}
          address: 0.0.0.0
          port: {{ $listener.port }}
          {{- if or (include "sasl-enabled" $root | fromJson).bool $listener.authenticationMethod }}
          authentication_method: {{ default "http_basic" $listener.authenticationMethod }}
          {{- end }}
  {{- end }}
      pandaproxy_api_tls:
  {{- if (include "http-internal-tls-enabled" . | fromJson).bool }}
        - name: internal
          enabled: true
          cert_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.crt
          key_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/tls.key
          require_client_auth: {{ $HTTPService.tls.requireClientAuth }}
    {{- $cert := get .Values.tls.certs $HTTPService.tls.cert }}
    {{- if empty $cert }}
      {{- fail (printf "Certificate, '%s', used but not defined")}}
    {{- end }}
    {{- if $cert.caEnabled }}
          truststore_file: /etc/tls/certs/{{ $HTTPService.tls.cert }}/ca.crt
    {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
    {{- end }}
  {{- end }}
  {{- range $name, $listener := $HTTPService.external }}
    {{- $k := dict "Values" $values "listener" $listener }}
    {{- if (include "http-external-tls-enabled" $k | fromJson).bool }}
      {{- $mtls := dig "tls" "requireClientAuth" false $listener }}
      {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }}
      {{- $certName := include "http-external-tls-cert" $k }}
      {{- $certPath := printf "/etc/tls/certs/%s" $certName }}
      {{- $cert := get $values.tls.certs $certName }}
      {{- if empty $cert }}
        {{- fail (printf "Certificate, '%s', used but not defined")}}
      {{- end }}
        - name: {{ $name }}
          enabled: true
          cert_file: {{ $certPath }}/tls.crt
          key_file: {{ $certPath }}/tls.key
          require_client_auth: {{ $mtls }}
      {{- if $cert.caEnabled }}
          truststore_file: {{ $certPath }}/ca.crt
      {{- else }}
          {{- /* This is a required field so we use the default in the redpanda debian container */}}
          truststore_file: /etc/ssl/certs/ca-certificates.crt
      {{- end }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- /* END LISTENERS */}}
    rpk:
 {{- with (dig "rpk" dict .Values.config) }}
  {{- . | toYaml | nindent 6}}
 {{- end }}
      enable_usage_stats: {{ .Values.logging.usageStats.enabled }}
      overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }}
      enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }}
 {{- if hasKey .Values.tuning "tune_aio_events" }}
      tune_aio_events: {{ .Values.tuning.tune_aio_events }}
 {{- end }}
 {{- if hasKey .Values.tuning "tune_clocksource" }}
      tune_clocksource: {{ .Values.tuning.tune_clocksource }}
 {{- end }}
 {{- if hasKey .Values.tuning "tune_ballast_file" }}
      tune_ballast_file: {{ .Values.tuning.tune_ballast_file }}
 {{- end }}
 {{- if hasKey .Values.tuning "ballast_file_path" }}
      ballast_file_path: {{ .Values.tuning.ballast_file_path }}
 {{- end }}
 {{- if hasKey .Values.tuning "ballast_file_size" }}
      ballast_file_size: {{ .Values.tuning.ballast_file_size }}
 {{- end }}
 {{- if hasKey .Values.tuning "well_known_io" }}
      well_known_io: {{ .Values.tuning.well_known_io }}
 {{- end }}
--- a/charts/redpanda/redpanda/templates/statefulset.yaml
+++ b/charts/redpanda/redpanda/templates/statefulset.yaml
@ -57,7 +57,7 @@ spec:
      labels: {{ (include "statefulset-pod-labels" .) | nindent 8 }}
        redpanda.com/poddisruptionbudget: {{ template "redpanda.name" . }}
      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/config: {{ include "configmap-content-no-seed" . | sha256sum }}
 {{- with $.Values.statefulset.annotations }}
        {{- toYaml . | nindent 8 }}
 {{- end }}
--- a/charts/speedscale/speedscale-operator/Chart.yaml
+++ b/charts/speedscale/speedscale-operator/Chart.yaml
@ -4,7 +4,7 @@ annotations:
  catalog.cattle.io/kube-version: '>= 1.17.0-0'
  catalog.cattle.io/release-name: speedscale-operator
 apiVersion: v1
-appVersion: 1.3.320
+appVersion: 1.3.335
 description: Stress test your APIs with real world scenarios.  Collect and replay
  traffic without scripting.
 home: https://speedscale.com
@ -24,4 +24,4 @@ maintainers:
 - email: support@speedscale.com
  name: Speedscale Support
 name: speedscale-operator
-version: 1.3.28
+version: 1.3.29
--- a/charts/speedscale/speedscale-operator/README.md
+++ b/charts/speedscale/speedscale-operator/README.md
@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 incompatible breaking change needing manual actions.
-### Upgrade to 1.3.28
+### Upgrade to 1.3.29
 ```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.28/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.29/templates/crds/trafficreplays.yaml
 ```
 ### Upgrade to 1.1.0
--- a/charts/speedscale/speedscale-operator/app-readme.md
+++ b/charts/speedscale/speedscale-operator/app-readme.md
@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 incompatible breaking change needing manual actions.
-### Upgrade to 1.3.28
+### Upgrade to 1.3.29
 ```bash
-kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.28/templates/crds/trafficreplays.yaml
+kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.29/templates/crds/trafficreplays.yaml
 ```
 ### Upgrade to 1.1.0
--- a/charts/speedscale/speedscale-operator/values.yaml
+++ b/charts/speedscale/speedscale-operator/values.yaml
@ -20,7 +20,7 @@ clusterName: "my-cluster"
 # Speedscale components image settings.
 image:
  registry: gcr.io/speedscale
-  tag: v1.3.320
+  tag: v1.3.335
  pullPolicy: Always
 # Log level for Speedscale components.
--- a/charts/trilio/k8s-triliovault-operator/Chart.yaml
+++ b/charts/trilio/k8s-triliovault-operator/Chart.yaml
@ -4,7 +4,7 @@ annotations:
  catalog.cattle.io/kube-version: '>=1.19.0-0'
  catalog.cattle.io/release-name: k8s-triliovault-operator
 apiVersion: v2
-appVersion: 3.1.1
+appVersion: 3.1.2
 dependencies:
 - condition: observability.enabled
  name: observability
@ -21,4 +21,4 @@ maintainers:
 name: k8s-triliovault-operator
 sources:
 - https://github.com/trilioData/k8s-triliovault-operator
-version: 3.1.1
+version: 3.1.2
--- a/charts/trilio/k8s-triliovault-operator/templates/NOTES.txt
+++ b/charts/trilio/k8s-triliovault-operator/templates/NOTES.txt
@ -56,4 +56,4 @@ Once all the pods are in running state, you can access the TVK UI from your brow
 For more details on how to access the TVK UI, follow this guide: https://docs.trilio.io/kubernetes/management-console-ui/accessing-the-ui
 You can start backup and restore of your application using TVK. For more details on how to do that, please follow our
-getting started guide: https://docs.trilio.io/kubernetes/getting-started-3/getting-started-with-management-console
+getting started guide: https://docs.trilio.io/kubernetes/advanced-configuration/management-console
--- a/charts/trilio/k8s-triliovault-operator/values.yaml
+++ b/charts/trilio/k8s-triliovault-operator/values.yaml
@ -4,7 +4,7 @@ operator-webhook-init:
  repository: operator-webhook-init
 k8s-triliovault-operator:
  repository: k8s-triliovault-operator
-tag: "3.1.1"
+tag: "3.1.2"
 # create image pull secrets and specify the name here.
 imagePullSecret: ""
 priorityClassName: ""
@ -174,8 +174,8 @@ podLabels:
  linkerd.io/inject: disabled
 relatedImages:
  tags:
-    tvk: "3.1.1"
+    tvk: "3.1.2"
-    event: "3.1.1"
+    event: "3.1.2"
  control-plane:
    image: "control-plane"
  metamover:
--- a/index.yaml
+++ b/index.yaml
@ -25046,6 +25046,34 @@ entries:
    - assets/jenkins/jenkins-4.2.9.tgz
    version: 4.2.9
  k8s-triliovault-operator:
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
      catalog.cattle.io/kube-version: '>=1.19.0-0'
      catalog.cattle.io/release-name: k8s-triliovault-operator
    apiVersion: v2
    appVersion: 3.1.2
    created: "2023-09-01T15:03:24.560392195Z"
    dependencies:
    - condition: observability.enabled
      name: observability
      repository: file://./charts/observability
      version: ^0.1.0
    description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
      Application Lifecycle.
    digest: 712d5508b98bcf391b45099ea68fe8823adfbca55e1450586c66778b7bcf9a82
    home: https://github.com/trilioData/k8s-triliovault-operator
    icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
    kubeVersion: '>=1.19.0-0'
    maintainers:
    - email: prafull.ladha@trilio.io
      name: prafull11
    name: k8s-triliovault-operator
    sources:
    - https://github.com/trilioData/k8s-triliovault-operator
    urls:
    - assets/trilio/k8s-triliovault-operator-3.1.2.tgz
    version: 3.1.2
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
@ -26683,6 +26711,58 @@ entries:
    - assets/kasten/k10-4.5.900.tgz
    version: 4.5.900
  kafka:
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Apache Kafka
      catalog.cattle.io/kube-version: '>=1.19-0'
      catalog.cattle.io/release-name: kafka
      category: Infrastructure
      images: |
        - name: jmx-exporter
          image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r57
        - name: kafka-exporter
          image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r93
        - name: kafka
          image: docker.io/bitnami/kafka:3.5.1-debian-11-r35
        - name: kubectl
          image: docker.io/bitnami/kubectl:1.25.13-debian-11-r5
        - name: os-shell
          image: docker.io/bitnami/os-shell:11-debian-11-r51
      licenses: Apache-2.0
    apiVersion: v2
    appVersion: 3.5.1
    created: "2023-09-01T15:03:16.825486077Z"
    dependencies:
    - condition: zookeeper.enabled
      name: zookeeper
      repository: file://./charts/zookeeper
      version: 12.x.x
    - name: common
      repository: file://./charts/common
      tags:
      - bitnami-common
      version: 2.x.x
    description: Apache Kafka is a distributed streaming platform designed to build
      real-time pipelines and can be used as a message broker or as a replacement
      for a log aggregation solution for big data applications.
    digest: b4aa6f0626e742d2165b0fbb347a0f25c6d5116b7dfd46cbb98545be6be3759b
    home: https://bitnami.com
    icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg
    keywords:
    - kafka
    - zookeeper
    - streaming
    - producer
    - consumer
    maintainers:
    - name: VMware, Inc.
      url: https://github.com/bitnami/charts
    name: kafka
    sources:
    - https://github.com/bitnami/charts/tree/main/bitnami/kafka
    urls:
    - assets/bitnami/kafka-25.1.5.tgz
    version: 25.1.5
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Apache Kafka
@ -29165,6 +29245,33 @@ entries:
    - assets/elastic/kibana-7.17.3.tgz
    version: 7.17.3
  kong:
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Kong Gateway
      catalog.cattle.io/release-name: kong
    apiVersion: v2
    appVersion: "3.3"
    created: "2023-09-01T15:03:22.032680464Z"
    dependencies:
    - condition: postgresql.enabled
      name: postgresql
      repository: file://./charts/postgresql
      version: 11.9.13
    description: The Cloud-Native Ingress and API-management
    digest: de6bbed8ac0dfb2bd3d25612417db8e3c4ea24b6fe036e029a992adeecd4959c
    home: https://konghq.com/
    icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png
    maintainers:
    - email: harry@konghq.com
      name: hbagdi
    - email: traines@konghq.com
      name: rainest
    name: kong
    sources:
    - https://github.com/Kong/charts/tree/main/charts/kong
    urls:
    - assets/kong/kong-2.26.5.tgz
    version: 2.26.5
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Kong Gateway
@ -43689,6 +43796,50 @@ entries:
    - assets/bitnami/redis-17.3.7.tgz
    version: 17.3.7
  redpanda:
  - annotations:
      artifacthub.io/images: |
        - name: redpanda
          image: docker.redpanda.com/redpandadata/redpanda:v23.2.7
        - name: busybox
          image: busybox:latest
        - name: mintel/docker-alpine-bash-curl-jq
          image: mintel/docker-alpine-bash-curl-jq:latest
      artifacthub.io/license: Apache-2.0
      artifacthub.io/links: |
        - name: Documentation
          url: https://docs.redpanda.com
        - name: "Helm (>= 3.6.0)"
          url: https://helm.sh/docs/intro/install/
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Redpanda
      catalog.cattle.io/kube-version: '>=1.21-0'
      catalog.cattle.io/release-name: redpanda
    apiVersion: v2
    appVersion: v23.2.7
    created: "2023-09-01T15:03:23.741247578Z"
    dependencies:
    - condition: console.enabled
      name: console
      repository: file://./charts/console
      version: '>=0.5 <1.0'
    - condition: connectors.enabled
      name: connectors
      repository: file://./charts/connectors
      version: '>=0.1.2 <1.0'
    description: Redpanda is the real-time engine for modern apps.
    digest: 61dcd3ac0abe8dd9ab74e3bd57a84ac317bfd29fe27709b8850f60fa2194ec82
    icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
    kubeVersion: '>=1.21-0'
    maintainers:
    - name: redpanda-data
      url: https://github.com/orgs/redpanda-data/people
    name: redpanda
    sources:
    - https://github.com/redpanda-data/helm-charts
    type: application
    urls:
    - assets/redpanda/redpanda-5.3.0.tgz
    version: 5.3.0
  - annotations:
      artifacthub.io/images: |
        - name: redpanda
@ -46455,6 +46606,48 @@ entries:
    - assets/redpanda/redpanda-2.1.7.tgz
    version: 2.1.7
  s3gw:
  - annotations:
      app.aquarist-labs.io/name: s3gw
      artifacthub.io/category: storage
      artifacthub.io/links: |
        - name: homepage
          url: https://s3gw.io/
        - name: support
          url: https://github.com/aquarist-labs/s3gw/issues
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: S3 Gateway
      catalog.cattle.io/experimental: "true"
      catalog.cattle.io/kube-version: '>=1.14'
      catalog.cattle.io/namespace: s3gw
      catalog.cattle.io/release-name: s3gw
    apiVersion: v2
    appVersion: latest
    created: "2023-09-01T15:03:14.160391249Z"
    description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s
      Kubernetes. '
    digest: a160a0c536d48ee0cd0eb81afc5c374958d3e85b87f40c019f060e2be7f43048
    home: https://github.com/aquarist-labs/s3gw
    icon: https://s3gw.io/img/logo-xl.png
    keywords:
    - storage
    - s3
    kubeVersion: '>=1.14'
    maintainers:
    - email: s3gw@suse.com
      name: s3gw maintainers
      url: https://github.com/orgs/aquarist-labs/projects/5
    name: s3gw
    sources:
    - https://github.com/aquarist-labs/s3gw-charts
    - https://github.com/aquarist-labs/s3gw
    - https://github.com/aquarist-labs/ceph
    - https://github.com/aquarist-labs/s3gw-ui
    - https://github.com/aquarist-labs/s3gw-cosi-driver
    - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar
    type: application
    urls:
    - assets/aquarist-labs/s3gw-0.20.0.tgz
    version: 0.20.0
  - annotations:
      app.aquarist-labs.io/name: s3gw
      artifacthub.io/category: storage
@ -48318,6 +48511,37 @@ entries:
    - assets/bitnami/spark-6.3.8.tgz
    version: 6.3.8
  speedscale-operator:
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Speedscale Operator
      catalog.cattle.io/kube-version: '>= 1.17.0-0'
      catalog.cattle.io/release-name: speedscale-operator
    apiVersion: v1
    appVersion: 1.3.335
    created: "2023-09-01T15:03:23.838581351Z"
    description: Stress test your APIs with real world scenarios.  Collect and replay
      traffic without scripting.
    digest: e8b2a8598ca6040fc58ce49429404a9b1c449f3f04cf14a0464f0d002fd06d02
    home: https://speedscale.com
    icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png
    keywords:
    - speedscale
    - test
    - testing
    - regression
    - reliability
    - load
    - replay
    - network
    - traffic
    kubeVersion: '>= 1.17.0-0'
    maintainers:
    - email: support@speedscale.com
      name: Speedscale Support
    name: speedscale-operator
    urls:
    - assets/speedscale/speedscale-operator-1.3.29.tgz
    version: 1.3.29
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: Speedscale Operator
@ -54753,6 +54977,60 @@ entries:
    - assets/hashicorp/vault-0.22.0.tgz
    version: 0.22.0
  wordpress:
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: WordPress
      catalog.cattle.io/kube-version: '>=1.19-0'
      catalog.cattle.io/release-name: wordpress
      category: CMS
      images: |
        - name: apache-exporter
          image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r32
        - name: os-shell
          image: docker.io/bitnami/os-shell:11-debian-11-r54
        - name: wordpress
          image: docker.io/bitnami/wordpress:6.3.1-debian-11-r2
      licenses: Apache-2.0
    apiVersion: v2
    appVersion: 6.3.1
    created: "2023-09-01T15:03:18.6233484Z"
    dependencies:
    - condition: memcached.enabled
      name: memcached
      repository: file://./charts/memcached
      version: 6.x.x
    - condition: mariadb.enabled
      name: mariadb
      repository: file://./charts/mariadb
      version: 13.x.x
    - name: common
      repository: file://./charts/common
      tags:
      - bitnami-common
      version: 2.x.x
    description: WordPress is the world's most popular blogging and content management
      platform. Powerful yet simple, everyone from students to global corporations
      use it to build beautiful, functional websites.
    digest: 67809561f34f3fa58fd45d6c0bb791d6c3a92bc590ee1d9c7c6e84ab6fa53731
    home: https://bitnami.com
    icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png
    keywords:
    - application
    - blog
    - cms
    - http
    - php
    - web
    - wordpress
    maintainers:
    - name: VMware, Inc.
      url: https://github.com/bitnami/charts
    name: wordpress
    sources:
    - https://github.com/bitnami/charts/tree/main/bitnami/wordpress
    urls:
    - assets/bitnami/wordpress-17.1.6.tgz
    version: 17.1.6
  - annotations:
      catalog.cattle.io/certified: partner
      catalog.cattle.io/display-name: WordPress