diff --git a/assets/argo/argo-cd-5.46.7.tgz b/assets/argo/argo-cd-5.46.7.tgz index 736c23486..fb91d68fa 100644 Binary files a/assets/argo/argo-cd-5.46.7.tgz and b/assets/argo/argo-cd-5.46.7.tgz differ diff --git a/assets/argo/argo-cd-5.46.8.tgz b/assets/argo/argo-cd-5.46.8.tgz new file mode 100644 index 000000000..5b6e473ab Binary files /dev/null and b/assets/argo/argo-cd-5.46.8.tgz differ diff --git a/assets/asserts/asserts-1.59.0.tgz b/assets/asserts/asserts-1.59.0.tgz new file mode 100644 index 000000000..f9f12aa68 Binary files /dev/null and b/assets/asserts/asserts-1.59.0.tgz differ diff --git a/assets/bitnami/airflow-16.0.5.tgz b/assets/bitnami/airflow-16.0.5.tgz new file mode 100644 index 000000000..c8f9d6bcd Binary files /dev/null and b/assets/bitnami/airflow-16.0.5.tgz differ diff --git a/assets/bitnami/cassandra-10.5.8.tgz b/assets/bitnami/cassandra-10.5.8.tgz new file mode 100644 index 000000000..66095e952 Binary files /dev/null and b/assets/bitnami/cassandra-10.5.8.tgz differ diff --git a/assets/bitnami/kafka-25.3.5.tgz b/assets/bitnami/kafka-25.3.5.tgz new file mode 100644 index 000000000..775d9fa2e Binary files /dev/null and b/assets/bitnami/kafka-25.3.5.tgz differ diff --git a/assets/bitnami/mariadb-14.0.2.tgz b/assets/bitnami/mariadb-14.0.2.tgz new file mode 100644 index 000000000..305825a0e Binary files /dev/null and b/assets/bitnami/mariadb-14.0.2.tgz differ diff --git a/assets/bitnami/mysql-9.12.5.tgz b/assets/bitnami/mysql-9.12.5.tgz new file mode 100644 index 000000000..c964b6af6 Binary files /dev/null and b/assets/bitnami/mysql-9.12.5.tgz differ diff --git a/assets/bitnami/postgresql-13.1.5.tgz b/assets/bitnami/postgresql-13.1.5.tgz new file mode 100644 index 000000000..eb942c49f Binary files /dev/null and b/assets/bitnami/postgresql-13.1.5.tgz differ diff --git a/assets/bitnami/redis-18.1.5.tgz b/assets/bitnami/redis-18.1.5.tgz new file mode 100644 index 000000000..e6fe68ca3 Binary files /dev/null and b/assets/bitnami/redis-18.1.5.tgz differ diff --git a/assets/bitnami/spark-8.0.1.tgz b/assets/bitnami/spark-8.0.1.tgz new file mode 100644 index 000000000..1d698cbfe Binary files /dev/null and b/assets/bitnami/spark-8.0.1.tgz differ diff --git a/assets/bitnami/tomcat-10.10.9.tgz b/assets/bitnami/tomcat-10.10.9.tgz new file mode 100644 index 000000000..acc8a48f3 Binary files /dev/null and b/assets/bitnami/tomcat-10.10.9.tgz differ diff --git a/assets/bitnami/wordpress-18.0.6.tgz b/assets/bitnami/wordpress-18.0.6.tgz new file mode 100644 index 000000000..40baffcf7 Binary files /dev/null and b/assets/bitnami/wordpress-18.0.6.tgz differ diff --git a/assets/bitnami/zookeeper-12.1.6.tgz b/assets/bitnami/zookeeper-12.1.6.tgz new file mode 100644 index 000000000..4a183d3e3 Binary files /dev/null and b/assets/bitnami/zookeeper-12.1.6.tgz differ diff --git a/assets/dynatrace/dynatrace-operator-0.14.0.tgz b/assets/dynatrace/dynatrace-operator-0.14.0.tgz new file mode 100644 index 000000000..015359b51 Binary files /dev/null and b/assets/dynatrace/dynatrace-operator-0.14.0.tgz differ diff --git a/assets/external-secrets/external-secrets-0.9.6.tgz b/assets/external-secrets/external-secrets-0.9.6.tgz new file mode 100644 index 000000000..3bf8e06bd Binary files /dev/null and b/assets/external-secrets/external-secrets-0.9.6.tgz differ diff --git a/assets/f5/nginx-ingress-1.0.1.tgz b/assets/f5/nginx-ingress-1.0.1.tgz new file mode 100644 index 000000000..f7cd35fa6 Binary files /dev/null and b/assets/f5/nginx-ingress-1.0.1.tgz differ diff --git a/assets/gluu/gluu-5.0.22.tgz b/assets/gluu/gluu-5.0.22.tgz index 0c1e41fab..eadbb37ed 100644 Binary files a/assets/gluu/gluu-5.0.22.tgz and b/assets/gluu/gluu-5.0.22.tgz differ diff --git a/assets/gluu/gluu-5.0.23.tgz b/assets/gluu/gluu-5.0.23.tgz new file mode 100644 index 000000000..432333599 Binary files /dev/null and b/assets/gluu/gluu-5.0.23.tgz differ diff --git a/assets/instana/instana-agent-1.2.65.tgz b/assets/instana/instana-agent-1.2.65.tgz new file mode 100644 index 000000000..91633e141 Binary files /dev/null and b/assets/instana/instana-agent-1.2.65.tgz differ diff --git a/assets/jenkins/jenkins-4.7.2.tgz b/assets/jenkins/jenkins-4.7.2.tgz new file mode 100644 index 000000000..ca254c59b Binary files /dev/null and b/assets/jenkins/jenkins-4.7.2.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.106.2.tgz b/assets/kubecost/cost-analyzer-1.106.2.tgz index d3fbfb2b6..c38942a29 100644 Binary files a/assets/kubecost/cost-analyzer-1.106.2.tgz and b/assets/kubecost/cost-analyzer-1.106.2.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.106.3.tgz b/assets/kubecost/cost-analyzer-1.106.3.tgz new file mode 100644 index 000000000..af92d586b Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.106.3.tgz differ diff --git a/assets/kuma/kuma-2.4.3.tgz b/assets/kuma/kuma-2.4.3.tgz new file mode 100644 index 000000000..02b652cf1 Binary files /dev/null and b/assets/kuma/kuma-2.4.3.tgz differ diff --git a/assets/minio/minio-operator-5.0.10.tgz b/assets/minio/minio-operator-5.0.10.tgz new file mode 100644 index 000000000..7bdeafd76 Binary files /dev/null and b/assets/minio/minio-operator-5.0.10.tgz differ diff --git a/assets/nats/nats-1.1.1.tgz b/assets/nats/nats-1.1.1.tgz new file mode 100644 index 000000000..098a21eab Binary files /dev/null and b/assets/nats/nats-1.1.1.tgz differ diff --git a/assets/new-relic/nri-bundle-5.0.40.tgz b/assets/new-relic/nri-bundle-5.0.40.tgz new file mode 100644 index 000000000..6129a87eb Binary files /dev/null and b/assets/new-relic/nri-bundle-5.0.40.tgz differ diff --git a/assets/prophetstor/federatorai-5.1.5.tgz b/assets/prophetstor/federatorai-5.1.5.tgz new file mode 100644 index 000000000..a09e64f8e Binary files /dev/null and b/assets/prophetstor/federatorai-5.1.5.tgz differ diff --git a/assets/redpanda/redpanda-5.6.17.tgz b/assets/redpanda/redpanda-5.6.17.tgz new file mode 100644 index 000000000..9ec6d8450 Binary files /dev/null and b/assets/redpanda/redpanda-5.6.17.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.3.39.tgz b/assets/speedscale/speedscale-operator-1.3.39.tgz new file mode 100644 index 000000000..8f9f6a5e1 Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.39.tgz differ diff --git a/assets/sysdig/sysdig-1.16.15.tgz b/assets/sysdig/sysdig-1.16.15.tgz new file mode 100644 index 000000000..3a0ecb3e4 Binary files /dev/null and b/assets/sysdig/sysdig-1.16.15.tgz differ diff --git a/assets/yugabyte/yugabyte-2.16.8.tgz b/assets/yugabyte/yugabyte-2.16.8.tgz new file mode 100644 index 000000000..47ceba61d Binary files /dev/null and b/assets/yugabyte/yugabyte-2.16.8.tgz differ diff --git a/assets/yugabyte/yugaware-2.16.8.tgz b/assets/yugabyte/yugaware-2.16.8.tgz new file mode 100644 index 000000000..475f5fdb9 Binary files /dev/null and b/assets/yugabyte/yugaware-2.16.8.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index b7be6b187..6f55660c3 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: security - description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 + - kind: fixed + description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0. artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -33,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.46.7 +version: 5.46.8 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 166619712..b2101038f 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -1001,12 +1001,14 @@ The main options are listed here: |-----|------|---------|-------------| | redis-ha.additionalAffinities | object | `{}` | Additional affinities to add to the Redis server pods. | | redis-ha.affinity | string | `""` | Assign custom [affinity] rules to the Redis pods. | +| redis-ha.containerSecurityContext | object | See [values.yaml] | Redis HA statefulset container-level security context | | redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | | redis-ha.exporter.enabled | bool | `false` | Enable Prometheus redis-exporter sidecar | | redis-ha.exporter.image | string | `"public.ecr.aws/bitnami/redis-exporter"` | Repository to use for the redis-exporter | | redis-ha.exporter.tag | string | `"1.53.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.additionalAffinities | object | `{}` | Additional affinities to add to the haproxy pods. | | redis-ha.haproxy.affinity | string | `""` | Assign custom [affinity] rules to the haproxy pods. | +| redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index fed4e97c4..b029dfaab 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -1279,6 +1279,7 @@ redis: # -- Redis container-level security context # @default -- See [values.yaml] containerSecurityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: @@ -1416,8 +1417,13 @@ redis-ha: additionalAffinities: {} # -- Assign custom [affinity] rules to the haproxy pods. affinity: | + # -- [Tolerations] for use with node taints for haproxy pods. tolerations: [] + # -- HAProxy container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # -- Whether the Redis server pods should be forced to run on separate nodes. hardAntiAffinity: true @@ -1445,6 +1451,10 @@ redis-ha: # -- Enforcement policy, hard or soft # @default -- `""` (defaults to `ScheduleAnyway`) whenUnsatisfiable: "" + # -- Redis HA statefulset container-level security context + # @default -- See [values.yaml] + containerSecurityContext: + readOnlyRootFilesystem: true # External Redis parameters externalRedis: diff --git a/charts/asserts/asserts/Chart.yaml b/charts/asserts/asserts/Chart.yaml index b349c4e59..bd05544b0 100644 --- a/charts/asserts/asserts/Chart.yaml +++ b/charts/asserts/asserts/Chart.yaml @@ -58,4 +58,4 @@ maintainers: url: https://github.com/asserts name: asserts type: application -version: 1.58.0 +version: 1.59.0 diff --git a/charts/asserts/asserts/values.yaml b/charts/asserts/asserts/values.yaml index 9d2a3a9ff..08644c24d 100644 --- a/charts/asserts/asserts/values.yaml +++ b/charts/asserts/asserts/values.yaml @@ -155,7 +155,7 @@ server: repository: asserts/asserts-server pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.2.733 + tag: v0.2.769 resources: requests: @@ -266,7 +266,7 @@ authorization: repository: asserts/authorization pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.2.733 + tag: v0.2.769 resources: requests: diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock index a2ed2c5af..afede26fd 100644 --- a/charts/bitnami/airflow/Chart.lock +++ b/charts/bitnami/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.1.3 + version: 18.1.5 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.1.1 + version: 13.1.5 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.13.2 -digest: sha256:cf78163c9f1afeaa8609a6d6ea77f27d79afb32caa392e7f5cb3ed42cc21c677 -generated: "2023-10-09T21:10:32.642697314Z" +digest: sha256:5b0157324635d8a3daca94e01d702a13f41b14d81250b29486b5512db2d6b2e5 +generated: "2023-10-14T17:55:52.376439601Z" diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml index aad62fef0..3da462fdd 100644 --- a/charts/bitnami/airflow/Chart.yaml +++ b/charts/bitnami/airflow/Chart.yaml @@ -6,20 +6,20 @@ annotations: category: WorkFlow images: | - name: airflow-exporter - image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r436 + image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r438 - name: airflow-scheduler - image: docker.io/bitnami/airflow-scheduler:2.7.1-debian-11-r27 + image: docker.io/bitnami/airflow-scheduler:2.7.2-debian-11-r0 - name: airflow-worker - image: docker.io/bitnami/airflow-worker:2.7.1-debian-11-r27 + image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r0 - name: airflow - image: docker.io/bitnami/airflow:2.7.1-debian-11-r28 + image: docker.io/bitnami/airflow:2.7.2-debian-11-r0 - name: git - image: docker.io/bitnami/git:2.42.0-debian-11-r41 + image: docker.io/bitnami/git:2.42.0-debian-11-r45 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r89 + image: docker.io/bitnami/os-shell:11-debian-11-r90 licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.7.1 +appVersion: 2.7.2 dependencies: - condition: redis.enabled name: redis @@ -50,4 +50,4 @@ maintainers: name: airflow sources: - https://github.com/bitnami/charts/tree/main/bitnami/airflow -version: 16.0.3 +version: 16.0.5 diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md index d9d696604..135c137e3 100644 --- a/charts/bitnami/airflow/README.md +++ b/charts/bitnami/airflow/README.md @@ -90,7 +90,7 @@ The command removes all the Kubernetes components associated with the chart and | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | | `dags.image.registry` | Init container load-dags image registry | `docker.io` | | `dags.image.repository` | Init container load-dags image repository | `bitnami/os-shell` | -| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r89` | +| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r90` | | `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | | `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | @@ -105,78 +105,78 @@ The command removes all the Kubernetes components associated with the chart and ### Airflow web parameters -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | -| `web.image.registry` | Airflow image registry | `docker.io` | -| `web.image.repository` | Airflow image repository | `bitnami/airflow` | -| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.7.1-debian-11-r28` | -| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | -| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | -| `web.image.debug` | Enable image debug mode | `false` | -| `web.baseUrl` | URL used to access to Airflow web ui | `""` | -| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | -| `web.command` | Override default container command (useful when using custom images) | `[]` | -| `web.args` | Override default container args (useful when using custom images) | `[]` | -| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | -| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | -| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | -| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | -| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | -| `web.replicaCount` | Number of Airflow web replicas | `1` | -| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | -| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | -| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | -| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | -| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | -| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | -| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | -| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | -| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | -| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | -| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | -| `web.hostAliases` | Deployment pod host aliases | `[]` | -| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | -| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | -| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | -| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | -| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | -| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | -| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | -| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | -| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | -| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `web.priorityClassName` | Priority Class Name | `""` | -| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | -| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | -| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | -| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | -| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | -| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | -| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | -| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | -| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | -| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | +| Name | Description | Value | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- | +| `web.image.registry` | Airflow image registry | `docker.io` | +| `web.image.repository` | Airflow image repository | `bitnami/airflow` | +| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` | +| `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | +| `web.image.pullSecrets` | Airflow image pull secrets | `[]` | +| `web.image.debug` | Enable image debug mode | `false` | +| `web.baseUrl` | URL used to access to Airflow web ui | `""` | +| `web.existingConfigmap` | Name of an existing config map containing the Airflow web config file | `""` | +| `web.command` | Override default container command (useful when using custom images) | `[]` | +| `web.args` | Override default container args (useful when using custom images) | `[]` | +| `web.extraEnvVars` | Array with extra environment variables to add Airflow web pods | `[]` | +| `web.extraEnvVarsCM` | ConfigMap containing extra environment variables for Airflow web pods | `""` | +| `web.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Airflow web pods | `""` | +| `web.extraEnvVarsSecrets` | List of secrets with extra environment variables for Airflow web pods | `[]` | +| `web.containerPorts.http` | Airflow web HTTP container port | `8080` | +| `web.replicaCount` | Number of Airflow web replicas | `1` | +| `web.livenessProbe.enabled` | Enable livenessProbe on Airflow web containers | `true` | +| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `web.readinessProbe.enabled` | Enable readinessProbe on Airflow web containers | `true` | +| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `web.startupProbe.enabled` | Enable startupProbe on Airflow web containers | `false` | +| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `web.resources.limits` | The resources limits for the Airflow web containers | `{}` | +| `web.resources.requests` | The requested resources for the Airflow web containers | `{}` | +| `web.podSecurityContext.enabled` | Enabled Airflow web pods' Security Context | `true` | +| `web.podSecurityContext.fsGroup` | Set Airflow web pod's Security Context fsGroup | `1001` | +| `web.containerSecurityContext.enabled` | Enabled Airflow web containers' Security Context | `true` | +| `web.containerSecurityContext.runAsUser` | Set Airflow web containers' Security Context runAsUser | `1001` | +| `web.containerSecurityContext.runAsNonRoot` | Set Airflow web containers' Security Context runAsNonRoot | `true` | +| `web.lifecycleHooks` | for the Airflow web container(s) to automate configuration before or after startup | `{}` | +| `web.hostAliases` | Deployment pod host aliases | `[]` | +| `web.podLabels` | Add extra labels to the Airflow web pods | `{}` | +| `web.podAnnotations` | Add extra annotations to the Airflow web pods | `{}` | +| `web.affinity` | Affinity for Airflow web pods assignment (evaluated as a template) | `{}` | +| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set. | `""` | +| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set. | `[]` | +| `web.nodeSelector` | Node labels for Airflow web pods assignment | `{}` | +| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `""` | +| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`. | `soft` | +| `web.tolerations` | Tolerations for Airflow web pods assignment | `[]` | +| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `web.priorityClassName` | Priority Class Name | `""` | +| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `web.terminationGracePeriodSeconds` | Seconds Airflow web pod needs to terminate gracefully | `""` | +| `web.updateStrategy.type` | Airflow web deployment strategy type | `RollingUpdate` | +| `web.updateStrategy.rollingUpdate` | Airflow web deployment rolling update configuration parameters | `{}` | +| `web.sidecars` | Add additional sidecar containers to the Airflow web pods | `[]` | +| `web.initContainers` | Add additional init containers to the Airflow web pods | `[]` | +| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Airflow web pods | `[]` | +| `web.extraVolumes` | Optionally specify extra list of additional volumes for the Airflow web pods | `[]` | +| `web.pdb.create` | Deploy a pdb object for the Airflow web pods | `false` | +| `web.pdb.minAvailable` | Maximum number/percentage of unavailable Airflow web replicas | `1` | +| `web.pdb.maxUnavailable` | Maximum number/percentage of unavailable Airflow web replicas | `""` | ### Airflow scheduler parameters @@ -184,7 +184,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- | | `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` | | `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` | -| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.7.1-debian-11-r27` | +| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | @@ -238,7 +238,7 @@ The command removes all the Kubernetes components associated with the chart and | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | | `worker.image.registry` | Airflow Worker image registry | `docker.io` | | `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` | -| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.7.1-debian-11-r27` | +| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.7.2-debian-11-r0` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | @@ -318,7 +318,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------ | --------------------------------------------------------------------------------------------------- | ---------------------- | | `git.image.registry` | Git image registry | `docker.io` | | `git.image.repository` | Git image repository | `bitnami/git` | -| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.42.0-debian-11-r41` | +| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.42.0-debian-11-r45` | | `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | | `git.image.pullSecrets` | Git image pull secrets | `[]` | @@ -410,7 +410,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.image.registry` | Airflow exporter image registry | `docker.io` | | `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` | -| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r436` | +| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r438` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/Chart.yaml index 1636616b7..5e19d5bc2 100644 --- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml +++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r86 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: postgres-exporter - image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r12 + image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15 - name: postgresql - image: docker.io/bitnami/postgresql:16.0.0-debian-11-r10 + image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13 licenses: Apache-2.0 apiVersion: v2 appVersion: 16.0.0 @@ -34,4 +34,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 13.1.1 +version: 13.1.5 diff --git a/charts/bitnami/airflow/charts/postgresql/README.md b/charts/bitnami/airflow/charts/postgresql/README.md index 11dc792cb..6bf879d6c 100644 --- a/charts/bitnami/airflow/charts/postgresql/README.md +++ b/charts/bitnami/airflow/charts/postgresql/README.md @@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r10` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r13` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -430,7 +430,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -461,7 +461,7 @@ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r12` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r15` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | diff --git a/charts/bitnami/airflow/charts/postgresql/values.yaml b/charts/bitnami/airflow/charts/postgresql/values.yaml index 447a85a00..1c371fde7 100644 --- a/charts/bitnami/airflow/charts/postgresql/values.yaml +++ b/charts/bitnami/airflow/charts/postgresql/values.yaml @@ -98,7 +98,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 16.0.0-debian-11-r10 + tag: 16.0.0-debian-11-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1299,7 +1299,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1400,7 +1400,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.14.0-debian-11-r12 + tag: 0.14.0-debian-11-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/airflow/charts/redis/Chart.yaml b/charts/bitnami/airflow/charts/redis/Chart.yaml index c65990fcc..a5ce1d04d 100644 --- a/charts/bitnami/airflow/charts/redis/Chart.yaml +++ b/charts/bitnami/airflow/charts/redis/Chart.yaml @@ -2,13 +2,13 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r86 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.54.0-debian-11-r25 + image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0 - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r23 + image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r26 - name: redis - image: docker.io/bitnami/redis:7.2.1-debian-11-r24 + image: docker.io/bitnami/redis:7.2.1-debian-11-r26 licenses: Apache-2.0 apiVersion: v2 appVersion: 7.2.1 @@ -33,4 +33,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.1.3 +version: 18.1.5 diff --git a/charts/bitnami/airflow/charts/redis/README.md b/charts/bitnami/airflow/charts/redis/README.md index a997b1d21..31f4aaa66 100644 --- a/charts/bitnami/airflow/charts/redis/README.md +++ b/charts/bitnami/airflow/charts/redis/README.md @@ -101,7 +101,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Redis® image registry | `docker.io` | | `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.2.1-debian-11-r24` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` | | `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | | `image.pullSecrets` | Redis® image pull secrets | `[]` | @@ -208,6 +208,9 @@ The command removes all the Kubernetes components associated with the chart and | `master.persistence.selector` | Additional labels to match for the PVC | `{}` | | `master.persistence.dataSource` | Custom PVC data source | `{}` | | `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `master.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `master.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `master.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | | `master.service.type` | Redis® master service type | `ClusterIP` | | `master.service.ports.redis` | Redis® master service port | `6379` | | `master.service.nodePorts.redis` | Node port for Redis® master | `""` | @@ -317,6 +320,9 @@ The command removes all the Kubernetes components associated with the chart and | `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | | `replica.persistence.dataSource` | Custom PVC data source | `{}` | | `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `replica.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `replica.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `replica.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | | `replica.service.type` | Redis® replicas service type | `ClusterIP` | | `replica.service.ports.redis` | Redis® replicas service port | `6379` | | `replica.service.nodePorts.redis` | Node port for Redis® replicas | `""` | @@ -347,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r23` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -404,6 +410,9 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | | `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | | `sentinel.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | +| `sentinel.persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `sentinel.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | | `sentinel.resources.limits` | The resources limits for the Redis® Sentinel containers | `{}` | | `sentinel.resources.requests` | The requested resources for the Redis® Sentinel containers | `{}` | | `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` | @@ -474,7 +483,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.54.0-debian-11-r25` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.55.0-debian-11-r0` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -547,7 +556,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -557,7 +566,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | OS Shell + Utility image registry | `docker.io` | | `sysctl.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r90` | | `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | diff --git a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml index 4b10b80db..84a25b1bc 100644 --- a/charts/bitnami/airflow/charts/redis/templates/master/application.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/master/application.yaml @@ -493,6 +493,11 @@ spec: persistentVolumeClaim: claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} {{- else }} + {{- if .Values.master.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.master.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim diff --git a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml index e7a927327..b82406c07 100644 --- a/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/replicas/statefulset.yaml @@ -490,6 +490,11 @@ spec: persistentVolumeClaim: claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} {{- else }} + {{- if .Values.replica.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.replica.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim diff --git a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml index 5f76a0399..55d0e90e0 100644 --- a/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml +++ b/charts/bitnami/airflow/charts/redis/templates/sentinel/statefulset.yaml @@ -728,6 +728,11 @@ spec: persistentVolumeClaim: claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} {{- else }} + {{- if .Values.sentinel.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.sentinel.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim diff --git a/charts/bitnami/airflow/charts/redis/values.yaml b/charts/bitnami/airflow/charts/redis/values.yaml index 9bf2873ee..6a924f6b8 100644 --- a/charts/bitnami/airflow/charts/redis/values.yaml +++ b/charts/bitnami/airflow/charts/redis/values.yaml @@ -91,7 +91,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.2.1-debian-11-r24 + tag: 7.2.1-debian-11-r26 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -488,6 +488,16 @@ master: ## NOTE: requires master.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain ## Redis® master service parameters ## service: @@ -921,6 +931,16 @@ replica: ## NOTE: requires replica.persistence.enabled: true ## existingClaim: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param replica.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param replica.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param replica.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain ## Redis® replicas service parameters ## service: @@ -1036,7 +1056,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.2.1-debian-11-r23 + tag: 7.2.1-debian-11-r26 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1219,6 +1239,16 @@ sentinel: ## @param sentinel.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. ## sizeLimit: "" + ## persistentVolumeClaimRetentionPolicy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## @param sentinel.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## @param sentinel.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + persistentVolumeClaimRetentionPolicy: + enabled: false + whenScaled: Retain + whenDeleted: Retain ## Redis® Sentinel resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers @@ -1505,7 +1535,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.54.0-debian-11-r25 + tag: 1.55.0-debian-11-r0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1779,7 +1809,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1827,7 +1857,7 @@ sysctl: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml index 562a13e25..add3c948e 100644 --- a/charts/bitnami/airflow/values.yaml +++ b/charts/bitnami/airflow/values.yaml @@ -121,7 +121,7 @@ dags: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r89 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -188,7 +188,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.7.1-debian-11-r28 + tag: 2.7.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -446,7 +446,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.7.1-debian-11-r27 + tag: 2.7.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -650,7 +650,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.7.1-debian-11-r27 + tag: 2.7.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -923,7 +923,7 @@ git: image: registry: docker.io repository: bitnami/git - tag: 2.42.0-debian-11-r41 + tag: 2.42.0-debian-11-r45 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1286,7 +1286,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-11-r436 + tag: 0.20220314.0-debian-11-r438 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index 102f793e9..bf0f8710f 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: Database images: | - name: cassandra-exporter - image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r423 + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r429 - name: cassandra - image: docker.io/bitnami/cassandra:4.1.3-debian-11-r63 + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r71 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r83 + image: docker.io/bitnami/os-shell:11-debian-11-r90 licenses: Apache-2.0 apiVersion: v2 appVersion: 4.1.3 @@ -35,4 +35,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.5.6 +version: 10.5.8 diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md index 42770f20a..fa3a7a867 100644 --- a/charts/bitnami/cassandra/README.md +++ b/charts/bitnami/cassandra/README.md @@ -81,7 +81,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | ---------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Cassandra image registry | `docker.io` | | `image.repository` | Cassandra image repository | `bitnami/cassandra` | -| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r63` | +| `image.tag` | Cassandra image tag (immutable tags are recommended) | `4.1.3-debian-11-r71` | | `image.digest` | Cassandra image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | Cassandra image pull secrets | `[]` | @@ -232,7 +232,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r83` | +| `volumePermissions.image.tag` | Init container volume image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -247,7 +247,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Cassandra exporter image registry | `docker.io` | | `metrics.image.repository` | Cassandra exporter image name | `bitnami/cassandra-exporter` | -| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r423` | +| `metrics.image.tag` | Cassandra exporter image tag | `2.3.8-debian-11-r429` | | `metrics.image.digest` | Cassandra exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/cassandra/values.yaml b/charts/bitnami/cassandra/values.yaml index 9b2164dcb..9b13e634b 100644 --- a/charts/bitnami/cassandra/values.yaml +++ b/charts/bitnami/cassandra/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.3-debian-11-r63 + tag: 4.1.3-debian-11-r71 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -616,7 +616,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r83 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -684,7 +684,7 @@ metrics: image: registry: docker.io repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r423 + tag: 2.3.8-debian-11-r429 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index 0010734ce..9398506f2 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 12.1.3 + version: 12.1.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.13.2 -digest: sha256:014815aff273844f34be8506ddc386d70779c46590d9899f756d141eb6285acd -generated: "2023-10-09T18:35:01.517634728Z" +digest: sha256:07d7596708cc5b839395c9034fbd54f04e1f5d7baa6e0a9c50f2076b81762d87 +generated: "2023-10-12T11:26:10.244681296Z" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index 00db7a83a..e29ad6afb 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -6,15 +6,15 @@ annotations: category: Infrastructure images: | - name: jmx-exporter - image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r92 + image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r95 - name: kafka-exporter - image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r130 + image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r132 - name: kafka - image: docker.io/bitnami/kafka:3.5.1-debian-11-r71 + image: docker.io/bitnami/kafka:3.5.1-debian-11-r72 - name: kubectl - image: docker.io/bitnami/kubectl:1.28.2-debian-11-r14 + image: docker.io/bitnami/kubectl:1.28.2-debian-11-r16 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r89 + image: docker.io/bitnami/os-shell:11-debian-11-r90 licenses: Apache-2.0 apiVersion: v2 appVersion: 3.5.1 @@ -45,4 +45,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 25.3.3 +version: 25.3.5 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index 3825a401c..885277bff 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r71` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r72` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -404,7 +404,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | | `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | | `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.28.2-debian-11-r14` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.28.2-debian-11-r16` | | `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | @@ -454,7 +454,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r89` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -479,7 +479,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r130` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r132` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -533,7 +533,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.kafkaJmxPort` | JMX port where the exporter will collect metrics, exposed in the Kafka container. | `5555` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r92` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r95` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.lock b/charts/bitnami/kafka/charts/zookeeper/Chart.lock index f54586cc7..934796e86 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.lock +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.10.0 -digest: sha256:023ded170632d04528f30332370f34fc8fb96efb2886a01d934cb3bd6e6d2e09 -generated: "2023-09-05T11:24:06.99508+02:00" + version: 2.13.2 +digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead +generated: "2023-10-11T10:24:27.070886462Z" diff --git a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml index 4a7cddb2a..3de4f0331 100644 --- a/charts/bitnami/kafka/charts/zookeeper/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/Chart.yaml @@ -2,12 +2,12 @@ annotations: category: Infrastructure images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r51 + image: docker.io/bitnami/os-shell:11-debian-11-r89 - name: zookeeper - image: docker.io/bitnami/zookeeper:3.9.0-debian-11-r11 + image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r0 licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.9.0 +appVersion: 3.9.1 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -26,4 +26,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 12.1.3 +version: 12.1.4 diff --git a/charts/bitnami/kafka/charts/zookeeper/README.md b/charts/bitnami/kafka/charts/zookeeper/README.md index b3bc29768..fa96ee8ac 100644 --- a/charts/bitnami/kafka/charts/zookeeper/README.md +++ b/charts/bitnami/kafka/charts/zookeeper/README.md @@ -24,8 +24,8 @@ Looking to use Apache ZooKeeper in production? Try [VMware Application Catalog]( ## Prerequisites -- Kubernetes 1.19+ -- Helm 3.2.0+ +- Kubernetes 1.23+ +- Helm 3.8.0+ - PV provisioner support in the underlying infrastructure ## Installing the Chart @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.0-debian-11-r11` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r0` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r51` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r89` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml b/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml index e35c2d0e7..961b90f48 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.9.2 +appVersion: 2.13.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.10.0 +version: 2.13.2 diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_capabilities.tpl b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_capabilities.tpl index c6d115fe5..b1257397d 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_capabilities.tpl @@ -172,6 +172,50 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admisionConfiguration.supported" -}} +{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_images.tpl b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_images.tpl index 2181f3224..1bcb779df 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_images.tpl +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_images.tpl @@ -38,13 +38,21 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if .global }} {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} {{- end -}} {{- end -}} {{- range .images -}} {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} {{- end -}} {{- end -}} @@ -66,13 +74,21 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if $context.Values.global }} {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} {{- end -}} {{- end -}} {{- range .images -}} {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} {{- end -}} {{- end -}} @@ -83,3 +99,19 @@ imagePullSecrets: {{- end }} {{- end }} {{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_labels.tpl b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_labels.tpl index fac46076a..d90a6cdc0 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_labels.tpl +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_labels.tpl @@ -11,21 +11,19 @@ Kubernetes standard labels */}} {{- define "common.labels.standard" -}} {{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge - (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) - (dict - "app.kubernetes.io/name" (include "common.names.name" .context) - "helm.sh/chart" (include "common.names.chart" .context) - "app.kubernetes.io/instance" .context.Release.Name - "app.kubernetes.io/managed-by" .context.Release.Service - ) - | toYaml -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} {{- else -}} app.kubernetes.io/name: {{ include "common.names.name" . }} helm.sh/chart: {{ include "common.names.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} {{- end -}} {{- end -}} @@ -40,14 +38,7 @@ overwrote them on metadata.labels fields. */}} {{- define "common.labels.matchLabels" -}} {{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge - (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") - (dict - "app.kubernetes.io/name" (include "common.names.name" .context) - "app.kubernetes.io/instance" .context.Release.Name - ) - | toYaml -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} {{- else -}} app.kubernetes.io/name: {{ include "common.names.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_utils.tpl b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_utils.tpl index c87040cd9..bfbddf054 100644 --- a/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_utils.tpl +++ b/charts/bitnami/kafka/charts/zookeeper/charts/common/templates/_utils.tpl @@ -65,3 +65,13 @@ Usage: {{- end -}} {{- printf "%s" $key -}} {{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/charts/bitnami/kafka/charts/zookeeper/values.yaml b/charts/bitnami/kafka/charts/zookeeper/values.yaml index 7e6ebbe11..825cb9c50 100644 --- a/charts/bitnami/kafka/charts/zookeeper/values.yaml +++ b/charts/bitnami/kafka/charts/zookeeper/values.yaml @@ -79,7 +79,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.9.0-debian-11-r11 + tag: 3.9.1-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -663,7 +663,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r51 + tag: 11-debian-11-r89 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index b299ec4dc..e4a924fd6 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -80,7 +80,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.5.1-debian-11-r71 + tag: 3.5.1-debian-11-r72 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1303,7 +1303,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.28.2-debian-11-r14 + tag: 1.28.2-debian-11-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1553,7 +1553,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r89 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1635,7 +1635,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.7.0-debian-11-r130 + tag: 1.7.0-debian-11-r132 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1889,7 +1889,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.19.0-debian-11-r92 + tag: 0.19.0-debian-11-r95 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index ecef0254a..ff80a3b25 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -8,9 +8,9 @@ annotations: - name: mariadb image: docker.io/bitnami/mariadb:11.1.2-debian-11-r0 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r69 + image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r86 + image: docker.io/bitnami/os-shell:11-debian-11-r90 licenses: Apache-2.0 apiVersion: v2 appVersion: 11.1.2 @@ -37,4 +37,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 14.0.1 +version: 14.0.2 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index a94313bfb..d9b5c2bed 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -308,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r69` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r70` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -462,6 +462,10 @@ helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/mariadb --set a | Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. +### To 14.0.0 + +This major release bumps the MariaDB version to 11.1. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-between-minor-versions-on-linux/) for upgrading from MariaDB 11.0 to 11.1. No major issues are expected during the upgrade. + ### To 13.0.0 This major release bumps the MariaDB version to 11.0. Follow the [upstream instructions](https://mariadb.com/kb/en/upgrading-from-mariadb-10-11-to-mariadb-11-0/) for upgrading from MariaDB 10.11 to 11.0. No major issues are expected during the upgrade. diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index 10221d451..708ea54b6 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -1004,7 +1004,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1040,7 +1040,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.0-debian-11-r69 + tag: 0.15.0-debian-11-r70 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/mysql/Chart.lock b/charts/bitnami/mysql/Chart.lock index a10521aa9..e77869492 100644 --- a/charts/bitnami/mysql/Chart.lock +++ b/charts/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.11.1 -digest: sha256:ead8f26c76a9ec082f23629a358e8efd8f88d87aaed734bf41febcb8a7bc5d4c -generated: "2023-09-19T07:52:06.908924822Z" + version: 2.13.2 +digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead +generated: "2023-10-12T15:20:38.409783798Z" diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index 00f978bb0..8bf503560 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: Database images: | - name: mysql - image: docker.io/bitnami/mysql:8.0.34-debian-11-r56 + image: docker.io/bitnami/mysql:8.0.34-debian-11-r75 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r50 + image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r72 + image: docker.io/bitnami/os-shell:11-debian-11-r90 licenses: Apache-2.0 apiVersion: v2 appVersion: 8.0.34 @@ -36,4 +36,4 @@ maintainers: name: mysql sources: - https://github.com/bitnami/charts/tree/main/bitnami/mysql -version: 9.12.4 +version: 9.12.5 diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md index 5379bbecf..f253e5e58 100644 --- a/charts/bitnami/mysql/README.md +++ b/charts/bitnami/mysql/README.md @@ -83,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | MySQL image registry | `docker.io` | | `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.34-debian-11-r56` | +| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.34-debian-11-r75` | | `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -309,7 +309,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r72` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -322,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r50` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.15.0-debian-11-r70` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/mysql/charts/common/Chart.yaml b/charts/bitnami/mysql/charts/common/Chart.yaml index 3be88e6aa..961b90f48 100644 --- a/charts/bitnami/mysql/charts/common/Chart.yaml +++ b/charts/bitnami/mysql/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.11.1 +appVersion: 2.13.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.11.1 +version: 2.13.2 diff --git a/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl b/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl index c6d115fe5..b1257397d 100644 --- a/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl @@ -172,6 +172,50 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admisionConfiguration.supported" -}} +{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/mysql/charts/common/templates/_images.tpl b/charts/bitnami/mysql/charts/common/templates/_images.tpl index e248d6d08..1bcb779df 100644 --- a/charts/bitnami/mysql/charts/common/templates/_images.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_images.tpl @@ -38,13 +38,21 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if .global }} {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} {{- end -}} {{- end -}} {{- range .images -}} {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} {{- end -}} {{- end -}} @@ -66,13 +74,21 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if $context.Values.global }} {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} {{- end -}} {{- end -}} {{- range .images -}} {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/bitnami/mysql/charts/common/templates/_labels.tpl b/charts/bitnami/mysql/charts/common/templates/_labels.tpl index a3cdc2bfd..d90a6cdc0 100644 --- a/charts/bitnami/mysql/charts/common/templates/_labels.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_labels.tpl @@ -11,13 +11,19 @@ Kubernetes standard labels */}} {{- define "common.labels.standard" -}} {{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service "app.kubernetes.io/version" .context.Chart.AppVersion) | toYaml }} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} {{- else -}} app.kubernetes.io/name: {{ include "common.names.name" . }} helm.sh/chart: {{ include "common.names.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} {{- end -}} {{- end -}} diff --git a/charts/bitnami/mysql/charts/common/templates/_utils.tpl b/charts/bitnami/mysql/charts/common/templates/_utils.tpl index c87040cd9..bfbddf054 100644 --- a/charts/bitnami/mysql/charts/common/templates/_utils.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_utils.tpl @@ -65,3 +65,13 @@ Usage: {{- end -}} {{- printf "%s" $key -}} {{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/charts/bitnami/mysql/charts/common/values.schema.json b/charts/bitnami/mysql/charts/common/values.schema.json deleted file mode 100644 index 2124b3e4a..000000000 --- a/charts/bitnami/mysql/charts/common/values.schema.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "title": "Chart Values", - "type": "object", - "properties": { - "exampleValue": { - "type": "string", - "description": "", - "default": "common-chart" - } - } -} \ No newline at end of file diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml index 685fbbded..5a08be96b 100644 --- a/charts/bitnami/mysql/values.yaml +++ b/charts/bitnami/mysql/values.yaml @@ -85,7 +85,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.34-debian-11-r56 + tag: 8.0.34-debian-11-r75 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1019,7 +1019,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r72 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1053,7 +1053,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.0-debian-11-r50 + tag: 0.15.0-debian-11-r70 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 5e36c752c..f0580f4a0 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -6,11 +6,11 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r86 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: postgres-exporter - image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r14 + image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15 - name: postgresql - image: docker.io/bitnami/postgresql:16.0.0-debian-11-r10 + image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13 licenses: Apache-2.0 apiVersion: v2 appVersion: 16.0.0 @@ -38,4 +38,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 13.1.2 +version: 13.1.5 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index 9d06cfd1d..6bf879d6c 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -100,7 +100,7 @@ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r10` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `16.0.0-debian-11-r13` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -430,7 +430,7 @@ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -461,7 +461,7 @@ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r14` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r15` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index a402b3626..1c371fde7 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -98,7 +98,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 16.0.0-debian-11-r10 + tag: 16.0.0-debian-11-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1299,7 +1299,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1400,7 +1400,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.14.0-debian-11-r14 + tag: 0.14.0-debian-11-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index ae2b1aa93..9122523f5 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -6,13 +6,13 @@ annotations: category: Database images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r86 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.54.0-debian-11-r25 + image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0 - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r23 + image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r26 - name: redis - image: docker.io/bitnami/redis:7.2.1-debian-11-r24 + image: docker.io/bitnami/redis:7.2.1-debian-11-r26 licenses: Apache-2.0 apiVersion: v2 appVersion: 7.2.1 @@ -37,4 +37,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.1.4 +version: 18.1.5 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index 42fd531c5..31f4aaa66 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -101,7 +101,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | Redis® image registry | `docker.io` | | `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.2.1-debian-11-r24` | +| `image.tag` | Redis® image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` | | `image.digest` | Redis® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | | `image.pullSecrets` | Redis® image pull secrets | `[]` | @@ -353,7 +353,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | | `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | | `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r23` | +| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `7.2.1-debian-11-r26` | | `sentinel.image.digest` | Redis® Sentinel image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | | `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | @@ -483,7 +483,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | | `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | | `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.54.0-debian-11-r25` | +| `metrics.image.tag` | Redis® Exporter image tag (immutable tags are recommended) | `1.55.0-debian-11-r0` | | `metrics.image.digest` | Redis® Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | @@ -556,7 +556,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -566,7 +566,7 @@ The command removes all the Kubernetes components associated with the chart and | `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | | `sysctl.image.registry` | OS Shell + Utility image registry | `docker.io` | | `sysctl.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `sysctl.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r90` | | `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index 0d7046a50..6a924f6b8 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -91,7 +91,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.2.1-debian-11-r24 + tag: 7.2.1-debian-11-r26 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1056,7 +1056,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.2.1-debian-11-r23 + tag: 7.2.1-debian-11-r26 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1535,7 +1535,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.54.0-debian-11-r25 + tag: 1.55.0-debian-11-r0 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1809,7 +1809,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1857,7 +1857,7 @@ sysctl: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/spark/Chart.lock b/charts/bitnami/spark/Chart.lock index 1cea0d94a..cd89b723a 100644 --- a/charts/bitnami/spark/Chart.lock +++ b/charts/bitnami/spark/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.12.0 -digest: sha256:bee62139700f032539621dd38fa1d7285f277b91577c55ea26045254d33825ed -generated: "2023-09-22T15:00:35.390446338Z" + version: 2.13.2 +digest: sha256:551ae9c020597fd0a1d62967d9899a3c57a12e92f49e7a3967b6a187efdcaead +generated: "2023-10-11T19:24:47.809562539+02:00" diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index c9c140d4d..681ee801c 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -30,4 +30,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 8.0.0 +version: 8.0.1 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index 0a9ec9c8e..6d3884f01 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -26,8 +26,8 @@ Looking to use Apache Spark in production? Try [VMware Application Catalog](http ## Prerequisites -- Kubernetes 1.19+ -- Helm 3.2.0+ +- Kubernetes 1.23+ +- Helm 3.8.0+ ## Installing the Chart diff --git a/charts/bitnami/spark/charts/common/Chart.yaml b/charts/bitnami/spark/charts/common/Chart.yaml index 662a6d7d9..961b90f48 100644 --- a/charts/bitnami/spark/charts/common/Chart.yaml +++ b/charts/bitnami/spark/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.12.0 +appVersion: 2.13.2 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.12.0 +version: 2.13.2 diff --git a/charts/bitnami/spark/charts/common/templates/_capabilities.tpl b/charts/bitnami/spark/charts/common/templates/_capabilities.tpl index c6d115fe5..b1257397d 100644 --- a/charts/bitnami/spark/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/spark/charts/common/templates/_capabilities.tpl @@ -172,6 +172,50 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler. {{- end -}} {{- end -}} +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admisionConfiguration.supported" -}} +{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admisionConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + {{/* Returns true if the used Helm version is 3.3+. A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. diff --git a/charts/bitnami/spark/charts/common/templates/_images.tpl b/charts/bitnami/spark/charts/common/templates/_images.tpl index e248d6d08..1bcb779df 100644 --- a/charts/bitnami/spark/charts/common/templates/_images.tpl +++ b/charts/bitnami/spark/charts/common/templates/_images.tpl @@ -38,13 +38,21 @@ Return the proper Docker Image Registry Secret Names (deprecated: use common.ima {{- if .global }} {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} {{- end -}} {{- end -}} {{- range .images -}} {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} {{- end -}} {{- end -}} @@ -66,13 +74,21 @@ Return the proper Docker Image Registry Secret Names evaluating values as templa {{- if $context.Values.global }} {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} {{- end -}} {{- end -}} {{- range .images -}} {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/bitnami/spark/charts/common/templates/_labels.tpl b/charts/bitnami/spark/charts/common/templates/_labels.tpl index a3cdc2bfd..d90a6cdc0 100644 --- a/charts/bitnami/spark/charts/common/templates/_labels.tpl +++ b/charts/bitnami/spark/charts/common/templates/_labels.tpl @@ -11,13 +11,19 @@ Kubernetes standard labels */}} {{- define "common.labels.standard" -}} {{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service "app.kubernetes.io/version" .context.Chart.AppVersion) | toYaml }} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} {{- else -}} app.kubernetes.io/name: {{ include "common.names.name" . }} helm.sh/chart: {{ include "common.names.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} {{- end -}} {{- end -}} diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml index b18054557..09c105a11 100644 --- a/charts/bitnami/tomcat/Chart.yaml +++ b/charts/bitnami/tomcat/Chart.yaml @@ -6,9 +6,9 @@ annotations: category: ApplicationServer images: | - name: jmx-exporter - image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r92 + image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r95 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r89 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: tomcat image: docker.io/bitnami/tomcat:10.1.14-debian-11-r0 licenses: Apache-2.0 @@ -38,4 +38,4 @@ maintainers: name: tomcat sources: - https://github.com/bitnami/charts/tree/main/bitnami/tomcat -version: 10.10.8 +version: 10.10.9 diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md index 6637c64d9..ebd22c1f3 100644 --- a/charts/bitnami/tomcat/README.md +++ b/charts/bitnami/tomcat/README.md @@ -203,7 +203,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r89` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -218,7 +218,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r92` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r95` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml index 152c6666c..c533c957b 100644 --- a/charts/bitnami/tomcat/values.yaml +++ b/charts/bitnami/tomcat/values.yaml @@ -585,7 +585,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r89 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -645,7 +645,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.19.0-debian-11-r92 + tag: 0.19.0-debian-11-r95 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index 99a578454..8d91beb24 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.6.5 + version: 6.6.6 - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts version: 14.0.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.13.2 -digest: sha256:56af54f8c9da680706e077608eeb82670e54813036ef65c52f5a3bae7307e7d5 -generated: "2023-10-11T09:06:34.349749115+02:00" +digest: sha256:c66dd64975462f260a3567f1be12d8a15cad7c4555c2a7d588317e16373a3221 +generated: "2023-10-12T22:50:16.851138264Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 5ab791c79..b82749c80 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -6,14 +6,14 @@ annotations: category: CMS images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.2-debian-11-r8 + image: docker.io/bitnami/apache-exporter:1.0.2-debian-11-r10 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r86 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: wordpress - image: docker.io/bitnami/wordpress:6.3.1-debian-11-r32 + image: docker.io/bitnami/wordpress:6.3.2-debian-11-r0 licenses: Apache-2.0 apiVersion: v2 -appVersion: 6.3.1 +appVersion: 6.3.2 dependencies: - condition: memcached.enabled name: memcached @@ -47,4 +47,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 18.0.0 +version: 18.0.6 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index a7ecf7475..c3929db1b 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -78,15 +78,15 @@ The command removes all the Kubernetes components associated with the chart and ### WordPress Image parameters -| Name | Description | Value | -| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | WordPress image registry | `docker.io` | -| `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.1-debian-11-r32` | -| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | -| `image.pullSecrets` | WordPress image pull secrets | `[]` | -| `image.debug` | Specify if debug values should be set | `false` | +| Name | Description | Value | +| ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- | +| `image.registry` | WordPress image registry | `docker.io` | +| `image.repository` | WordPress image repository | `bitnami/wordpress` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.2-debian-11-r0` | +| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | +| `image.pullSecrets` | WordPress image pull secrets | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | ### WordPress Configuration parameters @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` | | `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r86` | +| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.2-debian-11-r8` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.2-debian-11-r10` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | @@ -642,4 +642,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/charts/bitnami/wordpress/charts/memcached/Chart.yaml b/charts/bitnami/wordpress/charts/memcached/Chart.yaml index 1987d558b..245c306d8 100644 --- a/charts/bitnami/wordpress/charts/memcached/Chart.yaml +++ b/charts/bitnami/wordpress/charts/memcached/Chart.yaml @@ -2,11 +2,11 @@ annotations: category: Infrastructure images: | - name: memcached-exporter - image: docker.io/bitnami/memcached-exporter:0.13.0-debian-11-r120 + image: docker.io/bitnami/memcached-exporter:0.13.0-debian-11-r121 - name: memcached image: docker.io/bitnami/memcached:1.6.21-debian-11-r107 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r89 + image: docker.io/bitnami/os-shell:11-debian-11-r90 licenses: Apache-2.0 apiVersion: v2 appVersion: 1.6.21 @@ -30,4 +30,4 @@ maintainers: name: memcached sources: - https://github.com/bitnami/charts/tree/main/bitnami/memcached -version: 6.6.5 +version: 6.6.6 diff --git a/charts/bitnami/wordpress/charts/memcached/README.md b/charts/bitnami/wordpress/charts/memcached/README.md index f4555ba1c..485350b8f 100644 --- a/charts/bitnami/wordpress/charts/memcached/README.md +++ b/charts/bitnami/wordpress/charts/memcached/README.md @@ -207,7 +207,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r89` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -217,7 +217,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Memcached exporter image registry | `docker.io` | | `metrics.image.repository` | Memcached exporter image repository | `bitnami/memcached-exporter` | -| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r120` | +| `metrics.image.tag` | Memcached exporter image tag (immutable tags are recommended) | `0.13.0-debian-11-r121` | | `metrics.image.digest` | Memcached exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/wordpress/charts/memcached/values.yaml b/charts/bitnami/wordpress/charts/memcached/values.yaml index 345bee68c..cad0625ff 100644 --- a/charts/bitnami/wordpress/charts/memcached/values.yaml +++ b/charts/bitnami/wordpress/charts/memcached/values.yaml @@ -515,7 +515,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r89 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -560,7 +560,7 @@ metrics: image: registry: docker.io repository: bitnami/memcached-exporter - tag: 0.13.0-debian-11-r120 + tag: 0.13.0-debian-11-r121 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 3e5a2f5de..a8af8be64 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.3.1-debian-11-r32 + tag: 6.3.2-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -766,7 +766,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r86 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -860,7 +860,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.2-debian-11-r8 + tag: 1.0.2-debian-11-r10 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index 682fd777d..fa8e1ec44 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -6,9 +6,9 @@ annotations: category: Infrastructure images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r89 + image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: zookeeper - image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r0 + image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r1 licenses: Apache-2.0 apiVersion: v2 appVersion: 3.9.1 @@ -30,4 +30,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 12.1.4 +version: 12.1.6 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index fa96ee8ac..2c6685664 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r0` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.9.1-debian-11-r1` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r89` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r90` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index 825cb9c50..06bcb14e8 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -79,7 +79,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.9.1-debian-11-r0 + tag: 3.9.1-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -663,7 +663,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r89 + tag: 11-debian-11-r90 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/dynatrace/dynatrace-operator/Chart.yaml b/charts/dynatrace/dynatrace-operator/Chart.yaml index 172f292c6..c4e52e56f 100644 --- a/charts/dynatrace/dynatrace-operator/Chart.yaml +++ b/charts/dynatrace/dynatrace-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19.0-0' catalog.cattle.io/release-name: dynatrace-operator apiVersion: v2 -appVersion: 0.13.0 +appVersion: 0.14.0 description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift home: https://www.dynatrace.com/ icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png @@ -20,4 +20,4 @@ name: dynatrace-operator sources: - https://github.com/Dynatrace/dynatrace-operator type: application -version: 0.13.0 +version: 0.14.0 diff --git a/charts/dynatrace/dynatrace-operator/README.md b/charts/dynatrace/dynatrace-operator/README.md index 9e21adbdf..a9f653acf 100644 --- a/charts/dynatrace/dynatrace-operator/README.md +++ b/charts/dynatrace/dynatrace-operator/README.md @@ -5,6 +5,7 @@ The Dynatrace Operator supports rollout and lifecycle of various Dynatrace compo This Helm Chart requires Helm 3. ## Quick Start + Migration instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-dto-helm#migrate). Install the Dynatrace Operator via Helm by running the following commands. @@ -15,19 +16,23 @@ Install the Dynatrace Operator via Helm by running the following commands. > [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm) Add `dynatrace` helm repository: -``` + +```console helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable ``` Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace: + ```console helm install dynatrace-operator dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic ``` ## Uninstall chart + > Full instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm#uninstall-dynatrace-operator) Uninstall the Dynatrace Operator by running the following command: + ```console helm uninstall dynatrace-operator -n dynatrace ``` diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml index 2538d1faa..149bd7484 100644 --- a/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml +++ b/charts/dynatrace/dynatrace-operator/templates/Common/crd/dynatrace-operator-crd.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.13.0 name: dynakubes.dynatrace.com spec: conversion: @@ -267,7 +267,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceAccountName: @@ -538,7 +539,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceAccountName: @@ -820,7 +822,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceAccountName: @@ -1079,13 +1082,12 @@ spec: description: DynaKubeSpec defines the desired state of DynaKube properties: activeGate: - description: General configuration about ActiveGate instances + description: General configuration about ActiveGate instances. properties: annotations: additionalProperties: type: string - description: 'Optional: Adds additional annotations to the ActiveGate - pods' + description: Adds additional annotations to the ActiveGate pods type: object capabilities: description: Activegate capabilities enabled (routing, kubernetes-monitoring, @@ -1094,21 +1096,24 @@ spec: type: string type: array customProperties: - description: 'Optional: Add a custom properties file by providing - it as a value or reference it from a secret If referenced from - a secret, make sure the key is called ''customProperties''' + description: Add a custom properties file by providing it as a + value or reference it from a secret If referenced from a secret, + make sure the key is called 'customProperties' properties: value: + description: Custom properties value. + nullable: true type: string valueFrom: + description: Custom properties secret. + nullable: true type: string type: object dnsPolicy: - description: 'Optional: Sets DNS Policy for the ActiveGate pods' + description: Sets DNS Policy for the ActiveGate pods type: string env: - description: 'Optional: List of environment variables to set for - the ActiveGate' + description: List of environment variables to set for the ActiveGate items: description: EnvVar represents an environment variable present in a Container. @@ -1222,38 +1227,35 @@ spec: type: object type: array group: - description: 'Optional: Set activation group for ActiveGate' + description: Set activation group for ActiveGate type: string image: - description: 'Optional: the ActiveGate container image. Defaults - to the latest ActiveGate image provided by the registry on the - tenant' + description: The ActiveGate container image. Defaults to the latest + ActiveGate image provided by the registry on the tenant type: string labels: additionalProperties: type: string - description: 'Optional: Adds additional labels for the ActiveGate - pods' + description: Adds additional labels for the ActiveGate pods type: object nodeSelector: additionalProperties: type: string - description: 'Optional: Node selector to control the selection - of nodes' + description: Node selector to control the selection of nodes type: object priorityClassName: - description: 'Optional: If specified, indicates the pod''s priority. - Name must be defined by creating a PriorityClass object with - that name. If not specified the setting will be removed from - the StatefulSet.' + description: If specified, indicates the pod's priority. Name + must be defined by creating a PriorityClass object with that + name. If not specified the setting will be removed from the + StatefulSet. type: string replicas: description: Amount of replicas for your ActiveGates format: int32 type: integer resources: - description: 'Optional: define resources requests and limits for - single ActiveGate pods' + description: Define resources requests and limits for single ActiveGate + pods properties: claims: description: "Claims lists the names of resources, defined @@ -1297,18 +1299,18 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object tlsSecretName: - description: 'Optional: the name of a secret containing ActiveGate - TLS cert+key and password. If not set, self-signed certificate - is used. server.p12: certificate+key pair in pkcs12 format password: - passphrase to read server.p12' + description: 'The name of a secret containing ActiveGate TLS cert+key + and password. If not set, self-signed certificate is used. server.p12: + certificate+key pair in pkcs12 format password: passphrase to + read server.p12' type: string tolerations: - description: 'Optional: set tolerations for the ActiveGatePods - pods' + description: Set tolerations for the ActiveGate pods items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using @@ -1349,8 +1351,8 @@ spec: type: object type: array topologySpreadConstraints: - description: 'Optional: Adds TopologySpreadConstraints for the - ActiveGate pods' + description: Adds TopologySpreadConstraints for the ActiveGate + pods items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. @@ -1404,14 +1406,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select the pods over which spreading will be calculated. + description: "MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + will be calculated for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't + set. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature gate to + be enabled (enabled by default)." items: type: string type: array @@ -1525,35 +1532,46 @@ spec: type: array type: object apiUrl: - description: Location of the Dynatrace API to connect to, including - your specific environment UUID + description: Dynatrace apiUrl, including the /api path at the end. + For SaaS, set YOUR_ENVIRONMENT_ID to your environment ID. For Managed, + change the apiUrl address. For instructions on how to determine + the environment ID and how to configure the apiUrl address, see + Environment ID (https://www.dynatrace.com/support/help/get-started/monitoring-environment/environment-id). type: string customPullSecret: - description: 'Optional: Pull secret for your private registry' + description: Defines a custom pull secret in case you use a private + registry when pulling images from the Dynatrace environment. To + define a custom pull secret and learn about the expected behavior, + see Configure customPullSecret (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/get-started-with-kubernetes-monitoring/dto-config-options-k8s#custompullsecret). type: string enableIstio: - description: If enabled, Istio on the cluster will be configured automatically - to allow access to the Dynatrace environment + description: When enabled, and if Istio is installed on the Kubernetes + environment, Dynatrace Operator will create the corresponding VirtualService + and ServiceEntry objects to allow access to the Dynatrace Cluster + from the OneAgent or ActiveGate. Disabled by default. type: boolean kubernetesMonitoring: - description: 'Deprecated: Configuration for Kubernetes Monitoring' + description: Configuration for Kubernetes Monitoring properties: customProperties: - description: 'Optional: Add a custom properties file by providing - it as a value or reference it from a secret If referenced from - a secret, make sure the key is called ''customProperties''' + description: Add a custom properties file by providing it as a + value or reference it from a secret If referenced from a secret, + make sure the key is called 'customProperties' properties: value: + description: Custom properties value. + nullable: true type: string valueFrom: + description: Custom properties secret. + nullable: true type: string type: object enabled: description: Enables Capability type: boolean env: - description: 'Optional: List of environment variables to set for - the ActiveGate' + description: List of environment variables to set for the ActiveGate items: description: EnvVar represents an environment variable present in a Container. @@ -1667,32 +1685,29 @@ spec: type: object type: array group: - description: 'Optional: Set activation group for ActiveGate' + description: Set activation group for ActiveGate type: string image: - description: 'Optional: the ActiveGate container image. Defaults - to the latest ActiveGate image provided by the registry on the - tenant' + description: The ActiveGate container image. Defaults to the latest + ActiveGate image provided by the registry on the tenant type: string labels: additionalProperties: type: string - description: 'Optional: Adds additional labels for the ActiveGate - pods' + description: Adds additional labels for the ActiveGate pods type: object nodeSelector: additionalProperties: type: string - description: 'Optional: Node selector to control the selection - of nodes' + description: Node selector to control the selection of nodes type: object replicas: description: Amount of replicas for your ActiveGates format: int32 type: integer resources: - description: 'Optional: define resources requests and limits for - single ActiveGate pods' + description: Define resources requests and limits for single ActiveGate + pods properties: claims: description: "Claims lists the names of resources, defined @@ -1736,12 +1751,12 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object tolerations: - description: 'Optional: set tolerations for the ActiveGatePods - pods' + description: Set tolerations for the ActiveGate pods items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using @@ -1782,8 +1797,8 @@ spec: type: object type: array topologySpreadConstraints: - description: 'Optional: Adds TopologySpreadConstraints for the - ActiveGate pods' + description: Adds TopologySpreadConstraints for the ActiveGate + pods items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. @@ -1837,14 +1852,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select the pods over which spreading will be calculated. + description: "MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + will be calculated for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't + set. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature gate to + be enabled (enabled by default)." items: type: string type: array @@ -1958,9 +1978,10 @@ spec: type: array type: object namespaceSelector: - description: 'Optional: set a namespace selector to limit which namespaces - are monitored By default, all namespaces will be monitored Has no - effect during classicFullStack and hostMonitoring mode' + description: Applicable only for applicationMonitoring or cloudNativeFullStack + configuration types. The namespaces where you want Dynatrace Operator + to inject. For more information, see Configure monitoring for namespaces + and pods (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/get-started-with-kubernetes-monitoring/dto-config-options-k8s#annotate). properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -2005,25 +2026,27 @@ spec: type: object x-kubernetes-map-type: atomic networkZone: - description: 'Optional: Sets Network Zone for OneAgent and ActiveGate - pods' + description: Sets a network zone for the OneAgent and ActiveGate pods. type: string oneAgent: - description: General configuration about OneAgent instances + description: General configuration about OneAgent instances. You can't + enable more than one module (classicFullStack, cloudNativeFullStack, + hostMonitoring, or applicationMonitoring). properties: applicationMonitoring: - description: 'Optional: enable application-only monitoring and - change its settings Cannot be used in conjunction with cloud-native - fullstack monitoring, classic fullstack monitoring or host monitoring' + description: dynatrace-webhook injects into application pods based + on labeled namespaces. Has an optional CSI driver per node via + DaemonSet to provide binaries to pods. nullable: true properties: codeModulesImage: - description: 'Optional: the Dynatrace installer container - image' + description: The OneAgent image that is used to inject into + Pods. type: string initResources: - description: 'Optional: define resources requests and limits - for the initContainer' + description: Define resources requests and limits for the + initContainer. For details, see Managing resources for containers + (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers). properties: claims: description: "Claims lists the names of resources, defined @@ -2068,48 +2091,48 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object useCSIDriver: - description: 'Optional: If you want to use CSIDriver; disable - if your cluster does not have ''nodes'' to fall back to - the volume approach.' + description: Set if you want to use the CSIDriver. Don't enable + it if you do not have access to Kubernetes nodes or if you + lack privileges. type: boolean version: - description: 'Optional: If specified, indicates the OneAgent - version to use Defaults to latest Example: {major.minor.release} - - 1.200.0' + description: The OneAgent version to be used. type: string type: object classicFullStack: - description: 'Optional: enable classic fullstack monitoring and - change its settings Cannot be used in conjunction with cloud-native - fullstack monitoring, application monitoring or host monitoring' + description: Has a single OneAgent per node via DaemonSet. Injection + is performed via the same OneAgent DaemonSet. nullable: true properties: annotations: additionalProperties: type: string - description: 'Optional: Adds additional annotations to the - OneAgent pods' + description: Add custom OneAgent annotations. type: object args: - description: 'Optional: Arguments to the OneAgent installer' + description: Set additional arguments to the OneAgent installer. + For available options, see Linux custom installation (https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/linux/installation/customize-oneagent-installation-on-linux). + For the list of limitations, see Limitations (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/docker/set-up-dynatrace-oneagent-as-docker-container#limitations). items: type: string type: array x-kubernetes-list-type: set autoUpdate: - description: 'Optional: Enables automatic restarts of OneAgent - pods in case a new version is available Defaults to true' + description: Disables automatic restarts of OneAgent pods + in case a new version is available (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/get-started-with-kubernetes-monitoring#disable-auto). + Enabled by default. type: boolean dnsPolicy: - description: 'Optional: Sets DNS Policy for the OneAgent pods' + description: Set the DNS Policy for OneAgent pods. For details, + see Pods DNS Policy (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy). type: string env: - description: 'Optional: List of environment variables to set - for the installer' + description: Set additional environment variables for the + OneAgent pods. items: description: EnvVar represents an environment variable present in a Container. @@ -2227,25 +2250,27 @@ spec: type: object type: array image: - description: 'Optional: the Dynatrace installer container - image Defaults to the registry on the tenant for both Kubernetes - and for OpenShift' + description: Use a custom OneAgent Docker image. Defaults + to the image from the Dynatrace cluster. type: string labels: additionalProperties: type: string - description: 'Optional: Adds additional labels for the OneAgent - pods' + description: Your defined labels for OneAgent pods in order + to structure workloads as desired. type: object nodeSelector: additionalProperties: type: string - description: Node selector to control the selection of nodes - (optional) + description: Specify the node selector that controls on which + nodes OneAgent will be deployed. type: object oneAgentResources: - description: 'Optional: define resources requests and limits - for single pods' + description: 'Resource settings for OneAgent container. Consumption + of the OneAgent heavily depends on the workload to monitor. + You can use the default settings in the CR. Note: resource.requests + shows the values needed to run; resource.limits shows the + maximum limits for the pod.' properties: claims: description: "Claims lists the names of resources, defined @@ -2290,17 +2315,17 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object priorityClassName: - description: 'Optional: If specified, indicates the pod''s - priority. Name must be defined by creating a PriorityClass - object with that name. If not specified the setting will - be removed from the DaemonSet.' + description: Assign a priority class to the OneAgent pods. + By default, no class is set. For details, see Pod Priority + and Preemption (https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/). type: string tolerations: - description: 'Optional: set tolerations for the OneAgent pods' + description: Tolerations to include with the OneAgent DaemonSet. + For details, see Taints and Tolerations (https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using @@ -2342,43 +2367,44 @@ spec: type: object type: array version: - description: 'Optional: If specified, indicates the OneAgent - version to use Defaults to latest Example: {major.minor.release} - - 1.200.0' + description: The OneAgent version to be used. type: string type: object cloudNativeFullStack: - description: 'Optional: enable cloud-native fullstack monitoring - and change its settings Cannot be used in conjunction with classic - fullstack monitoring, application monitoring or host monitoring' + description: Has a single OneAgent per node via DaemonSet. dynatrace-webhook + injects into application pods based on labeled namespaces. Has + a CSI driver per node via DaemonSet to provide binaries to pods. nullable: true properties: annotations: additionalProperties: type: string - description: 'Optional: Adds additional annotations to the - OneAgent pods' + description: Add custom OneAgent annotations. type: object args: - description: 'Optional: Arguments to the OneAgent installer' + description: Set additional arguments to the OneAgent installer. + For available options, see Linux custom installation (https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/linux/installation/customize-oneagent-installation-on-linux). + For the list of limitations, see Limitations (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/docker/set-up-dynatrace-oneagent-as-docker-container#limitations). items: type: string type: array x-kubernetes-list-type: set autoUpdate: - description: 'Optional: Enables automatic restarts of OneAgent - pods in case a new version is available Defaults to true' + description: Disables automatic restarts of OneAgent pods + in case a new version is available (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/get-started-with-kubernetes-monitoring#disable-auto). + Enabled by default. type: boolean codeModulesImage: - description: 'Optional: the Dynatrace installer container - image' + description: The OneAgent image that is used to inject into + Pods. type: string dnsPolicy: - description: 'Optional: Sets DNS Policy for the OneAgent pods' + description: Set the DNS Policy for OneAgent pods. For details, + see Pods DNS Policy (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy). type: string env: - description: 'Optional: List of environment variables to set - for the installer' + description: Set additional environment variables for the + OneAgent pods. items: description: EnvVar represents an environment variable present in a Container. @@ -2496,13 +2522,13 @@ spec: type: object type: array image: - description: 'Optional: the Dynatrace installer container - image Defaults to the registry on the tenant for both Kubernetes - and for OpenShift' + description: Use a custom OneAgent Docker image. Defaults + to the image from the Dynatrace cluster. type: string initResources: - description: 'Optional: define resources requests and limits - for the initContainer' + description: Define resources requests and limits for the + initContainer. For details, see Managing resources for containers + (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers). properties: claims: description: "Claims lists the names of resources, defined @@ -2547,24 +2573,27 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object labels: additionalProperties: type: string - description: 'Optional: Adds additional labels for the OneAgent - pods' + description: Your defined labels for OneAgent pods in order + to structure workloads as desired. type: object nodeSelector: additionalProperties: type: string - description: Node selector to control the selection of nodes - (optional) + description: Specify the node selector that controls on which + nodes OneAgent will be deployed. type: object oneAgentResources: - description: 'Optional: define resources requests and limits - for single pods' + description: 'Resource settings for OneAgent container. Consumption + of the OneAgent heavily depends on the workload to monitor. + You can use the default settings in the CR. Note: resource.requests + shows the values needed to run; resource.limits shows the + maximum limits for the pod.' properties: claims: description: "Claims lists the names of resources, defined @@ -2609,17 +2638,17 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object priorityClassName: - description: 'Optional: If specified, indicates the pod''s - priority. Name must be defined by creating a PriorityClass - object with that name. If not specified the setting will - be removed from the DaemonSet.' + description: Assign a priority class to the OneAgent pods. + By default, no class is set. For details, see Pod Priority + and Preemption (https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/). type: string tolerations: - description: 'Optional: set tolerations for the OneAgent pods' + description: Tolerations to include with the OneAgent DaemonSet. + For details, see Taints and Tolerations (https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using @@ -2661,39 +2690,39 @@ spec: type: object type: array version: - description: 'Optional: If specified, indicates the OneAgent - version to use Defaults to latest Example: {major.minor.release} - - 1.200.0' + description: The OneAgent version to be used. type: string type: object hostMonitoring: - description: 'Optional: enable host monitoring and change its - settings Cannot be used in conjunction with cloud-native fullstack - monitoring, classic fullstack monitoring or application monitoring' + description: Has a single OneAgent per node via DaemonSet. Doesn't + inject into application pods. nullable: true properties: annotations: additionalProperties: type: string - description: 'Optional: Adds additional annotations to the - OneAgent pods' + description: Add custom OneAgent annotations. type: object args: - description: 'Optional: Arguments to the OneAgent installer' + description: Set additional arguments to the OneAgent installer. + For available options, see Linux custom installation (https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-oneagent/installation-and-operation/linux/installation/customize-oneagent-installation-on-linux). + For the list of limitations, see Limitations (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/docker/set-up-dynatrace-oneagent-as-docker-container#limitations). items: type: string type: array x-kubernetes-list-type: set autoUpdate: - description: 'Optional: Enables automatic restarts of OneAgent - pods in case a new version is available Defaults to true' + description: Disables automatic restarts of OneAgent pods + in case a new version is available (https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/get-started-with-kubernetes-monitoring#disable-auto). + Enabled by default. type: boolean dnsPolicy: - description: 'Optional: Sets DNS Policy for the OneAgent pods' + description: Set the DNS Policy for OneAgent pods. For details, + see Pods DNS Policy (https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy). type: string env: - description: 'Optional: List of environment variables to set - for the installer' + description: Set additional environment variables for the + OneAgent pods. items: description: EnvVar represents an environment variable present in a Container. @@ -2811,25 +2840,27 @@ spec: type: object type: array image: - description: 'Optional: the Dynatrace installer container - image Defaults to the registry on the tenant for both Kubernetes - and for OpenShift' + description: Use a custom OneAgent Docker image. Defaults + to the image from the Dynatrace cluster. type: string labels: additionalProperties: type: string - description: 'Optional: Adds additional labels for the OneAgent - pods' + description: Your defined labels for OneAgent pods in order + to structure workloads as desired. type: object nodeSelector: additionalProperties: type: string - description: Node selector to control the selection of nodes - (optional) + description: Specify the node selector that controls on which + nodes OneAgent will be deployed. type: object oneAgentResources: - description: 'Optional: define resources requests and limits - for single pods' + description: 'Resource settings for OneAgent container. Consumption + of the OneAgent heavily depends on the workload to monitor. + You can use the default settings in the CR. Note: resource.requests + shows the values needed to run; resource.limits shows the + maximum limits for the pod.' properties: claims: description: "Claims lists the names of resources, defined @@ -2874,17 +2905,17 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object priorityClassName: - description: 'Optional: If specified, indicates the pod''s - priority. Name must be defined by creating a PriorityClass - object with that name. If not specified the setting will - be removed from the DaemonSet.' + description: Assign a priority class to the OneAgent pods. + By default, no class is set. For details, see Pod Priority + and Preemption (https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/). type: string tolerations: - description: 'Optional: set tolerations for the OneAgent pods' + description: Tolerations to include with the OneAgent DaemonSet. + For details, see Taints and Tolerations (https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/). items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using @@ -2926,40 +2957,46 @@ spec: type: object type: array version: - description: 'Optional: If specified, indicates the OneAgent - version to use Defaults to latest Example: {major.minor.release} - - 1.200.0' + description: The OneAgent version to be used. type: string type: object type: object proxy: - description: 'Optional: Set custom proxy settings either directly - or from a secret with the field ''proxy''' + description: 'Set custom proxy settings either directly or from a + secret with the field proxy. Note: Applies to Dynatrace Operator, + ActiveGate, and OneAgents.' properties: value: + description: Proxy URL. It has preference over ValueFrom. + nullable: true type: string valueFrom: + description: Secret containing proxy URL. + nullable: true type: string type: object routing: - description: 'Deprecated: Configuration for Routing' + description: Configuration for Routing properties: customProperties: - description: 'Optional: Add a custom properties file by providing - it as a value or reference it from a secret If referenced from - a secret, make sure the key is called ''customProperties''' + description: Add a custom properties file by providing it as a + value or reference it from a secret If referenced from a secret, + make sure the key is called 'customProperties' properties: value: + description: Custom properties value. + nullable: true type: string valueFrom: + description: Custom properties secret. + nullable: true type: string type: object enabled: description: Enables Capability type: boolean env: - description: 'Optional: List of environment variables to set for - the ActiveGate' + description: List of environment variables to set for the ActiveGate items: description: EnvVar represents an environment variable present in a Container. @@ -3073,32 +3110,29 @@ spec: type: object type: array group: - description: 'Optional: Set activation group for ActiveGate' + description: Set activation group for ActiveGate type: string image: - description: 'Optional: the ActiveGate container image. Defaults - to the latest ActiveGate image provided by the registry on the - tenant' + description: The ActiveGate container image. Defaults to the latest + ActiveGate image provided by the registry on the tenant type: string labels: additionalProperties: type: string - description: 'Optional: Adds additional labels for the ActiveGate - pods' + description: Adds additional labels for the ActiveGate pods type: object nodeSelector: additionalProperties: type: string - description: 'Optional: Node selector to control the selection - of nodes' + description: Node selector to control the selection of nodes type: object replicas: description: Amount of replicas for your ActiveGates format: int32 type: integer resources: - description: 'Optional: define resources requests and limits for - single ActiveGate pods' + description: Define resources requests and limits for single ActiveGate + pods properties: claims: description: "Claims lists the names of resources, defined @@ -3142,12 +3176,12 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object tolerations: - description: 'Optional: set tolerations for the ActiveGatePods - pods' + description: Set tolerations for the ActiveGate pods items: description: The pod this Toleration is attached to tolerates any taint that matches the triple using @@ -3188,8 +3222,8 @@ spec: type: object type: array topologySpreadConstraints: - description: 'Optional: Adds TopologySpreadConstraints for the - ActiveGate pods' + description: Adds TopologySpreadConstraints for the ActiveGate + pods items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. @@ -3243,14 +3277,19 @@ spec: type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys to - select the pods over which spreading will be calculated. + description: "MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A null - or empty list means only match against labelSelector. + will be calculated for the incoming pod. The same key + is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't + set. Keys that don't exist in the incoming pod labels + will be ignored. A null or empty list means only match + against labelSelector. \n This is a beta field and requires + the MatchLabelKeysInPodTopologySpread feature gate to + be enabled (enabled by default)." items: type: string type: array @@ -3364,16 +3403,18 @@ spec: type: array type: object skipCertCheck: - description: Disable certificate validation checks for installer download - and API communication + description: Disable certificate check for the connection between + Dynatrace Operator and the Dynatrace Cluster. Set to true if you + want to skip certification validation checks. type: boolean tokens: - description: Credentials for the DynaKube to connect back to Dynatrace. + description: Name of the secret holding the tokens used for connecting + to Dynatrace. type: string trustedCAs: - description: 'Optional: Adds custom RootCAs from a configmap This - property only affects certificates used to communicate with the - Dynatrace API. The property is not applied to the ActiveGate' + description: 'Adds custom RootCAs from a configmap. Put the certificate + under certs within your configmap. Note: Applies only to Dynatrace + Operator and OneAgent, not to ActiveGate.' type: string required: - apiUrl @@ -3382,37 +3423,55 @@ spec: description: DynaKubeStatus defines the observed state of DynaKube properties: activeGate: + description: Observed state of ActiveGate properties: connectionInfoStatus: + description: Information about Active Gate's connections properties: endpoints: + description: Available connection endpoints type: string lastRequest: + description: Time of the last connection request format: date-time type: string tenantUUID: + description: UUID of the tenant, received from the tenant type: string type: object imageID: + description: Image ID type: string lastProbeTimestamp: + description: Indicates when the last check for a new version was + performed format: date-time type: string source: + description: Source of the image (tenant-registry, public-registry, + ...) type: string version: + description: Image version type: string type: object codeModules: + description: Observed state of Code Modules properties: imageID: + description: Image ID type: string lastProbeTimestamp: + description: Indicates when the last check for a new version was + performed format: date-time type: string source: + description: Source of the image (tenant-registry, public-registry, + ...) type: string version: + description: Image version type: string type: object conditions: @@ -3486,8 +3545,10 @@ spec: type: object type: array dynatraceApi: + description: Observed state of Dynatrace API properties: lastTokenScopeRequest: + description: Time of the last token request format: date-time type: string type: object @@ -3496,55 +3557,77 @@ spec: cluster type: string lastTokenProbeTimestamp: - description: 'Deprecated: use DynatraceApiStatus.LastTokenScopeRequest - instead LastTokenProbeTimestamp tracks when the last request for - the API token validity was sent' + description: LastTokenProbeTimestamp tracks when the last request + for the API token validity was sent format: date-time type: string oneAgent: + description: Observed state of OneAgent properties: connectionInfoStatus: + description: Information about OneAgent's connections properties: communicationHosts: + description: List of communication hosts items: properties: host: + description: Host domain type: string port: + description: Connection port format: int32 type: integer protocol: + description: Connection protocol type: string type: object type: array endpoints: + description: Available connection endpoints type: string lastRequest: + description: Time of the last connection request format: date-time type: string tenantUUID: + description: UUID of the tenant, received from the tenant type: string type: object + healthcheck: + description: Commands used for OneAgent's readiness probe + type: object + x-kubernetes-preserve-unknown-fields: true imageID: + description: Image ID type: string instances: additionalProperties: properties: ipAddress: + description: IP address of the pod type: string podName: + description: Name of the OneAgent pod type: string type: object + description: List of deployed OneAgent instances type: object lastInstanceStatusUpdate: + description: Time of the last instance status update format: date-time type: string lastProbeTimestamp: + description: Indicates when the last check for a new version was + performed format: date-time type: string source: + description: Source of the image (tenant-registry, public-registry, + ...) type: string version: + description: Image version type: string type: object phase: @@ -3552,15 +3635,22 @@ spec: ...) type: string synthetic: + description: Observed state of Synthetic properties: imageID: + description: Image ID type: string lastProbeTimestamp: + description: Indicates when the last check for a new version was + performed format: date-time type: string source: + description: Source of the image (tenant-registry, public-registry, + ...) type: string version: + description: Image version type: string type: object updatedTimestamp: @@ -3574,4 +3664,602 @@ spec: storage: true subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: edgeconnects.dynatrace.com +spec: + group: dynatrace.com + names: + categories: + - dynatrace + kind: EdgeConnect + listKind: EdgeConnectList + plural: edgeconnects + singular: edgeconnect + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiServer + name: ApiServer + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: EdgeConnect is the Schema for the EdgeConnect API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EdgeConnectSpec defines the desired state of EdgeConnect + properties: + annotations: + additionalProperties: + type: string + description: Adds additional annotations to the EdgeConnect pods + type: object + apiServer: + description: Location of the Dynatrace API to connect to, including + your specific environment UUID + type: string + autoUpdate: + default: true + description: 'Enables automatic restarts of EdgeConnect pods in case + a new version is available (the default value is: true)' + type: boolean + customPullSecret: + description: Pull secret for your private registry + type: string + env: + description: Adds additional environment variables to the EdgeConnect + pods + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostRestrictions: + description: Restrict outgoing HTTP requests to your internal resources + to specified hosts + example: internal.example.org,*.dev.example.org + type: string + imageRef: + description: Overrides the default image + properties: + repository: + description: Custom EdgeConnect image repository + example: docker.io/dynatrace/edgeconnect + type: string + tag: + description: Indicates version of the EdgeConnect image to use + type: string + type: object + labels: + additionalProperties: + type: string + description: Adds additional labels to the EdgeConnect pods + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes for the + EdgeConnect pods + type: object + oauth: + description: EdgeConnect uses the OAuth client to authenticate itself + with the Dynatrace platform. + properties: + clientSecret: + description: Name of the secret that holds oauth clientId/secret + type: string + endpoint: + description: Token endpoint URL of Dynatrace SSO + type: string + resource: + description: URN identifying your account. You get the URN when + creating the OAuth client + type: string + required: + - clientSecret + - endpoint + - resource + type: object + replicas: + default: 1 + description: 'Amount of replicas for your EdgeConnect (the default + value is: 1)' + format: int32 + type: integer + resources: + description: Defines resources requests and limits for single pods + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tolerations: + description: Sets tolerations for the EdgeConnect pods + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: Sets topology spread constraints for the EdgeConnect + pods + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy + it. It''s a required field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but + giving higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable is + set to DoNotSchedule, incoming pod can only be scheduled to + zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on + zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* + imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + required: + - apiServer + - oauth + type: object + status: + description: EdgeConnectStatus defines the observed state of EdgeConnect + properties: + conditions: + description: Conditions includes status about the current state of + the instance + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: Defines the current state (Running, Updating, Error, + ...) + type: string + updatedTimestamp: + description: Indicates when the resource was last updated + format: date-time + type: string + version: + description: Version used for the Edgeconnect image + properties: + imageID: + description: Image ID + type: string + lastProbeTimestamp: + description: Indicates when the last check for a new version was + performed + format: date-time + type: string + source: + description: Source of the image (tenant-registry, public-registry, + ...) + type: string + version: + description: Image version + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} {{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml index cb812c202..c631bb7bf 100644 --- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml +++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/clusterrole-csi.yaml @@ -62,7 +62,7 @@ rules: - get - list - watch - {{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} + {{- if (eq (include "dynatrace-operator.platform" .) "openshift") }} - apiGroups: - security.openshift.io resourceNames: diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml index 8c25fb3e6..687950eb0 100644 --- a/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml +++ b/charts/dynatrace/dynatrace-operator/templates/Common/csi/daemonset.yaml @@ -59,6 +59,10 @@ spec: - csi-init terminationMessagePath: /dev/termination-log terminationMessagePolicy: File + resources: + {{- if .Values.csidriver.csiInit.resources }} + {{- toYaml .Values.csidriver.csiInit.resources | nindent 10 }} + {{- end }} securityContext: {{- toYaml .Values.csidriver.csiInit.securityContext| nindent 10 }} volumeMounts: diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/edge-connect/serviceaccount-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/edge-connect/serviceaccount-operator.yaml new file mode 100644 index 000000000..047c28c06 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/templates/Common/edge-connect/serviceaccount-operator.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-edgeconnect + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml index f407a82fc..ce63934b7 100644 --- a/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml +++ b/charts/dynatrace/dynatrace-operator/templates/Common/operator/role-operator.yaml @@ -25,6 +25,7 @@ rules: - dynatrace.com resources: - dynakubes + - edgeconnects verbs: - get - list @@ -36,6 +37,8 @@ rules: resources: - dynakubes/finalizers - dynakubes/status + - edgeconnects/finalizers + - edgeconnects/status verbs: - update @@ -70,6 +73,9 @@ rules: - get - list - watch + - create + - update + - delete - apiGroups: - apps resources: diff --git a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml index eb65ee12f..597700e41 100644 --- a/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml +++ b/charts/dynatrace/dynatrace-operator/templates/Common/webhook/validatingwebhookconfiguration.yaml @@ -42,4 +42,26 @@ webhooks: name: webhook.dynatrace.com timeoutSeconds: 10 sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + - v1alpha1 + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /validate/edgeconnect + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - dynatrace.com + apiVersions: + - v1alpha1 + resources: + - edgeconnects + name: edgeconnect.webhook.dynatrace.com + timeoutSeconds: 10 + sideEffects: None {{ end }} diff --git a/charts/dynatrace/dynatrace-operator/values.yaml b/charts/dynatrace/dynatrace-operator/values.yaml index e36249b60..7156e43c3 100644 --- a/charts/dynatrace/dynatrace-operator/values.yaml +++ b/charts/dynatrace/dynatrace-operator/values.yaml @@ -106,6 +106,13 @@ csidriver: level: s0 seccompProfile: type: RuntimeDefault + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 50m + memory: 100Mi server: securityContext: runAsUser: 0 diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index 345ea4148..b230b45c1 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.9.5 +appVersion: v0.9.6 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.9.5 +version: 0.9.6 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index 68addbfae..826f9d4a3 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.5](https://img.shields.io/badge/Version-0.9.5-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.6](https://img.shields.io/badge/Version-0.9.6-informational?style=flat-square) External secret management for Kubernetes diff --git a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml index fa5b35abc..e21270141 100644 --- a/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml +++ b/charts/external-secrets/external-secrets/templates/cert-controller-deployment.yaml @@ -73,7 +73,7 @@ spec: name: metrics readinessProbe: httpGet: - port: 8081 + port: {{ .Values.certController.readinessProbe.port }} path: /readyz initialDelaySeconds: 20 periodSeconds: 5 diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index 1d00ab97c..3b545439f 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -1640,11 +1640,72 @@ spec: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index f8ca038fb..43a260499 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -1640,11 +1640,72 @@ spec: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index a269723da..1732296e7 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.5 - helm.sh/chart: external-secrets-0.9.5 + app.kubernetes.io/version: v0.9.6 + helm.sh/chart: external-secrets-0.9.6 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.5 - helm.sh/chart: external-secrets-0.9.5 + app.kubernetes.io/version: v0.9.6 + helm.sh/chart: external-secrets-0.9.6 spec: automountServiceAccountToken: true containers: @@ -38,7 +38,7 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.5 + image: ghcr.io/external-secrets/external-secrets:v0.9.6 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index d8adfe5b8..e4a9665a4 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.5 - helm.sh/chart: external-secrets-0.9.5 + app.kubernetes.io/version: v0.9.6 + helm.sh/chart: external-secrets-0.9.6 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,14 +24,14 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.5 - helm.sh/chart: external-secrets-0.9.5 + app.kubernetes.io/version: v0.9.6 + helm.sh/chart: external-secrets-0.9.6 spec: automountServiceAccountToken: true containers: - args: - --concurrent=1 - image: ghcr.io/external-secrets/external-secrets:v0.9.5 + image: ghcr.io/external-secrets/external-secrets:v0.9.6 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap index ae40a7678..b078e7e23 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -1645,11 +1645,72 @@ should match snapshot of default values: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index ada4599d2..b0fd801a7 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.5 - helm.sh/chart: external-secrets-0.9.5 + app.kubernetes.io/version: v0.9.6 + helm.sh/chart: external-secrets-0.9.6 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.5 - helm.sh/chart: external-secrets-0.9.5 + app.kubernetes.io/version: v0.9.6 + helm.sh/chart: external-secrets-0.9.6 spec: automountServiceAccountToken: true containers: @@ -37,7 +37,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.5 + image: ghcr.io/external-secrets/external-secrets:v0.9.6 imagePullPolicy: IfNotPresent name: webhook ports: @@ -81,8 +81,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.5 + app.kubernetes.io/version: v0.9.6 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.5 + helm.sh/chart: external-secrets-0.9.6 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE diff --git a/charts/f5/nginx-ingress/Chart.yaml b/charts/f5/nginx-ingress/Chart.yaml index a71e9fd9a..5ac66f306 100644 --- a/charts/f5/nginx-ingress/Chart.yaml +++ b/charts/f5/nginx-ingress/Chart.yaml @@ -4,10 +4,10 @@ annotations: catalog.cattle.io/kube-version: '>= 1.22.0-0' catalog.cattle.io/release-name: nginx-ingress apiVersion: v2 -appVersion: 3.3.0 +appVersion: 3.3.1 description: NGINX Ingress Controller home: https://github.com/nginxinc/kubernetes-ingress -icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.0/deployments/helm-chart/chart-icon.png +icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.1/deployments/helm-chart/chart-icon.png keywords: - ingress - nginx @@ -17,6 +17,6 @@ maintainers: name: nginxinc name: nginx-ingress sources: -- https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.0/deployments/helm-chart +- https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.1/deployments/helm-chart type: application -version: 1.0.0 +version: 1.0.1 diff --git a/charts/f5/nginx-ingress/README.md b/charts/f5/nginx-ingress/README.md index 8e1371e0c..4535b7a3d 100644 --- a/charts/f5/nginx-ingress/README.md +++ b/charts/f5/nginx-ingress/README.md @@ -6,6 +6,9 @@ This chart deploys the NGINX Ingress Controller in your Kubernetes cluster. ## Prerequisites +**Note** All documentation should only be used with the latest stable release, indicated on +[the releases page](https://github.com/nginxinc/kubernetes-ingress/releases) of the GitHub repository. + - A [Kubernetes Version Supported by the Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/technical-specifications/#supported-kubernetes-versions) - Helm 3.0+. @@ -75,14 +78,14 @@ To install the chart with the release name my-release (my-release is the name th For NGINX: ```console -helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.1 ``` For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry `myregistry.example.com`) ```console -helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true +helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.1 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true ``` This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to @@ -97,7 +100,7 @@ CRDs](#upgrading-the-crds). To upgrade the release `my-release`: ```console -helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.0 +helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.1 ``` ### Uninstalling the Chart @@ -138,7 +141,7 @@ upgrading/deleting the CRDs. 1. Pull the chart sources: ```console - helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 1.0.0 + helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 1.0.1 ``` 2. Change your working directory to nginx-ingress: @@ -190,6 +193,131 @@ The command removes all the Kubernetes components associated with the release an Uninstalling the release does not remove the CRDs. To remove the CRDs, see [Uninstalling the CRDs](#uninstalling-the-crds). +## Upgrading without downtime + +### Background + +In NGINX Ingress Controller version 3.1.0, [changes were introduced](https://github.com/nginxinc/kubernetes-ingress/pull/3606) +to Helm resource names, labels and annotations to fit with Helm best practices. +When using Helm to upgrade from a version prior to 3.1.0, certain resources like Deployment, DaemonSet and Service will +be recreated due to the aforementioned changes, which will result in downtime. + +Although the advisory is to update all resources in accordance with new naming convention, to avoid the downtime +please follow the steps listed in this page. + +### Upgrade Steps + +**Note** The following steps apply to both 2.x and 3.0.x releases. + +The steps you should follow depend on the Helm release name: + +{{}} + +{{%tab name="Helm release name is `nginx-ingress`"%}} + +1. Use `kubectl describe` on deployment/daemonset to get the `Selector` value: + + ```shell + kubectl describe deployments -n + ``` + + Copy the key=value under `Selector`, such as: + + ```shell + Selector: app=nginx-ingress-nginx-ingress + ``` + +2. Checkout the latest available tag using `git checkout v3.3.1` + +3. Navigate to `/kubernates-ingress/deployments/helm-chart` + +4. Update the `selectorLabels: {}` field in the `values.yaml` file located at `/kubernates-ingress/deployments/helm-chart` +with the copied `Selector` value. + + ```shell + selectorLabels: {app: nginx-ingress-nginx-ingress} + ``` + +5. Run `helm upgrade` with following arguments set: + + ```shell + --set serviceNameOverride="nginx-ingress-nginx-ingress" + --set controller.name="" + --set fullnameOverride="nginx-ingress-nginx-ingress" + ``` + + It could look as follows: + + ```shell + helm upgrade nginx-ingress oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.19.0 --set controller.kind=deployment/daemonset --set controller.nginxplus=false/true --set controller.image.pullPolicy=Always --set serviceNameOverride="nginx-ingress-nginx-ingress" --set controller.name="" --set fullnameOverride="nginx-ingress-nginx-ingress" -f values.yaml + ``` + +6. Once the upgrade process has finished, use `kubectl describe` on the deployment to verify the change by +reviewing its events: + + ```shell + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal ScalingReplicaSet 9m11s deployment-controller Scaled up replica set nginx-ingress-nginx-ingress- to 1 + Normal ScalingReplicaSet 101s deployment-controller Scaled up replica set nginx-ingress-nginx-ingress- to 1 + Normal ScalingReplicaSet 98s deployment-controller Scaled down replica set nginx-ingress-nginx-ingress- to 0 from 1 + ``` + +{{%/tab%}} + +{{%tab name="Helm release name is not `nginx-ingress`"%}} + +1. Use `kubectl describe` on deployment/daemonset to get the `Selector` value: + + ```shell + kubectl describe deployment/daemonset -n + ``` + + Copy the key=value under ```Selector```, such as: + + ```shell + Selector: app=-nginx-ingress + ``` + +2. Checkout the latest available tag using `git checkout v3.3.1` + +3. Navigate to `/kubernates-ingress/deployments/helm-chart` + +4. Update the `selectorLabels: {}` field in the `values.yaml` file located at `/kubernates-ingress/deployments/helm-chart` +with the copied `Selector` value. + + ```shell + selectorLabels: {app: -nginx-ingress} + ``` + +5. Run `helm upgrade` with following arguments set: + + ```shell + --set serviceNameOverride="-nginx-ingress" + --set controller.name="" + ``` + + It could look as follows: + + ```shell + helm upgrade test-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 0.19.0 --set controller.kind=deployment/daemonset --set controller.nginxplus=false/true --set controller.image.pullPolicy=Always --set serviceNameOverride="test-release-nginx-ingress" --set controller.name="" -f values.yaml + ``` + +6. Once the upgrade process has finished, use `kubectl describe` on the deployment to verify the change by +reviewing its events: + + ```shell + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal ScalingReplicaSet 9m11s deployment-controller Scaled up replica set test-release-nginx-ingress- to 1 + Normal ScalingReplicaSet 101s deployment-controller Scaled up replica set test-release-nginx-ingress- to 1 + Normal ScalingReplicaSet 98s deployment-controller Scaled down replica set test-release-nginx-ingress- to 0 from 1 + ``` + +{{%/tab%}} + +{{}} + ## Running Multiple Ingress Controllers If you are running multiple Ingress Controller releases in your cluster with enabled custom resources, the releases will @@ -217,7 +345,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.logLevel` | The log level of the Ingress Controller. | 1 | |`controller.image.digest` | The image digest of the Ingress Controller. | None | |`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress | -|`controller.image.tag` | The tag of the Ingress Controller image. | 3.3.0 | +|`controller.image.tag` | The tag of the Ingress Controller image. | 3.3.1 | |`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent | |`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} | |`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" | @@ -225,8 +353,8 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.config.annotations` | The annotations of the Ingress Controller configmap. | {} | |`controller.config.entries` | The entries of the ConfigMap for customizing NGINX configuration. See [ConfigMap resource docs](https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/) for the list of supported ConfigMap keys. | {} | |`controller.customPorts` | A list of custom ports to expose on the NGINX Ingress Controller pod. Follows the conventional Kubernetes yaml syntax for container ports. | [] | -|`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. **Note:** By default, a pre-generated self-signed certificate is used. It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated self-signed certificate. | -|`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** By default, a pre-generated key is used. It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | A pre-generated key. | +|`controller.defaultTLS.cert` | The base64-encoded TLS certificate for the default HTTPS server. **Note:** It is recommended that you specify your own certificate. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | +|`controller.defaultTLS.key` | The base64-encoded TLS key for the default HTTPS server. **Note:** It is recommended that you specify your own key. Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | |`controller.defaultTLS.secret` | The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `/`. Used as an alternative to specifying a certificate and key using `controller.defaultTLS.cert` and `controller.defaultTLS.key` parameters. **Note:** Alternatively, omitting the default server secret completely will configure NGINX to reject TLS connections to the default server. | None | |`controller.wildcardTLS.cert` | The base64-encoded TLS certificate for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None | |`controller.wildcardTLS.key` | The base64-encoded TLS key for every Ingress/VirtualServer host that has TLS enabled but no secret specified. If the parameter is not set, for such Ingress/VirtualServer hosts NGINX will break any attempt to establish a TLS connection. | None | @@ -244,7 +372,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`controller.resources` | The resources of the Ingress Controller pods. | requests: cpu=100m,memory=128Mi | |`controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 | |`controller.ingressClass.name` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx | -|`controller.ingressClass.create` | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.0, do not set the value to false. | true | +|`controller.ingressClass.create` | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.1, do not set the value to false. | true | |`controller.ingressClass.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass.name`. Requires `controller.ingressClass.create`. | false | |`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" | |`controller.watchNamespaceLabel` | Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" | @@ -329,10 +457,17 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont |`prometheus.port` | Configures the port to scrape the metrics. | 9113 | |`prometheus.scheme` | Configures the HTTP scheme to use for connections to the Prometheus endpoint. | http | |`prometheus.secret` | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections. | "" | +|`prometheus.service.create` | Create a Headless service to expose prometheus metrics. Requires `prometheus.create`. | false | +|`prometheus.service.labels` | Kubernetes object labels to attach to the service object. | {service: "nginx-ingress-prometheus-service"} | +|`prometheus.serviceMonitor.create` | Create a ServiceMonitor custom resource. Requires ServiceMonitor CRD to be installed. For the latest CRD, check the latest release on the [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) GitHub repo under `example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml` | false | +|`prometheus.serviceMonitor.labels` | Kubernetes object labels to attach to the serviceMonitor object. | {} | +|`prometheus.serviceMonitor.selectorMatchLabels` | A set of labels to allow the selection of endpoints for the ServiceMonitor. | {service: "nginx-ingress-prometheus-service"} | +|`prometheus.serviceMonitor.endpoints` | A list of endpoints allowed as part of this ServiceMonitor. | [port: prometheus] | |`serviceInsight.create` | Expose NGINX Plus Service Insight endpoint. | false | |`serviceInsight.port` | Configures the port to expose endpoints. | 9114 | |`serviceInsight.scheme` | Configures the HTTP scheme to use for connections to the Service Insight endpoint. | http | |`serviceInsight.secret` | The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Service Insight endpoint with TLS connections. | "" | +|`serviceNameOverride` | Used to prevent cloud load balancers from being replaced due to service name change during helm upgrades. | "" | |`nginxServiceMesh.enable` | Enable integration with NGINX Service Mesh. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/) for more details. Requires `controller.nginxplus`. | false | |`nginxServiceMesh.enableEgress` | Enable NGINX Service Mesh workloads to route egress traffic through the Ingress Controller. See the NGINX Service Mesh [docs](https://docs.nginx.com/nginx-service-mesh/tutorials/kic/deploy-with-kic/#enabling-egress) for more details. Requires `nginxServiceMesh.enable`. | false | diff --git a/charts/f5/nginx-ingress/values-icp.yaml b/charts/f5/nginx-ingress/values-icp.yaml index cadf8d6b1..a48460b6a 100644 --- a/charts/f5/nginx-ingress/values-icp.yaml +++ b/charts/f5/nginx-ingress/values-icp.yaml @@ -4,7 +4,7 @@ controller: nginxplus: true image: repository: mycluster.icp:8500/kube-system/nginx-plus-ingress - tag: "3.3.0" + tag: "3.3.1" nodeSelector: beta.kubernetes.io/arch: "amd64" proxy: true diff --git a/charts/f5/nginx-ingress/values-plus.yaml b/charts/f5/nginx-ingress/values-plus.yaml index f62b8d65f..8f488af85 100644 --- a/charts/f5/nginx-ingress/values-plus.yaml +++ b/charts/f5/nginx-ingress/values-plus.yaml @@ -3,4 +3,4 @@ controller: nginxplus: true image: repository: nginx-plus-ingress - tag: "3.3.0" + tag: "3.3.1" diff --git a/charts/f5/nginx-ingress/values.yaml b/charts/f5/nginx-ingress/values.yaml index 13ed1e857..781742e97 100644 --- a/charts/f5/nginx-ingress/values.yaml +++ b/charts/f5/nginx-ingress/values.yaml @@ -75,7 +75,7 @@ controller: repository: nginx/nginx-ingress ## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag. - # tag: "3.3.0" + # tag: "3.3.1" ## The digest of the Ingress Controller image. ## If digest is specified it has precedence over tag and will be used instead @@ -232,7 +232,7 @@ controller: ## The Ingress Controller processes all the resources that do not have the "ingressClassName" field for all versions of kubernetes. name: nginx - ## Creates a new IngressClass object with the name "controller.ingressClass.name". Set to false to use an existing IngressClass with the same name. If you use helm upgrade, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.0, do not set the value to false. + ## Creates a new IngressClass object with the name "controller.ingressClass.name". Set to false to use an existing IngressClass with the same name. If you use helm upgrade, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.3.1, do not set the value to false. create: true ## New Ingresses without an ingressClassName field specified will be assigned the class specified in `controller.ingressClass`. Requires "controller.ingressClass.create". diff --git a/charts/gluu/gluu/Chart.yaml b/charts/gluu/gluu/Chart.yaml index 6ebdeaf7a..8bd5292ed 100644 --- a/charts/gluu/gluu/Chart.yaml +++ b/charts/gluu/gluu/Chart.yaml @@ -1,6 +1,6 @@ annotations: artifacthub.io/changes: | - - Chart 5.0.23 dev release + - Chart 5.0.23 release artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/images: | - name: auth-server @@ -14,13 +14,13 @@ annotations: - name: fido2 image: ghcr.io/janssenproject/jans/fido2:1.0.19_dev - name: opendj - image: gluufederation/opendj:5.0.0_dev + image: gluufederation/opendj:5.0.0-1 - name: persistence image: ghcr.io/janssenproject/jans/persistence-loader:1.0.19_dev - name: scim image: ghcr.io/janssenproject/jans/scim:1.0.19_dev - name: casa - image: ghcr.io/gluufederation/flex/casa:5.0.0_dev + image: ghcr.io/janssenproject/jans/casa:1.0.19_dev - name: admin-ui image: ghcr.io/gluufederation/flex/admin-ui:1.0.19_dev artifacthub.io/license: Apache-2.0 @@ -36,59 +36,59 @@ dependencies: - condition: global.config.enabled name: config repository: file://./charts/config - version: 5.0.22 + version: 5.0.23 - condition: global.config-api.enabled name: config-api repository: file://./charts/config-api - version: 5.0.22 + version: 5.0.23 - condition: global.opendj.enabled name: opendj repository: file://./charts/opendj - version: 5.0.22 + version: 5.0.23 - condition: global.auth-server.enabled name: auth-server repository: file://./charts/auth-server - version: 5.0.22 + version: 5.0.23 - condition: global.admin-ui.enabled name: admin-ui repository: file://./charts/admin-ui - version: 5.0.22 + version: 5.0.23 - condition: global.fido2.enabled name: fido2 repository: file://./charts/fido2 - version: 5.0.22 + version: 5.0.23 - condition: global.scim.enabled name: scim repository: file://./charts/scim - version: 5.0.22 + version: 5.0.23 - condition: global.nginx-ingress.enabled name: nginx-ingress repository: file://./charts/nginx-ingress - version: 5.0.22 + version: 5.0.23 - condition: global.oxshibboleth.enabled name: oxshibboleth repository: file://./charts/oxshibboleth - version: 5.0.22 + version: 5.0.23 - condition: global.oxpassport.enabled name: oxpassport repository: file://./charts/oxpassport - version: 5.0.22 + version: 5.0.23 - condition: global.casa.enabled name: casa repository: file://./charts/casa - version: 5.0.22 + version: 5.0.23 - condition: global.auth-server-key-rotation.enabled name: auth-server-key-rotation repository: file://./charts/auth-server-key-rotation - version: 5.0.22 + version: 5.0.23 - condition: global.persistence.enabled name: persistence repository: file://./charts/persistence - version: 5.0.22 + version: 5.0.23 - condition: global.istio.ingress name: cn-istio-ingress repository: file://./charts/cn-istio-ingress - version: 5.0.22 + version: 5.0.23 description: Gluu Access and Identity Management home: https://www.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico @@ -100,4 +100,4 @@ name: gluu sources: - https://gluu.org/docs/gluu-server - https://github.com/GluuFederation/flex/flex-cn-setup -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/README.md b/charts/gluu/gluu/README.md index 14e682136..502b849d9 100644 --- a/charts/gluu/gluu/README.md +++ b/charts/gluu/gluu/README.md @@ -1,6 +1,6 @@ # gluu -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu Access and Identity Management @@ -23,26 +23,26 @@ Kubernetes: `>=v1.21.0-0` | Repository | Name | Version | |------------|------|---------| -| | admin-ui | 5.0.22 | -| | auth-server | 5.0.22 | -| | auth-server-key-rotation | 5.0.22 | -| | casa | 5.0.22 | -| | cn-istio-ingress | 5.0.22 | -| | config | 5.0.22 | -| | config-api | 5.0.22 | -| | fido2 | 5.0.22 | -| | nginx-ingress | 5.0.22 | -| | opendj | 5.0.22 | -| | oxpassport | 5.0.22 | -| | oxshibboleth | 5.0.22 | -| | persistence | 5.0.22 | -| | scim | 5.0.22 | +| | admin-ui | 5.0.23 | +| | auth-server | 5.0.23 | +| | auth-server-key-rotation | 5.0.23 | +| | casa | 5.0.23 | +| | cn-istio-ingress | 5.0.23 | +| | config | 5.0.23 | +| | config-api | 5.0.23 | +| | fido2 | 5.0.23 | +| | nginx-ingress | 5.0.23 | +| | opendj | 5.0.23 | +| | oxpassport | 5.0.23 | +| | oxshibboleth | 5.0.23 | +| | persistence | 5.0.23 | +| | scim | 5.0.23 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"1.0.19_dev"},"lifecycle":{},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | +| admin-ui | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/admin-ui","tag":"1.0.19-1"},"lifecycle":{},"livenessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2000m","memory":"2000Mi"},"requests":{"cpu":"2000m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Admin GUI for configuration of the auth-server | | admin-ui.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | admin-ui.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | admin-ui.dnsConfig | object | `{}` | Add custom dns config | @@ -53,7 +53,7 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | admin-ui.image.pullSecrets | list | `[]` | Image Pull Secrets | | admin-ui.image.repository | string | `"ghcr.io/gluufederation/flex/admin-ui"` | Image to use for deploying. | -| admin-ui.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| admin-ui.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | admin-ui.livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | admin-ui.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | | admin-ui.readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | @@ -69,8 +69,8 @@ Kubernetes: `>=v1.21.0-0` | admin-ui.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | admin-ui.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | admin-ui.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.19_dev"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | -| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.19_dev"},"keysLife":48,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | +| auth-server | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/auth-server","tag":"1.0.19-1"},"lifecycle":{},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"2500m","memory":"2500Mi"},"requests":{"cpu":"2500m","memory":"2500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. | +| auth-server-key-rotation | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/certmanager","tag":"1.0.19-1"},"keysLife":48,"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Responsible for regenerating auth-keys per x hours | | auth-server-key-rotation.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | auth-server-key-rotation.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | auth-server-key-rotation.dnsConfig | object | `{}` | Add custom dns config | @@ -78,7 +78,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server-key-rotation.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server-key-rotation.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server-key-rotation.image.repository | string | `"ghcr.io/janssenproject/jans/certmanager"` | Image to use for deploying. | -| auth-server-key-rotation.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| auth-server-key-rotation.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | auth-server-key-rotation.keysLife | int | `48` | Auth server key rotation keys life in hours | | auth-server-key-rotation.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | auth-server-key-rotation.resources.limits.cpu | string | `"300m"` | CPU limit. | @@ -100,7 +100,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | auth-server.image.pullSecrets | list | `[]` | Image Pull Secrets | | auth-server.image.repository | string | `"ghcr.io/janssenproject/jans/auth-server"` | Image to use for deploying. | -| auth-server.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| auth-server.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | auth-server.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | auth-server.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/JanssenProject/docker-jans-auth-server/blob/master/scripts/healthcheck.py | | auth-server.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -117,7 +117,7 @@ Kubernetes: `>=v1.21.0-0` | auth-server.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | auth-server.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | auth-server.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/casa","tag":"5.0.0_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | +| casa | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/gluufederation/flex/casa","tag":"5.0.0-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. | | casa.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | casa.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | casa.dnsConfig | object | `{}` | Add custom dns config | @@ -128,7 +128,7 @@ Kubernetes: `>=v1.21.0-0` | casa.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | casa.image.pullSecrets | list | `[]` | Image Pull Secrets | | casa.image.repository | string | `"ghcr.io/gluufederation/flex/casa"` | Image to use for deploying. | -| casa.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| casa.image.tag | string | `"5.0.0-1"` | Image tag to use for deploying. | | casa.livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | casa.livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | | casa.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -146,8 +146,8 @@ Kubernetes: `>=v1.21.0-0` | casa.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | casa.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | casa.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.19_dev"},"ldapPassword":"P@ssw0rds","lifecycle":{},"migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | -| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.19_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | +| config | object | `{"additionalAnnotations":{},"additionalLabels":{},"adminPassword":"Test1234#","city":"Austin","configmap":{"cnAwsAccessKeyId":"","cnAwsDefaultRegion":"us-west-1","cnAwsProfile":"gluu","cnAwsSecretAccessKey":"","cnAwsSecretsEndpointUrl":"","cnAwsSecretsNamePrefix":"gluu","cnAwsSecretsReplicaRegions":[],"cnCacheType":"NATIVE_PERSISTENCE","cnConfigKubernetesConfigMap":"cn","cnCouchbaseBucketPrefix":"jans","cnCouchbaseCrt":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnCouchbaseIndexNumReplica":0,"cnCouchbasePassword":"P@ssw0rd","cnCouchbaseSuperUser":"admin","cnCouchbaseSuperUserPassword":"Test1234#","cnCouchbaseUrl":"cbgluu.default.svc.cluster.local","cnCouchbaseUser":"gluu","cnGoogleProjectId":"google-project-to-save-config-and-secrets-to","cnGoogleSecretManagerServiceAccount":"SWFtTm90YVNlcnZpY2VBY2NvdW50Q2hhbmdlTWV0b09uZQo=","cnGoogleSecretNamePrefix":"gluu","cnGoogleSecretVersionId":"latest","cnGoogleSpannerDatabaseId":"","cnGoogleSpannerInstanceId":"","cnJettyRequestHeaderSize":8192,"cnLdapUrl":"opendj:1636","cnMaxRamPercent":"75.0","cnPersistenceHybridMapping":"{}","cnRedisSentinelGroup":"","cnRedisSslTruststore":"","cnRedisType":"STANDALONE","cnRedisUrl":"redis.redis.svc.cluster.local:6379","cnRedisUseSsl":false,"cnScimProtectionMode":"OAUTH","cnSecretKubernetesSecret":"cn","cnSqlDbDialect":"mysql","cnSqlDbHost":"my-release-mysql.default.svc.cluster.local","cnSqlDbName":"gluu","cnSqlDbPort":3306,"cnSqlDbSchema":"","cnSqlDbTimezone":"UTC","cnSqlDbUser":"gluu","cnSqldbUserPassword":"Test1234#","lbAddr":""},"countryCode":"US","dnsConfig":{},"dnsPolicy":"","email":"support@gluu.org","image":{"pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/configurator","tag":"1.0.19-1"},"ldapPassword":"P@ssw0rds","lifecycle":{},"migration":{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"},"orgName":"Gluu","redisPassword":"P@assw0rd","resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"state":"TX","usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. | +| config-api | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/config-api","tag":"1.0.19-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"jans-config-api/api/v1/health/ready","port":8074},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Config Api endpoints can be used to configure the auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS). | | config-api.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | config-api.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | config-api.dnsConfig | object | `{}` | Add custom dns config | @@ -158,7 +158,7 @@ Kubernetes: `>=v1.21.0-0` | config-api.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | config-api.image.pullSecrets | list | `[]` | Image Pull Secrets | | config-api.image.repository | string | `"ghcr.io/janssenproject/jans/config-api"` | Image to use for deploying. | -| config-api.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| config-api.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | config-api.livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | config-api.livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | http liveness probe endpoint | | config-api.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -221,7 +221,7 @@ Kubernetes: `>=v1.21.0-0` | config.email | string | `"support@gluu.org"` | Email address of the administrator usually. Used for certificate creation. | | config.image.pullSecrets | list | `[]` | Image Pull Secrets | | config.image.repository | string | `"ghcr.io/janssenproject/jans/configurator"` | Image to use for deploying. | -| config.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| config.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | config.ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpenDJ is used for persistence. | | config.migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | | config.migration.enabled | bool | `false` | Boolean flag to enable migration from CE | @@ -240,7 +240,7 @@ Kubernetes: `>=v1.21.0-0` | config.usrEnvs.secret | object | `{}` | Add custom secret envs to the service. variable1: value1 | | config.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | config.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.19_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | +| fido2 | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/fido2","tag":"1.0.19-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"500m","memory":"500Mi"},"requests":{"cpu":"500m","memory":"500Mi"}},"service":{"name":"http-fido2","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. | | fido2.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | fido2.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | fido2.dnsConfig | object | `{}` | Add custom dns config | @@ -251,7 +251,7 @@ Kubernetes: `>=v1.21.0-0` | fido2.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | fido2.image.pullSecrets | list | `[]` | Image Pull Secrets | | fido2.image.repository | string | `"ghcr.io/janssenproject/jans/fido2"` | Image to use for deploying. | -| fido2.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| fido2.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | fido2.livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | fido2.livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | | fido2.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | @@ -463,7 +463,7 @@ Kubernetes: `>=v1.21.0-0` | nginx-ingress.ingress.webdiscoveryLabels | object | `{}` | webdiscovery ingress resource labels. key app is taken | | nginx-ingress.ingress.webfingerAdditionalAnnotations | object | `{}` | webfinger ingress resource additional annotations. | | nginx-ingress.ingress.webfingerLabels | object | `{}` | webfinger ingress resource labels. key app is taken | -| opendj | object | `{"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0_dev"},"lifecycle":{"preStop":{"exec":{"command":["/bin/sh","-c","python3 /app/scripts/deregister_peer.py 1>&/proc/1/fd/1"]}}},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | +| opendj | object | `{"additionalAnnotations":{},"additionalLabels":{},"backup":{"cronJobSchedule":"*/59 * * * *","enabled":true},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"gluufederation/opendj","tag":"5.0.0-1"},"lifecycle":{"preStop":{"exec":{"command":["/bin/sh","-c","python3 /app/scripts/deregister_peer.py 1>&/proc/1/fd/1"]}}},"livenessProbe":{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":1},"persistence":{"size":"5Gi"},"ports":{"tcp-admin":{"nodePort":"","port":4444,"protocol":"TCP","targetPort":4444},"tcp-ldap":{"nodePort":"","port":1389,"protocol":"TCP","targetPort":1389},"tcp-ldaps":{"nodePort":"","port":1636,"protocol":"TCP","targetPort":1636},"tcp-repl":{"nodePort":"","port":8989,"protocol":"TCP","targetPort":8989},"tcp-serf":{"nodePort":"","port":7946,"protocol":"TCP","targetPort":7946},"udp-serf":{"nodePort":"","port":7946,"protocol":"UDP","targetPort":7946}},"readinessProbe":{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":1636},"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1500m","memory":"2000Mi"},"requests":{"cpu":"1500m","memory":"2000Mi"}},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. | | opendj.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | opendj.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | opendj.backup | object | `{"cronJobSchedule":"*/59 * * * *","enabled":true}` | Configure ldap backup cronjob | @@ -475,7 +475,7 @@ Kubernetes: `>=v1.21.0-0` | opendj.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | opendj.image.pullSecrets | list | `[]` | Image Pull Secrets | | opendj.image.repository | string | `"gluufederation/opendj"` | Image to use for deploying. | -| opendj.image.tag | string | `"5.0.0_dev"` | Image tag to use for deploying. | +| opendj.image.tag | string | `"5.0.0-1"` | Image tag to use for deploying. | | opendj.livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"failureThreshold":20,"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for OpenDJ if needed. https://github.com/GluuFederation/docker-opendj/blob/master/scripts/healthcheck.py | | opendj.livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. | | opendj.pdb | object | `{"enabled":true,"maxUnavailable":1}` | Configure the PodDisruptionBudget | @@ -551,7 +551,7 @@ Kubernetes: `>=v1.21.0-0` | oxshibboleth.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | oxshibboleth.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | oxshibboleth.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.19_dev"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | +| persistence | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/persistence-loader","tag":"1.0.19-1"},"lifecycle":{},"resources":{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | Job to generate data and initial config for Gluu Server persistence layer. | | persistence.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | persistence.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | persistence.dnsConfig | object | `{}` | Add custom dns config | @@ -559,7 +559,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | persistence.image.pullSecrets | list | `[]` | Image Pull Secrets | | persistence.image.repository | string | `"ghcr.io/janssenproject/jans/persistence-loader"` | Image to use for deploying. | -| persistence.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| persistence.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | persistence.resources | object | `{"limits":{"cpu":"300m","memory":"300Mi"},"requests":{"cpu":"300m","memory":"300Mi"}}` | Resource specs. | | persistence.resources.limits.cpu | string | `"300m"` | CPU limit | | persistence.resources.limits.memory | string | `"300Mi"` | Memory limit. | @@ -570,7 +570,7 @@ Kubernetes: `>=v1.21.0-0` | persistence.usrEnvs.secret | object | `{}` | Add custom secret envs to the service variable1: value1 | | persistence.volumeMounts | list | `[]` | Configure any additional volumesMounts that need to be attached to the containers | | persistence.volumes | list | `[]` | Configure any additional volumes that need to be attached to the pod | -| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.19_dev"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | +| scim | object | `{"additionalAnnotations":{},"additionalLabels":{},"dnsConfig":{},"dnsPolicy":"","hpa":{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50},"image":{"pullPolicy":"IfNotPresent","pullSecrets":[],"repository":"ghcr.io/janssenproject/jans/scim","tag":"1.0.19-1"},"lifecycle":{},"livenessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5},"pdb":{"enabled":true,"maxUnavailable":"90%"},"readinessProbe":{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5},"replicas":1,"resources":{"limits":{"cpu":"1000m","memory":"1000Mi"},"requests":{"cpu":"1000m","memory":"1000Mi"}},"service":{"name":"http-scim","port":8080},"topologySpreadConstraints":{},"usrEnvs":{"normal":{},"secret":{}},"volumeMounts":[],"volumes":[]}` | System for Cross-domain Identity Management (SCIM) version 2.0 | | scim.additionalAnnotations | object | `{}` | Additional annotations that will be added across the gateway in the format of {cert-manager.io/issuer: "letsencrypt-prod"} | | scim.additionalLabels | object | `{}` | Additional labels that will be added across the gateway in the format of {mylabel: "myapp"} | | scim.dnsConfig | object | `{}` | Add custom dns config | @@ -581,7 +581,7 @@ Kubernetes: `>=v1.21.0-0` | scim.image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | scim.image.pullSecrets | list | `[]` | Image Pull Secrets | | scim.image.repository | string | `"ghcr.io/janssenproject/jans/scim"` | Image to use for deploying. | -| scim.image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| scim.image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | scim.livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | scim.livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | | scim.pdb | object | `{"enabled":true,"maxUnavailable":"90%"}` | Configure the PodDisruptionBudget | diff --git a/charts/gluu/gluu/charts/admin-ui/Chart.yaml b/charts/gluu/gluu/charts/admin-ui/Chart.yaml index f7cb80b59..2599dcd5b 100644 --- a/charts/gluu/gluu/charts/admin-ui/Chart.yaml +++ b/charts/gluu/gluu/charts/admin-ui/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://github.com/GluuFederation/docker-gluu-admin-ui - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/admin-ui/README.md b/charts/gluu/gluu/charts/admin-ui/README.md index 417e4cc02..3a9fb9974 100644 --- a/charts/gluu/gluu/charts/admin-ui/README.md +++ b/charts/gluu/gluu/charts/admin-ui/README.md @@ -1,6 +1,6 @@ # admin-ui -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Admin GUI. Requires license. @@ -35,7 +35,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"gluufederation/admin-ui"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the liveness healthcheck for the admin ui if needed. | | readinessProbe | object | `{"failureThreshold":20,"initialDelaySeconds":60,"periodSeconds":25,"tcpSocket":{"port":8080},"timeoutSeconds":5}` | Configure the readiness healthcheck for the admin ui if needed. | diff --git a/charts/gluu/gluu/charts/admin-ui/values.yaml b/charts/gluu/gluu/charts/admin-ui/values.yaml index 23b2fa0dc..368419ff9 100644 --- a/charts/gluu/gluu/charts/admin-ui/values.yaml +++ b/charts/gluu/gluu/charts/admin-ui/values.yaml @@ -27,7 +27,7 @@ image: # -- Image to use for deploying. repository: gluufederation/admin-ui # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml index 07d41fc01..1bfea05c2 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/docker-jans-certmanager - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md index d2ad6536c..fd9dde044 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/README.md +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/README.md @@ -1,6 +1,6 @@ # auth-server-key-rotation -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Responsible for regenerating auth-keys per x hours @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/certmanager"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | keysLife | int | `48` | Auth server key rotation keys life in hours | | lifecycle | object | `{}` | | | nodeSelector | object | `{}` | | diff --git a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml index a4c1aa63f..881ce06ce 100644 --- a/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml +++ b/charts/gluu/gluu/charts/auth-server-key-rotation/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/certmanager # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours diff --git a/charts/gluu/gluu/charts/auth-server/Chart.yaml b/charts/gluu/gluu/charts/auth-server/Chart.yaml index 9c607baff..cb11d03e1 100644 --- a/charts/gluu/gluu/charts/auth-server/Chart.yaml +++ b/charts/gluu/gluu/charts/auth-server/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/docker-jans-auth-server - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/auth-server/README.md b/charts/gluu/gluu/charts/auth-server/README.md index bbceab0bb..d6720e540 100644 --- a/charts/gluu/gluu/charts/auth-server/README.md +++ b/charts/gluu/gluu/charts/auth-server/README.md @@ -1,6 +1,6 @@ # auth-server -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OAuth Authorization Server, the OpenID Connect Provider, the UMA Authorization Server--this is the main Internet facing component of Gluu. It's the service that returns tokens, JWT's and identity assertions. This service must be Internet facing. @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/auth-server"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"exec":{"command":["python3","/app/scripts/healthcheck.py"]},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.exec | object | `{"command":["python3","/app/scripts/healthcheck.py"]}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | diff --git a/charts/gluu/gluu/charts/auth-server/values.yaml b/charts/gluu/gluu/charts/auth-server/values.yaml index 736c12ec8..d50b10b54 100644 --- a/charts/gluu/gluu/charts/auth-server/values.yaml +++ b/charts/gluu/gluu/charts/auth-server/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/auth-server # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/casa/Chart.yaml b/charts/gluu/gluu/charts/casa/Chart.yaml index 8cd78a6b3..7030fca75 100644 --- a/charts/gluu/gluu/charts/casa/Chart.yaml +++ b/charts/gluu/gluu/charts/casa/Chart.yaml @@ -1,22 +1,21 @@ apiVersion: v2 appVersion: 5.0.0 -description: Gluu Casa ("Casa") is a self-service web portal for end-users to manage - authentication and authorization preferences for their account in a Gluu Server. +description: Jans Casa ("Casa") is a self-service web portal for end-users to manage + authentication and authorization preferences for their account in a Jans Server. home: https://gluu.org/docs/casa/ -icon: https://casa.gluu.org/wp-content/themes/gluucasa/casafavicon.ico +icon: https://github.com/JanssenProject/jans/raw/main/docs/assets/logo/janssen_project_favicon_transparent_50px_50px.png keywords: - casa - 2FA - passwordless kubeVersion: '>=v1.21.0-0' maintainers: -- email: support@gluu.org +- email: support@jans.io name: Mohammad Abudayyeh url: https://github.com/moabu name: casa sources: -- https://gluu.org/docs/casa/ -- https://github.com/GluuFederation/docker-casa -- https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa +- https://gluu.org/casa/ +- https://github.com/JanssenProject/jans/docker-jans-casa type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/casa/README.md b/charts/gluu/gluu/charts/casa/README.md index defc935d8..e291a67db 100644 --- a/charts/gluu/gluu/charts/casa/README.md +++ b/charts/gluu/gluu/charts/casa/README.md @@ -1,8 +1,8 @@ # casa -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) -Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Jans Server. **Homepage:** @@ -10,13 +10,12 @@ Gluu Casa ("Casa") is a self-service web portal for end-users to manage authenti | Name | Email | Url | | ---- | ------ | --- | -| Mohammad Abudayyeh | | | +| Mohammad Abudayyeh | | | ## Source Code -* -* -* +* +* ## Requirements @@ -36,8 +35,8 @@ Kubernetes: `>=v1.21.0-0` | hpa.metrics | list | `[]` | metrics if targetCPUUtilizationPercentage is not set | | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | -| image.repository | string | `"gluufederation/casa"` | Image to use for deploying. | -| image.tag | string | `"5.0.0-12"` | Image tag to use for deploying. | +| image.repository | string | `"janssenproject/casa"` | Image to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/casa/health-check","port":"http-casa"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for casa if needed. | | livenessProbe.httpGet.path | string | `"/casa/health-check"` | http liveness probe endpoint | diff --git a/charts/gluu/gluu/charts/casa/values.yaml b/charts/gluu/gluu/charts/casa/values.yaml index 37c37c7b5..f9e3245f9 100644 --- a/charts/gluu/gluu/charts/casa/values.yaml +++ b/charts/gluu/gluu/charts/casa/values.yaml @@ -1,4 +1,4 @@ -# -- Gluu Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Gluu Server. +# -- Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Jans Server. # -- Configure the HorizontalPodAutoscaler hpa: enabled: true @@ -25,9 +25,9 @@ image: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: gluufederation/casa + repository: janssenproject/casa # -- Image tag to use for deploying. - tag: 5.0.0-12 + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml index f9d51364a..669d1f0b7 100644 --- a/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml +++ b/charts/gluu/gluu/charts/cn-istio-ingress/Chart.yaml @@ -16,4 +16,4 @@ sources: - https://gluu.org/docs/gluu-server/ - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/cn-istio-ingress type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/cn-istio-ingress/README.md b/charts/gluu/gluu/charts/cn-istio-ingress/README.md index 5a7e9d448..a3db54485 100644 --- a/charts/gluu/gluu/charts/cn-istio-ingress/README.md +++ b/charts/gluu/gluu/charts/cn-istio-ingress/README.md @@ -1,6 +1,6 @@ # cn-istio-ingress -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Istio Gateway diff --git a/charts/gluu/gluu/charts/config-api/Chart.yaml b/charts/gluu/gluu/charts/config-api/Chart.yaml index dd5f6b9df..f1e67918f 100644 --- a/charts/gluu/gluu/charts/config-api/Chart.yaml +++ b/charts/gluu/gluu/charts/config-api/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-config-api - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/config-api/README.md b/charts/gluu/gluu/charts/config-api/README.md index 1e588044f..1593e906c 100644 --- a/charts/gluu/gluu/charts/config-api/README.md +++ b/charts/gluu/gluu/charts/config-api/README.md @@ -1,6 +1,6 @@ # config-api -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Jans Config Api endpoints can be used to configure jans-auth-server, which is an open-source OpenID Connect Provider (OP) and UMA Authorization Server (AS) @@ -38,7 +38,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/config-api"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-config-api/api/v1/health/live","port":8074},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for the auth server if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-config-api/api/v1/health/live","port":8074}` | Executes the python3 healthcheck. https://github.com/GluuFederation/docker-oxauth/blob/4.3/scripts/healthcheck.py | diff --git a/charts/gluu/gluu/charts/config-api/values.yaml b/charts/gluu/gluu/charts/config-api/values.yaml index ac252c71c..5fad1d3c6 100644 --- a/charts/gluu/gluu/charts/config-api/values.yaml +++ b/charts/gluu/gluu/charts/config-api/values.yaml @@ -33,7 +33,7 @@ image: # -- Image to use for deploying. repository: janssenproject/config-api # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/config/Chart.yaml b/charts/gluu/gluu/charts/config/Chart.yaml index 864258599..0ba32040d 100644 --- a/charts/gluu/gluu/charts/config/Chart.yaml +++ b/charts/gluu/gluu/charts/config/Chart.yaml @@ -18,4 +18,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-configurator - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/config type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/config/README.md b/charts/gluu/gluu/charts/config/README.md index fef7b567e..dc3567f94 100644 --- a/charts/gluu/gluu/charts/config/README.md +++ b/charts/gluu/gluu/charts/config/README.md @@ -1,6 +1,6 @@ # config -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Configuration parameters for setup and initial configuration secret and config layers used by Gluu services. @@ -79,7 +79,7 @@ Kubernetes: `>=v1.21.0-0` | fullNameOverride | string | `""` | | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/configurator"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | ldapPassword | string | `"P@ssw0rds"` | LDAP admin password if OpennDJ is used for persistence. | | lifecycle | object | `{}` | | | migration | object | `{"enabled":false,"migrationDataFormat":"ldif","migrationDir":"/ce-migration"}` | CE to CN Migration section | diff --git a/charts/gluu/gluu/charts/config/values.yaml b/charts/gluu/gluu/charts/config/values.yaml index 5de22c807..76717b2e5 100644 --- a/charts/gluu/gluu/charts/config/values.yaml +++ b/charts/gluu/gluu/charts/config/values.yaml @@ -122,7 +122,7 @@ image: # -- Image to use for deploying. repository: janssenproject/configurator # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpennDJ is used for persistence. diff --git a/charts/gluu/gluu/charts/fido2/Chart.yaml b/charts/gluu/gluu/charts/fido2/Chart.yaml index 8e436dca8..03c2c9ca8 100644 --- a/charts/gluu/gluu/charts/fido2/Chart.yaml +++ b/charts/gluu/gluu/charts/fido2/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-fido2 - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/fido2 type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/fido2/README.md b/charts/gluu/gluu/charts/fido2/README.md index 1b670dfa4..c6d9b0fed 100644 --- a/charts/gluu/gluu/charts/fido2/README.md +++ b/charts/gluu/gluu/charts/fido2/README.md @@ -1,6 +1,6 @@ # fido2 -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) FIDO 2.0 (FIDO2) is an open authentication standard that enables leveraging common devices to authenticate to online services in both mobile and desktop environments. @@ -37,7 +37,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/fido2"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-fido2/sys/health-check","port":"http-fido2"},"initialDelaySeconds":25,"periodSeconds":25,"timeoutSeconds":5}` | Configure the liveness healthcheck for the fido2 if needed. | | livenessProbe.httpGet | object | `{"path":"/jans-fido2/sys/health-check","port":"http-fido2"}` | http liveness probe endpoint | diff --git a/charts/gluu/gluu/charts/fido2/values.yaml b/charts/gluu/gluu/charts/fido2/values.yaml index 52f12cc7a..d1f9cd6cf 100644 --- a/charts/gluu/gluu/charts/fido2/values.yaml +++ b/charts/gluu/gluu/charts/fido2/values.yaml @@ -29,7 +29,7 @@ image: # -- Image to use for deploying. repository: janssenproject/fido2 # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml index 17b2561a4..a764686e6 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml +++ b/charts/gluu/gluu/charts/nginx-ingress/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://kubernetes.io/docs/concepts/services-networking/ingress/ - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/nginx-ingress type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/nginx-ingress/README.md b/charts/gluu/gluu/charts/nginx-ingress/README.md index 50e7565de..0c1e34877 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/README.md +++ b/charts/gluu/gluu/charts/nginx-ingress/README.md @@ -1,6 +1,6 @@ # nginx-ingress -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Nginx ingress definitions chart diff --git a/charts/gluu/gluu/charts/nginx-ingress/templates/casa-ingress.yaml b/charts/gluu/gluu/charts/nginx-ingress/templates/casa-ingress.yaml index 9f13970ef..f21ae0afe 100644 --- a/charts/gluu/gluu/charts/nginx-ingress/templates/casa-ingress.yaml +++ b/charts/gluu/gluu/charts/nginx-ingress/templates/casa-ingress.yaml @@ -42,7 +42,7 @@ spec: - host: {{ $host | quote }} http: paths: - - path: /casa + - path: /jans-casa pathType: Prefix backend: service: diff --git a/charts/gluu/gluu/charts/opendj/Chart.yaml b/charts/gluu/gluu/charts/opendj/Chart.yaml index e04ba3c3f..521192d88 100644 --- a/charts/gluu/gluu/charts/opendj/Chart.yaml +++ b/charts/gluu/gluu/charts/opendj/Chart.yaml @@ -19,4 +19,4 @@ sources: - https://github.com/GluuFederation/docker-opendj - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/opendj type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/opendj/README.md b/charts/gluu/gluu/charts/opendj/README.md index dd98d5566..faa7a675b 100644 --- a/charts/gluu/gluu/charts/opendj/README.md +++ b/charts/gluu/gluu/charts/opendj/README.md @@ -1,6 +1,6 @@ # opendj -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2).Written in Java, OpenDJ offers multi-master replication, access control, and many extensions. diff --git a/charts/gluu/gluu/charts/oxpassport/Chart.yaml b/charts/gluu/gluu/charts/oxpassport/Chart.yaml index 4962e91c6..cb361ec80 100644 --- a/charts/gluu/gluu/charts/oxpassport/Chart.yaml +++ b/charts/gluu/gluu/charts/oxpassport/Chart.yaml @@ -18,4 +18,4 @@ sources: - https://github.com/GluuFederation/docker-oxpassport - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxpassport type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/oxpassport/README.md b/charts/gluu/gluu/charts/oxpassport/README.md index 1642424f7..76ba3a11d 100644 --- a/charts/gluu/gluu/charts/oxpassport/README.md +++ b/charts/gluu/gluu/charts/oxpassport/README.md @@ -1,6 +1,6 @@ # oxpassport -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Gluu interface to Passport.js to support social login and inbound identity. diff --git a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml index 48d439482..77d450327 100644 --- a/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml +++ b/charts/gluu/gluu/charts/oxshibboleth/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://github.com/GluuFederation/docker-oxshibboleth - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/oxshibboleth type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/oxshibboleth/README.md b/charts/gluu/gluu/charts/oxshibboleth/README.md index 2abb6be59..a3f0f8ee0 100644 --- a/charts/gluu/gluu/charts/oxshibboleth/README.md +++ b/charts/gluu/gluu/charts/oxshibboleth/README.md @@ -1,6 +1,6 @@ # oxshibboleth -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Shibboleth project for the Gluu Server's SAML IDP functionality. diff --git a/charts/gluu/gluu/charts/persistence/Chart.yaml b/charts/gluu/gluu/charts/persistence/Chart.yaml index 4506265d3..6981090f7 100644 --- a/charts/gluu/gluu/charts/persistence/Chart.yaml +++ b/charts/gluu/gluu/charts/persistence/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-persistence-loader - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/persistence type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/persistence/README.md b/charts/gluu/gluu/charts/persistence/README.md index f166e9670..9485c50f4 100644 --- a/charts/gluu/gluu/charts/persistence/README.md +++ b/charts/gluu/gluu/charts/persistence/README.md @@ -1,6 +1,6 @@ # persistence -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) Job to generate data and initial config for Gluu Server persistence layer. @@ -33,7 +33,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/persistence"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | imagePullSecrets | list | `[]` | | | lifecycle | object | `{}` | | | nameOverride | string | `""` | | diff --git a/charts/gluu/gluu/charts/persistence/values.yaml b/charts/gluu/gluu/charts/persistence/values.yaml index 7e9f3c441..322caf2ee 100644 --- a/charts/gluu/gluu/charts/persistence/values.yaml +++ b/charts/gluu/gluu/charts/persistence/values.yaml @@ -18,7 +18,7 @@ image: # -- Image to use for deploying. repository: janssenproject/persistence # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. diff --git a/charts/gluu/gluu/charts/scim/Chart.yaml b/charts/gluu/gluu/charts/scim/Chart.yaml index 7fc66fa51..625a34b7d 100644 --- a/charts/gluu/gluu/charts/scim/Chart.yaml +++ b/charts/gluu/gluu/charts/scim/Chart.yaml @@ -17,4 +17,4 @@ sources: - https://github.com/JanssenProject/jans/docker-jans-scim - https://github.com/GluuFederation/flex/tree/main/flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/scim type: application -version: 5.0.22 +version: 5.0.23 diff --git a/charts/gluu/gluu/charts/scim/README.md b/charts/gluu/gluu/charts/scim/README.md index e74fcfbdc..9e9ce08a9 100644 --- a/charts/gluu/gluu/charts/scim/README.md +++ b/charts/gluu/gluu/charts/scim/README.md @@ -1,6 +1,6 @@ # scim -![Version: 5.0.22](https://img.shields.io/badge/Version-5.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) +![Version: 5.0.23](https://img.shields.io/badge/Version-5.0.23-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0](https://img.shields.io/badge/AppVersion-5.0.0-informational?style=flat-square) System for Cross-domain Identity Management (SCIM) version 2.0 @@ -36,7 +36,7 @@ Kubernetes: `>=v1.21.0-0` | image.pullPolicy | string | `"IfNotPresent"` | Image pullPolicy to use for deploying. | | image.pullSecrets | list | `[]` | Image Pull Secrets | | image.repository | string | `"janssenproject/scim"` | Image to use for deploying. | -| image.tag | string | `"1.0.19_dev"` | Image tag to use for deploying. | +| image.tag | string | `"1.0.19-1"` | Image tag to use for deploying. | | lifecycle | object | `{}` | | | livenessProbe | object | `{"httpGet":{"path":"/jans-scim/sys/health-check","port":8080},"initialDelaySeconds":30,"periodSeconds":30,"timeoutSeconds":5}` | Configure the liveness healthcheck for SCIM if needed. | | livenessProbe.httpGet.path | string | `"/jans-scim/sys/health-check"` | http liveness probe endpoint | diff --git a/charts/gluu/gluu/charts/scim/values.yaml b/charts/gluu/gluu/charts/scim/values.yaml index d587af146..3c730edfc 100644 --- a/charts/gluu/gluu/charts/scim/values.yaml +++ b/charts/gluu/gluu/charts/scim/values.yaml @@ -28,7 +28,7 @@ image: # -- Image to use for deploying. repository: janssenproject/scim # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/gluu/gluu/values.yaml b/charts/gluu/gluu/values.yaml index b33a225f8..f536c10a2 100644 --- a/charts/gluu/gluu/values.yaml +++ b/charts/gluu/gluu/values.yaml @@ -106,7 +106,7 @@ admin-ui: # -- Image to use for deploying. repository: ghcr.io/gluufederation/flex/admin-ui # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -203,7 +203,7 @@ auth-server: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/auth-server # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -276,7 +276,7 @@ auth-server-key-rotation: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/certmanager # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Auth server key rotation keys life in hours @@ -355,9 +355,9 @@ casa: # -- Image pullPolicy to use for deploying. pullPolicy: IfNotPresent # -- Image to use for deploying. - repository: ghcr.io/gluufederation/flex/casa + repository: ghcr.io/janssenproject/jans/casa # -- Image tag to use for deploying. - tag: 5.0.0_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -535,7 +535,7 @@ config: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/configurator # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- LDAP admin password if OpenDJ is used for persistence. @@ -636,7 +636,7 @@ config-api: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/config-api # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -735,7 +735,7 @@ fido2: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/fido2 # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. @@ -1307,7 +1307,7 @@ opendj: # -- Image to use for deploying. repository: gluufederation/opendj # -- Image tag to use for deploying. - tag: 5.0.0_dev + tag: 5.0.0-1 # -- Image Pull Secrets pullSecrets: [ ] @@ -1620,7 +1620,7 @@ persistence: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/persistence-loader # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Resource specs. @@ -1700,7 +1700,7 @@ scim: # -- Image to use for deploying. repository: ghcr.io/janssenproject/jans/scim # -- Image tag to use for deploying. - tag: 1.0.19_dev + tag: 1.0.19-1 # -- Image Pull Secrets pullSecrets: [ ] # -- Service replica number. diff --git a/charts/instana/instana-agent/Chart.yaml b/charts/instana/instana-agent/Chart.yaml index ad8e4ddc9..c51a7db28 100644 --- a/charts/instana/instana-agent/Chart.yaml +++ b/charts/instana/instana-agent/Chart.yaml @@ -9,7 +9,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: instana-agent apiVersion: v2 -appVersion: 1.258.0 +appVersion: 1.259.0 description: Instana Agent for Kubernetes home: https://www.instana.com/ icon: https://agents.instana.io/helm/stan-logo-2020.png @@ -23,4 +23,4 @@ maintainers: name: instana-agent sources: - https://github.com/instana/instana-agent-docker -version: 1.2.63 +version: 1.2.65 diff --git a/charts/instana/instana-agent/README.md b/charts/instana/instana-agent/README.md index 008ec19cc..b865dfe17 100644 --- a/charts/instana/instana-agent/README.md +++ b/charts/instana/instana-agent/README.md @@ -45,7 +45,7 @@ As described by the [Install Using the Helm Chart](https://www.instana.com/docs/ * `agent.endpointPort` * `agent.key` -_Note:_ You can find the options mentioned in the [configuration section below](#Configuration-Reference) +_Note:_ You can find the options mentioned in the [configuration section below](#configuration-reference) If your agents report into a self-managed Instana unit (also known as "on-prem"), you will also need to configure a "download key", which allows the agent to fetch its components from the Instana repository. The download key is set via the following value: @@ -77,7 +77,7 @@ The following table lists the configurable parameters of the Instana chart and t | Parameter | Description | Default | | --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | -| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#Agent-Configuration) for more details | +| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent-configuration) for more details | | `agent.configuration.autoMountConfigEntries` | (Experimental, needs Helm 3.1+) Automatically look up the entries of the default `instana-agent` ConfigMap, and mount as agent configuration files in the `instana-agent` container under the `/opt/instana/agent/etc/instana` directory all ConfigMap entries with keys that match the `configuration-*.yaml` scheme. | `false` | | `agent.configuration.hotreloadEnabled` | Enables hot-reload of a configuration.yaml upon changes in the `instana-agent` ConfigMap without requiring a restart of a pod | `false` | | `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` | @@ -141,8 +141,10 @@ The following table lists the configurable parameters of the Instana chart and t | `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `true` | | `serviceAccount.create` | Whether a ServiceAccount should be created | `true` | | `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` | -| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#Installation) for details | +| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installation) for details | | `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details | +| `k8s_sensor.podDisruptionBudget.enabled` | Whether to create DisruptionBudget for k8sensor to limit the number of concurrent disruptions | `false` | +| `k8s_sensor.deployment.pod.affinity` | `k8sensor` deployment affinity format | `podAntiAffinity` defined in `values.yaml` | ### Agent Modes @@ -292,19 +294,25 @@ It is advised to use the `k8s_sensor.deployment.enabled=true` mode on clusters o The `k8s_sensor.deployment.pod.requests.cpu`, `k8s_sensor.deployment.pod.requests.memory`, `k8s_sensor.deployment.pod.limits.cpu` and `k8s_sensor.deployment.pod.limits.memory` settings, on the other hand, allows you to change the sizing of the `k8sensor` pods. #### Determine Special Mode Enabled + To determine if Kubernetes sensor is running in a decidated `k8sensor` deployment, list deployments in the `instana-agent` namespace. + ``` kubectl get deployments -n instana-agent ``` + If it shows `k8sensor` in the list, then the special mode is enabled #### Upgrade Kubernetes Sensor + To upgrade the kubernetes sensor to the lastest version, perform a rolling restart of the `k8sensor` deployment using the following command: + ``` kubectl rollout restart deployment k8sensor -n instana-agent ``` ### Multiple Zones + You can list zones to use affinities and tolerations as the basis to associate a specific daemonset per tainted node pool. Each zone will have the following data: * `name` (required) - zone name. @@ -334,29 +342,48 @@ zones: ``` ## Changelog + +### 1.2.65 + +* Ensure we have appropriate SCC when running with new K8s sensor. + +### 1.2.64 + +* Remove RBAC not required by agent when kubernetes-sensor is disabed. +* Add settings override for k8s-sensor affinity +* Add optional pod disruption budget for k8s-sensor + ### 1.2.63 + * Add RBAC required to allow access to /metrics end-points. ### 1.2.62 + * Include k8s-sensor resources in the default static YAML definitions ### 1.2.61 + * Increase timeout and initialDelay for the Agent container * Add OTLP ports to headless service ### 1.2.60 + * Enable the k8s_sensor by default ### 1.2.59 + * Introduce unique selectorLabels and commonLabels for k8s-sensor deployment ### 1.2.58 + * Default to `internalTrafficPolicy` instead of `topologyKeys` for rendering of static YAMLs ### 1.2.57 + * Fix vulnerability in the leader-elector image ### 1.2.49 + * Add zone name to label `io.instana/zone` in daemonset ### 1.2.48 diff --git a/charts/instana/instana-agent/templates/clusterrole.yaml b/charts/instana/instana-agent/templates/clusterrole.yaml index 03331c881..11509928d 100644 --- a/charts/instana/instana-agent/templates/clusterrole.yaml +++ b/charts/instana/instana-agent/templates/clusterrole.yaml @@ -18,6 +18,25 @@ rules: apiGroups: [] resources: [] {{- end }} +- apiGroups: [""] + resources: + - "nodes" + - "nodes/stats" + - "nodes/metrics" + - "pods" +{{- if and $.Values.kubernetes.deployment.enabled (not $.Values.k8s_sensor.deployment.enabled) }} + - "namespaces" + - "events" + - "services" + - "endpoints" + - "replicationcontrollers" + - "componentstatuses" + - "resourcequotas" + - "persistentvolumes" + - "persistentvolumeclaims" +{{- end }} + verbs: ["get", "list", "watch"] +{{- if and $.Values.kubernetes.deployment.enabled (not $.Values.k8s_sensor.deployment.enabled) }} - apiGroups: ["batch"] resources: - "jobs" @@ -36,22 +55,6 @@ rules: - "daemonsets" - "statefulsets" verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: - - "namespaces" - - "events" - - "services" - - "endpoints" - - "nodes" - - "nodes/stats" - - "nodes/metrics" - - "pods" - - "replicationcontrollers" - - "componentstatuses" - - "resourcequotas" - - "persistentvolumes" - - "persistentvolumeclaims" - verbs: ["get", "list", "watch"] - apiGroups: [""] resources: - "endpoints" @@ -65,11 +68,14 @@ rules: resources: - "deploymentconfigs" verbs: ["get", "list", "watch"] +{{- end -}} +{{- end }} +{{- if or .Values.openshift (.Capabilities.APIVersions.Has "apps.openshift.io/v1") }} - apiGroups: ["security.openshift.io"] resourceNames: ["privileged"] resources: ["securitycontextconstraints"] verbs: ["use"] -{{- end -}} +{{- end }} {{- if .Values.podSecurityPolicy.enable}} {{- if semverCompare "< 1.25.x" (include "kubeVersion" .) }} - apiGroups: ["policy"] diff --git a/charts/instana/instana-agent/templates/headless-service.yaml b/charts/instana/instana-agent/templates/headless-service.yaml index 670e3a231..d5636f3bc 100644 --- a/charts/instana/instana-agent/templates/headless-service.yaml +++ b/charts/instana/instana-agent/templates/headless-service.yaml @@ -17,10 +17,6 @@ spec: protocol: TCP port: 42699 targetPort: 42699 - - name: agent-socket - protocol: TCP - port: 42666 - targetPort: 42666 {{ if eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .) }} # OpenTelemetry original default port - name: opentelemetry diff --git a/charts/instana/instana-agent/templates/k8s-sensor-deployment.yaml b/charts/instana/instana-agent/templates/k8s-sensor-deployment.yaml index daedf33f6..f92acfa0b 100644 --- a/charts/instana/instana-agent/templates/k8s-sensor-deployment.yaml +++ b/charts/instana/instana-agent/templates/k8s-sensor-deployment.yaml @@ -124,19 +124,7 @@ spec: {{- toYaml .Values.k8s_sensor.deployment.pod.tolerations | nindent 8 }} {{- end }} affinity: - podAntiAffinity: - # Soft anti-affinity policy: try not to schedule multiple kubernetes-sensor pods on the same node. - # If the policy is set to "requiredDuringSchedulingIgnoredDuringExecution", if the cluster has - # fewer nodes than the amount of desired replicas, `helm install/upgrade --wait` will not return. - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: instana/agent-mode - operator: In - values: [ KUBERNETES ] - topologyKey: "kubernetes.io/hostname" + {{- toYaml .Values.k8s_sensor.deployment.pod.affinity | nindent 8 }} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/instana/instana-agent/templates/k8s-sensor-pod-disruption-budget.yaml b/charts/instana/instana-agent/templates/k8s-sensor-pod-disruption-budget.yaml new file mode 100644 index 000000000..568a6f4d6 --- /dev/null +++ b/charts/instana/instana-agent/templates/k8s-sensor-pod-disruption-budget.yaml @@ -0,0 +1,13 @@ +{{- if .Values.k8s_sensor.podDisruptionBudget.enabled -}} +{{- if (gt (int .Values.k8s_sensor.deployment.replicas) 1) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: k8sensor +spec: + selector: + matchLabels: + {{- include "k8s-sensor.selectorLabels" . | nindent 6 }} + minAvailable: {{ sub (int .Values.k8s_sensor.deployment.replicas) 1 }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/instana/instana-agent/values.yaml b/charts/instana/instana-agent/values.yaml index 12e929795..b1d7ec40b 100644 --- a/charts/instana/instana-agent/values.yaml +++ b/charts/instana/instana-agent/values.yaml @@ -255,6 +255,23 @@ k8s_sensor: memory: 1536Mi # k8s_sensor.deployment.pod.limits.cpu sets the CPU units allocation limits for the agent pods. cpu: 500m + affinity: + podAntiAffinity: + # Soft anti-affinity policy: try not to schedule multiple kubernetes-sensor pods on the same node. + # If the policy is set to "requiredDuringSchedulingIgnoredDuringExecution", if the cluster has + # fewer nodes than the amount of desired replicas, `helm install/upgrade --wait` will not return. + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: instana/agent-mode + operator: In + values: [ KUBERNETES ] + topologyKey: "kubernetes.io/hostname" + podDisruptionBudget: + # Specifies whether or not to setup a pod disruption budget for the k8sensor deployment + enabled: false kubernetes: # Configures use of a Deployment for the Kubernetes sensor rather than as a potential member of the DaemonSet. Is only accepted if k8s_sensor.deployment.enabled=false diff --git a/charts/jenkins/jenkins/CHANGELOG.md b/charts/jenkins/jenkins/CHANGELOG.md index cdbb767a2..228ff3427 100644 --- a/charts/jenkins/jenkins/CHANGELOG.md +++ b/charts/jenkins/jenkins/CHANGELOG.md @@ -12,6 +12,10 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0. The changelog until v1.5.7 was auto-generated based on git commits. Those entries include a reference to the git commit to be able to get more details. +## 4.7.1 + +Changes in 4.7.0 were reverted. + ## 4.7.0 Runs `config-reload` as an init container, in addition to the sidecar container, to ensure that JCasC YAMLS are present before the main Jenkins container starts. This should fix some race conditions and crashes on startup. diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index a2d6ed770..57722a275 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -49,4 +49,4 @@ sources: - https://github.com/jenkinsci/docker-inbound-agent - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin -version: 4.7.0 +version: 4.7.2 diff --git a/charts/jenkins/jenkins/VALUES_SUMMARY.md b/charts/jenkins/jenkins/VALUES_SUMMARY.md index b02efdade..322ae44d2 100644 --- a/charts/jenkins/jenkins/VALUES_SUMMARY.md +++ b/charts/jenkins/jenkins/VALUES_SUMMARY.md @@ -22,21 +22,20 @@ The following tables list the configurable parameters of the Jenkins chart and t #### Jenkins Configuration as Code (JCasC) -| Parameter | Description | Default | -|-----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------| -| `controller.JCasC.defaultConfig` | Enables default Jenkins configuration via configuration as code plugin | `true` | -| `controller.JCasC.configScripts` | List of Jenkins Config as Code scripts | `{}` | -| `controller.JCasC.security` | Jenkins Config as Code for Security section | `legacy` | -| `controller.JCasC.securityRealm` | Jenkins Config as Code for Security Realm | `legacy` | -| `controller.JCasC.authorizationStrategy` | Jenkins Config as Code for Authorization Strategy | `loggedInUsersCanDoAnything` | -| `controller.sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | | -| `controller.sidecars.configAutoReload.enabled` | Jenkins Config as Code auto-reload settings (Attention: rbac needs to be enabled otherwise the sidecar can't read the config map) | `true` | -| `controller.sidecars.configAutoReload.image` | Image which triggers the reload | `kiwigrid/k8s-sidecar:1.24.4` | -| `controller.sidecars.configAutoReload.reqRetryConnect` | How many connection-related errors to retry on | `10` | -| `controller.sidecars.configAutoReload.sleepTime` | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | Not set | -| `controller.sidecars.configAutoReload.envFrom` | Environment variable sources for the Jenkins Config as Code auto-reload container | Not set | -| `controller.sidecars.configAutoReload.env` | Environment variables for the Jenkins Config as Code auto-reload container | Not set | -| `controller.sidecars.configAutoReload.containerSecurityContext` | Enable container security context | `{readOnlyRootFilesystem: true, allowPrivilegeEscalation: false}` | +| Parameter | Description | Default | +| --------------------------------- | ------------------------------------ |-------------------------------------------------------------------| +| `controller.JCasC.defaultConfig` | Enables default Jenkins configuration via configuration as code plugin | `true` | +| `controller.JCasC.configScripts` | List of Jenkins Config as Code scripts | `{}` | +| `controller.JCasC.security` | Jenkins Config as Code for Security section | `legacy` | +| `controller.JCasC.securityRealm` | Jenkins Config as Code for Security Realm | `legacy` | +| `controller.JCasC.authorizationStrategy` | Jenkins Config as Code for Authorization Strategy | `loggedInUsersCanDoAnything` | +| `controller.sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | | +| `controller.sidecars.configAutoReload.enabled` | Jenkins Config as Code auto-reload settings (Attention: rbac needs to be enabled otherwise the sidecar can't read the config map) | `true` | +| `controller.sidecars.configAutoReload.image` | Image which triggers the reload | `kiwigrid/k8s-sidecar:1.24.4` | +| `controller.sidecars.configAutoReload.reqRetryConnect` | How many connection-related errors to retry on | `10` | +| `controller.sidecars.configAutoReload.envFrom` | Environment variable sources for the Jenkins Config as Code auto-reload container | Not set | +| `controller.sidecars.configAutoReload.env` | Environment variables for the Jenkins Config as Code auto-reload container | Not set | +| `controller.sidecars.configAutoReload.containerSecurityContext` | Enable container security context | `{readOnlyRootFilesystem: true, allowPrivilegeEscalation: false}` | #### Jenkins Configuration Files & Scripts diff --git a/charts/jenkins/jenkins/templates/_helpers.tpl b/charts/jenkins/jenkins/templates/_helpers.tpl index f5552c7cb..18523a83d 100644 --- a/charts/jenkins/jenkins/templates/_helpers.tpl +++ b/charts/jenkins/jenkins/templates/_helpers.tpl @@ -88,9 +88,9 @@ Returns the Jenkins URL {{- else }} {{- if .Values.controller.ingress.hostName }} {{- if .Values.controller.ingress.tls }} - {{- default "https" .Values.controller.jenkinsUrlProtocol }}://{{ .Values.controller.ingress.hostName }}{{ default "" .Values.controller.jenkinsUriPrefix }} + {{- default "https" .Values.controller.jenkinsUrlProtocol }}://{{ tpl .Values.controller.ingress.hostName $ }}{{ default "" .Values.controller.jenkinsUriPrefix }} {{- else }} - {{- default "http" .Values.controller.jenkinsUrlProtocol }}://{{ .Values.controller.ingress.hostName }}{{ default "" .Values.controller.jenkinsUriPrefix }} + {{- default "http" .Values.controller.jenkinsUrlProtocol }}://{{ tpl .Values.controller.ingress.hostName $ }}{{ default "" .Values.controller.jenkinsUriPrefix }} {{- end }} {{- else }} {{- default "http" .Values.controller.jenkinsUrlProtocol }}://{{ template "jenkins.fullname" . }}:{{.Values.controller.servicePort}}{{ default "" .Values.controller.jenkinsUriPrefix }} @@ -480,59 +480,3 @@ Create the HTTP port for interacting with the controller {{- .Values.controller.targetPort -}} {{- end -}} {{- end -}} - -{{- define "jenkins.configReloadContainer" -}} -{{- $root := index . 0 -}} -{{- $containerName := index . 1 -}} -{{- $method := index . 2 -}} -- name: {{ $containerName }} - image: "{{ $root.Values.controller.sidecars.configAutoReload.image }}" - imagePullPolicy: {{ $root.Values.controller.sidecars.configAutoReload.imagePullPolicy }} - {{- if $root.Values.controller.sidecars.configAutoReload.containerSecurityContext }} - securityContext: {{- toYaml $root.Values.controller.sidecars.configAutoReload.containerSecurityContext | nindent 4 }} - {{- end }} - {{- if $root.Values.controller.sidecars.configAutoReload.envFrom }} - envFrom: -{{ (tpl (toYaml $root.Values.controller.sidecars.configAutoReload.envFrom) $root) | indent 4 }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: LABEL - value: "{{ template "jenkins.fullname" $root }}-jenkins-config" - - name: FOLDER - value: "{{ $root.Values.controller.sidecars.configAutoReload.folder }}" - - name: NAMESPACE - value: '{{ $root.Values.controller.sidecars.configAutoReload.searchNamespace | default (include "jenkins.namespace" $root) }}' -{{- if $method }} - - name: METHOD - value: "{{ $method }}" -{{- else if $root.Values.controller.sidecars.configAutoReload.sleepTime }} - - name: METHOD - value: "SLEEP" - - name: SLEEP_TIME - value: "{{ $root.Values.controller.sidecars.configAutoReload.sleepTime }}" -{{- end }} - - name: REQ_URL - value: "http://localhost:{{- include "controller.httpPort" $root -}}{{- $root.Values.controller.jenkinsUriPrefix -}}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" - - name: REQ_METHOD - value: "POST" - - name: REQ_RETRY_CONNECT - value: "{{ $root.Values.controller.sidecars.configAutoReload.reqRetryConnect }}" - {{- if $root.Values.controller.sidecars.configAutoReload.env }} -{{ (tpl (toYaml $root.Values.controller.sidecars.configAutoReload.env) $root) | indent 4 }} - {{- end }} - resources: -{{ toYaml $root.Values.controller.sidecars.configAutoReload.resources | indent 4 }} - volumeMounts: - - name: sc-config-volume - mountPath: {{ $root.Values.controller.sidecars.configAutoReload.folder | quote }} - - name: jenkins-home - mountPath: {{ $root.Values.controller.jenkinsHome }} - {{- if $root.Values.persistence.subPath }} - subPath: {{ $root.Values.persistence.subPath }} - {{- end }} - -{{- end -}} diff --git a/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml b/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml index 91169a993..7c8bf8d12 100644 --- a/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml +++ b/charts/jenkins/jenkins/templates/jenkins-controller-statefulset.yaml @@ -109,11 +109,6 @@ spec: {{- if .Values.controller.customInitContainers }} {{ tpl (toYaml .Values.controller.customInitContainers) . | indent 8 }} {{- end }} - -{{- if .Values.controller.sidecars.configAutoReload.enabled }} -{{- include "jenkins.configReloadContainer" (list $ "config-reload-init" "LIST") | nindent 8 }} -{{- end}} - - name: "init" image: "{{ .Values.controller.image }}:{{- include "controller.tag" . -}}" imagePullPolicy: "{{ .Values.controller.imagePullPolicy }}" @@ -306,7 +301,46 @@ spec: name: tmp-volume {{- if .Values.controller.sidecars.configAutoReload.enabled }} -{{- include "jenkins.configReloadContainer" (list $ "config-reload" nil) | nindent 8 }} + - name: config-reload + image: "{{ .Values.controller.sidecars.configAutoReload.image }}" + imagePullPolicy: {{ .Values.controller.sidecars.configAutoReload.imagePullPolicy }} + {{- if .Values.controller.sidecars.configAutoReload.containerSecurityContext }} + securityContext: {{- toYaml .Values.controller.sidecars.configAutoReload.containerSecurityContext | nindent 12 }} + {{- end }} + {{- if .Values.controller.sidecars.configAutoReload.envFrom }} + envFrom: +{{ (tpl (toYaml .Values.controller.sidecars.configAutoReload.envFrom) .) | indent 12 }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: LABEL + value: "{{ template "jenkins.fullname" . }}-jenkins-config" + - name: FOLDER + value: "{{ .Values.controller.sidecars.configAutoReload.folder }}" + - name: NAMESPACE + value: '{{ .Values.controller.sidecars.configAutoReload.searchNamespace | default (include "jenkins.namespace" .) }}' + - name: REQ_URL + value: "http://localhost:{{- include "controller.httpPort" . -}}{{- .Values.controller.jenkinsUriPrefix -}}/reload-configuration-as-code/?casc-reload-token=$(POD_NAME)" + - name: REQ_METHOD + value: "POST" + - name: REQ_RETRY_CONNECT + value: "{{ .Values.controller.sidecars.configAutoReload.reqRetryConnect }}" + {{- if .Values.controller.sidecars.configAutoReload.env }} +{{ (tpl (toYaml .Values.controller.sidecars.configAutoReload.env) .) | indent 12 }} + {{- end }} + resources: +{{ toYaml .Values.controller.sidecars.configAutoReload.resources | indent 12 }} + volumeMounts: + - name: sc-config-volume + mountPath: {{ .Values.controller.sidecars.configAutoReload.folder | quote }} + - name: jenkins-home + mountPath: {{ .Values.controller.jenkinsHome }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- end}} diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml index 6c1a6099e..c2da51eba 100644 --- a/charts/kubecost/cost-analyzer/Chart.yaml +++ b/charts/kubecost/cost-analyzer/Chart.yaml @@ -7,7 +7,7 @@ annotations: catalog.cattle.io/featured: "1" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 -appVersion: 1.106.2 +appVersion: 1.106.3 dependencies: - condition: global.grafana.enabled name: grafana @@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni cloud costs. icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer -version: 1.106.2 +version: 1.106.3 diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index d1e0862ee..ce8926daf 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -916,6 +916,8 @@ spec: {{- if .Values.oidc.enabled }} - name: OIDC_ENABLED value: "true" + - name: OIDC_SKIP_ONLINE_VALIDATION + value: {{ (quote .Values.oidc.skipOnlineTokenValidation) | default (quote false) }} {{- end}} {{- if .Values.saml }} {{- if .Values.saml.enabled }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml index ee447680c..a97df0f2b 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml @@ -19,6 +19,7 @@ data: "loginRedirectURL" : "{{ .Values.oidc.loginRedirectURL }}", "discoveryURL" : "{{ .Values.oidc.discoveryURL }}", "hostedDomain" : "{{ .Values.oidc.hostedDomain }}", + "skipOnlineTokenValidation" : "{{ .Values.oidc.skipOnlineTokenValidation | default "false" }}", "rbac" : { "enabled" : {{ .Values.oidc.rbac.enabled }}, "groups" : [ diff --git a/charts/kubecost/cost-analyzer/values.yaml b/charts/kubecost/cost-analyzer/values.yaml index 5995ed9b2..9f9bd0076 100644 --- a/charts/kubecost/cost-analyzer/values.yaml +++ b/charts/kubecost/cost-analyzer/values.yaml @@ -275,6 +275,7 @@ oidc: authURL: "https://my.auth.server/authorize" # endpoint for login to auth server loginRedirectURL: "http://my.kubecost.url/model/oidc/authorize" # Kubecost url configured in provider for redirect after authentication discoveryURL: "https://my.auth.server/.well-known/openid-configuration" # url for OIDC endpoint discovery + skipOnlineTokenValidation: false # if true, will skip accessing OIDC introspection endpoint for online token verification, and instead try to locally validate JWT claims # hostedDomain: "example.com" # optional, blocks access to the auth domain specified in the hd claim of the provider ID token rbac: enabled: false diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml index 24051c593..35008be9f 100644 --- a/charts/kuma/kuma/Chart.yaml +++ b/charts/kuma/kuma/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/namespace: kuma-system catalog.cattle.io/release-name: kuma apiVersion: v2 -appVersion: 2.4.2 +appVersion: 2.4.3 description: A Helm chart for the Kuma Control Plane home: https://github.com/kumahq/kuma icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg @@ -20,4 +20,4 @@ maintainers: name: nickolaev name: kuma type: application -version: 2.4.2 +version: 2.4.3 diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md index f56b46e06..990877f8d 100644 --- a/charts/kuma/kuma/README.md +++ b/charts/kuma/kuma/README.md @@ -2,7 +2,7 @@ A Helm chart for the Kuma Control Plane -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.4.2](https://img.shields.io/badge/Version-2.4.2-informational?style=flat-square) ![AppVersion: 2.4.2](https://img.shields.io/badge/AppVersion-2.4.2-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.4.3](https://img.shields.io/badge/Version-2.4.3-informational?style=flat-square) ![AppVersion: 2.4.3](https://img.shields.io/badge/AppVersion-2.4.3-informational?style=flat-square) **Homepage:** diff --git a/charts/minio/minio-operator/Chart.yaml b/charts/minio/minio-operator/Chart.yaml index db54fe599..ffd9837cd 100644 --- a/charts/minio/minio-operator/Chart.yaml +++ b/charts/minio/minio-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: minio-operator apiVersion: v2 -appVersion: v5.0.9 +appVersion: v5.0.10 description: A Helm chart for MinIO Operator home: https://min.io icon: https://min.io/resources/img/logo/MINIO_wordmark.png @@ -19,4 +19,4 @@ name: minio-operator sources: - https://github.com/minio/operator type: application -version: 5.0.9 +version: 5.0.10 diff --git a/charts/minio/minio-operator/Chart.yaml-e b/charts/minio/minio-operator/Chart.yaml-e index b7fc8a969..f78513aec 100644 --- a/charts/minio/minio-operator/Chart.yaml-e +++ b/charts/minio/minio-operator/Chart.yaml-e @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.9 -appVersion: v5.0.9 +version: 5.0.10 +appVersion: v5.0.10 keywords: - storage - object-storage diff --git a/charts/minio/minio-operator/values.yaml b/charts/minio/minio-operator/values.yaml index 632e02821..8a94c5cb8 100644 --- a/charts/minio/minio-operator/values.yaml +++ b/charts/minio/minio-operator/values.yaml @@ -21,7 +21,7 @@ operator: ## Image from tag (original behaviour), for example: # image: # repository: quay.io/minio/operator - # tag: v5.0.9 + # tag: v5.0.10 # pullPolicy: IfNotPresent ## Image from digest (added after original behaviour), for example: # image: @@ -30,7 +30,7 @@ operator: # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator - tag: v5.0.9 + tag: v5.0.10 pullPolicy: IfNotPresent imagePullSecrets: [ ] runtimeClassName: ~ @@ -70,7 +70,7 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.9 + tag: v5.0.10 pullPolicy: IfNotPresent env: [ ] imagePullSecrets: [ ] diff --git a/charts/minio/minio-operator/values.yaml-e b/charts/minio/minio-operator/values.yaml-e index 632e02821..8a94c5cb8 100644 --- a/charts/minio/minio-operator/values.yaml-e +++ b/charts/minio/minio-operator/values.yaml-e @@ -21,7 +21,7 @@ operator: ## Image from tag (original behaviour), for example: # image: # repository: quay.io/minio/operator - # tag: v5.0.9 + # tag: v5.0.10 # pullPolicy: IfNotPresent ## Image from digest (added after original behaviour), for example: # image: @@ -30,7 +30,7 @@ operator: # pullPolicy: IfNotPresent image: repository: quay.io/minio/operator - tag: v5.0.9 + tag: v5.0.10 pullPolicy: IfNotPresent imagePullSecrets: [ ] runtimeClassName: ~ @@ -70,7 +70,7 @@ operator: console: image: repository: quay.io/minio/operator - tag: v5.0.9 + tag: v5.0.10 pullPolicy: IfNotPresent env: [ ] imagePullSecrets: [ ] diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index e76d8c132..041dbf853 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: nats apiVersion: v2 -appVersion: 2.10.1 +appVersion: 2.10.2 description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. home: http://github.com/nats-io/k8s @@ -18,4 +18,4 @@ maintainers: name: The NATS Authors url: https://github.com/nats-io name: nats -version: 1.1.0 +version: 1.1.1 diff --git a/charts/nats/nats/files/stateful-set/nats-container.yaml b/charts/nats/nats/files/stateful-set/nats-container.yaml index 01191432b..c5402efea 100644 --- a/charts/nats/nats/files/stateful-set/nats-container.yaml +++ b/charts/nats/nats/files/stateful-set/nats-container.yaml @@ -33,11 +33,15 @@ lifecycle: - nats-server - -sl=ldm=/var/run/nats/nats.pid -{{- if .Values.config.monitor.enabled }} +{{- with .Values.config.monitor }} +{{- if .enabled }} startupProbe: httpGet: path: /healthz port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 @@ -47,6 +51,9 @@ readinessProbe: httpGet: path: /healthz?js-server-only=true port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 10 @@ -56,12 +63,16 @@ livenessProbe: httpGet: path: /healthz?js-enabled-only=true port: monitor + {{- if .tls.enabled }} + scheme: HTTPS + {{- end}} initialDelaySeconds: 10 timeoutSeconds: 5 periodSeconds: 30 successThreshold: 1 failureThreshold: 3 {{- end }} +{{- end }} volumeMounts: # nats config diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index 5ac12c469..9feb9e75e 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -308,7 +308,7 @@ config: container: image: repository: nats - tag: 2.10.1-alpine + tag: 2.10.2-alpine pullPolicy: registry: @@ -349,7 +349,7 @@ reloader: enabled: true image: repository: natsio/nats-server-config-reloader - tag: 0.11.0 + tag: 0.13.0 pullPolicy: registry: @@ -560,7 +560,7 @@ natsBox: container: image: repository: natsio/nats-box - tag: 0.14.0 + tag: 0.14.1 pullPolicy: registry: diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock index e15469675..a1cc609e0 100644 --- a/charts/new-relic/nri-bundle/Chart.lock +++ b/charts/new-relic/nri-bundle/Chart.lock @@ -1,25 +1,25 @@ dependencies: - name: newrelic-infrastructure repository: https://newrelic.github.io/nri-kubernetes - version: 3.22.0 + version: 3.23.1 - name: nri-prometheus repository: https://newrelic.github.io/nri-prometheus version: 2.1.17 - name: newrelic-prometheus-agent repository: https://newrelic.github.io/newrelic-prometheus-configurator - version: 1.3.0 + version: 1.4.1 - name: nri-metadata-injection repository: https://newrelic.github.io/k8s-metadata-injection - version: 4.7.0 + version: 4.10.0 - name: newrelic-k8s-metrics-adapter repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter - version: 1.2.1 + version: 1.4.1 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 5.12.1 - name: nri-kube-events repository: https://newrelic.github.io/nri-kube-events - version: 3.2.0 + version: 3.2.4 - name: newrelic-logging repository: https://newrelic.github.io/helm-charts version: 1.18.1 @@ -31,6 +31,6 @@ dependencies: version: 0.1.4 - name: newrelic-infra-operator repository: https://newrelic.github.io/newrelic-infra-operator - version: 2.3.0 -digest: sha256:82b2424aac104a522a9b41fc80e71f7c621600e8280ef603c1eb41226b49b9fb -generated: "2023-09-15T19:31:34.131145499Z" + version: 2.3.1 +digest: sha256:66c038ae61c70febfb31eccb0fba998becf0179545240ea415a1e1ae9cf7f5a7 +generated: "2023-10-14T02:53:55.575862896Z" diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml index e9470f13d..a16076492 100644 --- a/charts/new-relic/nri-bundle/Chart.yaml +++ b/charts/new-relic/nri-bundle/Chart.yaml @@ -7,7 +7,7 @@ dependencies: - condition: infrastructure.enabled,newrelic-infrastructure.enabled name: newrelic-infrastructure repository: file://./charts/newrelic-infrastructure - version: 3.22.0 + version: 3.23.1 - condition: prometheus.enabled,nri-prometheus.enabled name: nri-prometheus repository: file://./charts/nri-prometheus @@ -15,15 +15,15 @@ dependencies: - condition: newrelic-prometheus-agent.enabled name: newrelic-prometheus-agent repository: file://./charts/newrelic-prometheus-agent - version: 1.3.0 + version: 1.4.1 - condition: webhook.enabled,nri-metadata-injection.enabled name: nri-metadata-injection repository: file://./charts/nri-metadata-injection - version: 4.7.0 + version: 4.10.0 - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled name: newrelic-k8s-metrics-adapter repository: file://./charts/newrelic-k8s-metrics-adapter - version: 1.2.1 + version: 1.4.1 - condition: ksm.enabled,kube-state-metrics.enabled name: kube-state-metrics repository: file://./charts/kube-state-metrics @@ -31,7 +31,7 @@ dependencies: - condition: kubeEvents.enabled,nri-kube-events.enabled name: nri-kube-events repository: file://./charts/nri-kube-events - version: 3.2.0 + version: 3.2.4 - condition: logging.enabled,newrelic-logging.enabled name: newrelic-logging repository: file://./charts/newrelic-logging @@ -48,7 +48,7 @@ dependencies: - condition: newrelic-infra-operator.enabled name: newrelic-infra-operator repository: file://./charts/newrelic-infra-operator - version: 2.3.0 + version: 2.3.1 description: Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment. home: https://github.com/newrelic/helm-charts @@ -89,4 +89,4 @@ sources: - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 5.0.28 +version: 5.0.40 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml index bb1ca7765..5c300e2ac 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.11.0 +appVersion: 0.11.1 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -32,4 +32,4 @@ name: newrelic-infra-operator sources: - https://github.com/newrelic/newrelic-infra-operator - https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator -version: 2.3.0 +version: 2.3.1 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml index 7788f06a8..f419e8b68 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml @@ -140,7 +140,7 @@ config: # @default -- See `values.yaml` image: repository: newrelic/infrastructure-k8s - tag: 2.13.10-unprivileged + tag: 2.13.11-unprivileged pullPolicy: IfNotPresent # -- configSelectors is the way to configure resource requirements and extra envVars of the injected sidecar container. diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml index 037ca0abe..dc225c5fb 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.17.0 +appVersion: 3.18.1 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kubernetes/ - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - https://github.com/newrelic/infrastructure-agent/ -version: 3.22.0 +version: 3.23.1 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml index 99a2e4d9d..4da86dfc9 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.4.3 +appVersion: 0.6.2 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -12,26 +12,12 @@ keywords: - newrelic - monitoring maintainers: -- name: nserrino - url: https://github.com/nserrino -- name: philkuz - url: https://github.com/philkuz -- name: htroisi - url: https://github.com/htroisi - name: juanjjaramillo url: https://github.com/juanjjaramillo - name: svetlanabrennan url: https://github.com/svetlanabrennan -- name: nrepai - url: https://github.com/nrepai -- name: csongnr - url: https://github.com/csongnr -- name: vuqtran88 - url: https://github.com/vuqtran88 -- name: xqi-nr - url: https://github.com/xqi-nr name: newrelic-k8s-metrics-adapter sources: - https://github.com/newrelic/newrelic-k8s-metrics-adapter - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter -version: 1.2.1 +version: 1.4.1 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md index b87250c61..31288586c 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md +++ b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md @@ -71,7 +71,7 @@ config: Then, to install this chart, run the following command: ```sh -helm upgrade --install [release-name] newrelic/newrelic-k8s-metrics-adapter --values [values file path] +helm upgrade --install [release-name] newrelic-k8s-metrics-adapter/newrelic-k8s-metrics-adapter --values [values file path] ``` Once deployed the metric `nginx_average_requests` will be available to use by any HPA. This is and example of an HPA yaml using this metric: @@ -134,12 +134,5 @@ resources: ## Maintainers -* [nserrino](https://github.com/nserrino) -* [philkuz](https://github.com/philkuz) -* [htroisi](https://github.com/htroisi) * [juanjjaramillo](https://github.com/juanjjaramillo) * [svetlanabrennan](https://github.com/svetlanabrennan) -* [nrepai](https://github.com/nrepai) -* [csongnr](https://github.com/csongnr) -* [vuqtran88](https://github.com/vuqtran88) -* [xqi-nr](https://github.com/xqi-nr) diff --git a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl index b841c4f60..1de8c9553 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl +++ b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/README.md.gotmpl @@ -32,7 +32,7 @@ config: Then, to install this chart, run the following command: ```sh -helm upgrade --install [release-name] newrelic/newrelic-k8s-metrics-adapter --values [values file path] +helm upgrade --install [release-name] newrelic-k8s-metrics-adapter/newrelic-k8s-metrics-adapter --values [values file path] ``` Once deployed the metric `nginx_average_requests` will be available to use by any HPA. This is and example of an HPA yaml using this metric: diff --git a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml index 55cd840e5..8b015c0e3 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml @@ -1,5 +1,5 @@ annotations: - configuratorVersion: 1.6.0 + configuratorVersion: 1.7.1 apiVersion: v2 appVersion: v2.37.8 dependencies: @@ -31,4 +31,4 @@ maintainers: url: https://github.com/xqi-nr name: newrelic-prometheus-agent type: application -version: 1.3.0 +version: 1.4.1 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/release-notes.md b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/release-notes.md deleted file mode 100644 index edaaf119d..000000000 --- a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/release-notes.md +++ /dev/null @@ -1,2 +0,0 @@ -### ⛓️ Dependencies -- Updated newrelic/newrelic-prometheus-configurator to v1.6.0 - [Changelog 🔗](https://github.com/newrelic/newrelic-prometheus-configurator/releases/tag/1.6.0) diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml index 93357d62f..4c0466fe9 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.2.9 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kube-events/ - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events - https://github.com/newrelic/infrastructure-agent/ -version: 3.2.0 +version: 3.2.4 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md index 1ecbd0e5f..81d06c091 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md @@ -1,6 +1,6 @@ # nri-kube-events -![Version: 3.2.0](https://img.shields.io/badge/Version-3.2.0-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) +![Version: 3.2.4](https://img.shields.io/badge/Version-3.2.4-informational?style=flat-square) ![AppVersion: 2.2.9](https://img.shields.io/badge/AppVersion-2.2.9-informational?style=flat-square) A Helm chart to deploy the New Relic Kube Events router diff --git a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml index 4544ce66a..043c9c240 100644 --- a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.15.0 +appVersion: 1.18.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -22,4 +22,4 @@ name: nri-metadata-injection sources: - https://github.com/newrelic/k8s-metadata-injection - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection -version: 4.7.0 +version: 4.10.0 diff --git a/charts/prophetstor/federatorai/Chart.yaml b/charts/prophetstor/federatorai/Chart.yaml index 7a7686ffa..c484e59b2 100644 --- a/charts/prophetstor/federatorai/Chart.yaml +++ b/charts/prophetstor/federatorai/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.16.0-0' catalog.cattle.io/release-name: federatorai apiVersion: v2 -appVersion: 5.1.4-b2262 +appVersion: 5.1.5-2289 description: Federator.ai helps enterprises optimize cloud resources, maximize application performance, and save significant cost without excessive over-provisioning or under-provisioning of resources, meeting the service-level requirements of their applications. @@ -24,4 +24,4 @@ maintainers: name: federatorai sources: - https://www.prophetstor.com -version: 5.1.4 +version: 5.1.5 diff --git a/charts/prophetstor/federatorai/questions.yaml b/charts/prophetstor/federatorai/questions.yaml index 5feb36e00..7e757111b 100644 --- a/charts/prophetstor/federatorai/questions.yaml +++ b/charts/prophetstor/federatorai/questions.yaml @@ -15,7 +15,7 @@ questions: group: "Container Images" label: Federator.ai Image Registry - variable: global.imageTag - default: "v5.1.4-b2262" + default: "v5.1.5-b2289" description: "Federator.ai image tag" type: string group: "Container Images" diff --git a/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps-historical.yaml b/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps-historical.yaml index bb4fd4089..cbbadf960 100644 --- a/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps-historical.yaml +++ b/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps-historical.yaml @@ -752,8 +752,8 @@ data: #interval = "5m" query_start_time_offset = "-10m" query_end_time_offset = "0m" #Support s(second),m(minute),h(hour) - retry_interval = "$DATASOURCE_METRICS_RETRY_INTERVAL" - max_retry_times = $DATASOURCE_METRICS_MAX_RETRY_TIMES + retry_interval = "$DATASOURCE_GCP_METRICS_RETRY_INTERVAL" + max_retry_times = $DATASOURCE_GCP_METRICS_MAX_RETRY_TIMES ## data source type from which to query data ## accept values: vmware source = "gcp" diff --git a/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps.yaml b/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps.yaml index 7de59db86..7bac74260 100644 --- a/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps.yaml +++ b/charts/prophetstor/federatorai/templates/federatorai-data-adapter/configmaps.yaml @@ -1001,8 +1001,8 @@ data: interval = "5m" query_start_time_offset = "-10m" query_end_time_offset = "0m" #Support s(second),m(minute),h(hour) - retry_interval = "$DATASOURCE_METRICS_RETRY_INTERVAL" - max_retry_times = $DATASOURCE_METRICS_MAX_RETRY_TIMES + retry_interval = "$DATASOURCE_GCP_METRICS_RETRY_INTERVAL" + max_retry_times = $DATASOURCE_GCP_METRICS_MAX_RETRY_TIMES ## data source type from which to query data ## accept values: vmware source = "gcp" diff --git a/charts/prophetstor/federatorai/templates/federatorai-data-adapter/deployments.yaml b/charts/prophetstor/federatorai/templates/federatorai-data-adapter/deployments.yaml index bee7a5597..7d4e01fd3 100644 --- a/charts/prophetstor/federatorai/templates/federatorai-data-adapter/deployments.yaml +++ b/charts/prophetstor/federatorai/templates/federatorai-data-adapter/deployments.yaml @@ -150,6 +150,10 @@ spec: value: 5m - name: FEDERATORAI_METRICS_MAX_RETRY_TIMES value: "6" + - name: DATASOURCE_GCP_METRICS_RETRY_INTERVAL + value: "1s" + - name: DATASOURCE_GCP_METRICS_MAX_RETRY_TIMES + value: "10" - name: DATASOURCE_METRICS_RETRY_INTERVAL value: "10s" - name: DATASOURCE_METRICS_MAX_RETRY_TIMES diff --git a/charts/prophetstor/federatorai/values.yaml b/charts/prophetstor/federatorai/values.yaml index a6f01d37f..b83005753 100644 --- a/charts/prophetstor/federatorai/values.yaml +++ b/charts/prophetstor/federatorai/values.yaml @@ -8,7 +8,7 @@ global: ## @param global.imageTag Image tag of Federator.ai ## For example: ## imageTag: "v5.1.2-ga" - imageTag: "v5.1.4-b2262" + imageTag: "v5.1.5-b2289" ## @param global.imagePullPolicy Specify a imagePullPolicy ## For example: ## imagePullPolicy: "IfNotPresent" diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index c6f8b50ad..8b7a1b54e 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: console repository: https://charts.redpanda.com - version: 0.7.3 + version: 0.7.5 - name: connectors repository: https://charts.redpanda.com - version: 0.1.5 -digest: sha256:94c1a5a4f7d20096c89eca271067220c3f02e23d2738923ce009ea411bcff028 -generated: "2023-10-10T20:26:28.575160142Z" + version: 0.1.6 +digest: sha256:4770d2dc26e5ed437977d40d20f49a1e08176579eaf464d042c94db7e1be37cf +generated: "2023-10-14T02:49:30.448635825Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 886115687..5c6ffb968 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/redpandadata/redpanda:v23.2.9 + image: docker.redpanda.com/redpandadata/redpanda:v23.2.12 - name: busybox image: busybox:latest - name: mintel/docker-alpine-bash-curl-jq @@ -17,7 +17,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: redpanda apiVersion: v2 -appVersion: v23.2.9 +appVersion: v23.2.12 dependencies: - condition: console.enabled name: console @@ -37,4 +37,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 5.6.3 +version: 5.6.17 diff --git a/charts/redpanda/redpanda/charts/connectors/Chart.yaml b/charts/redpanda/redpanda/charts/connectors/Chart.yaml index c0becc328..f90a66390 100644 --- a/charts/redpanda/redpanda/charts/connectors/Chart.yaml +++ b/charts/redpanda/redpanda/charts/connectors/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: connectors - image: docker.redpanda.com/redpandadata/connectors:v1.0.2 + image: docker.redpanda.com/redpandadata/connectors:v1.0.6 - name: rpk image: docker.redpanda.com/redpandadata/redpanda:latest artifacthub.io/license: Apache-2.0 @@ -11,7 +11,7 @@ annotations: - name: "Helm (>= 3.6.0)" url: https://helm.sh/docs/intro/install/ apiVersion: v2 -appVersion: v1.0.2 +appVersion: v1.0.6 description: Redpanda managed Connectors helm chart icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg kubeVersion: ^1.21.0-0 @@ -22,4 +22,4 @@ name: connectors sources: - https://github.com/redpanda-data/helm-charts type: application -version: 0.1.5 +version: 0.1.6 diff --git a/charts/redpanda/redpanda/charts/connectors/templates/_helpers.tpl b/charts/redpanda/redpanda/charts/connectors/templates/_helpers.tpl index 6563f8195..50a4e0b52 100644 --- a/charts/redpanda/redpanda/charts/connectors/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/charts/connectors/templates/_helpers.tpl @@ -107,3 +107,7 @@ Use AppVersion if image.tag is not set {{- end -}} {{- $tag -}} {{- end -}} + +{{- define "curl-options" -}} +{{- print " -svm3 --fail --retry \"120\" --retry-max-time \"120\" --retry-all-errors -o - -w \"\\nstatus=%{http_code} %{redirect_url} size=%{size_download} time=%{time_total} content-type=\\\"%{content_type}\\\"\\n\" "}} +{{- end -}} diff --git a/charts/redpanda/redpanda/charts/connectors/templates/tests/01-mm2-values.yaml b/charts/redpanda/redpanda/charts/connectors/templates/tests/01-mm2-values.yaml index bc37e8b01..5d2e38d44 100644 --- a/charts/redpanda/redpanda/charts/connectors/templates/tests/01-mm2-values.yaml +++ b/charts/redpanda/redpanda/charts/connectors/templates/tests/01-mm2-values.yaml @@ -39,7 +39,20 @@ spec: - /bin/bash - -c - | - set -x + set -xe + + trap connectorsState ERR + + connectorsState () { + echo check connectors expand status + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors?expand=status + echo check connectors expand info + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors?expand=info + echo check connector configuration + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors/$CONNECTOR_NAME + echo check connector topics + curl {{ template "curl-options" . }} http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors/$CONNECTOR_NAME/topics + } curl http://{{ include "connectors.serviceName" . }}:{{ .Values.connectors.restPort }}/connectors && echo @@ -51,7 +64,6 @@ spec: SASL_MECHANISM="PLAIN" {{- if .Values.auth.sasl.enabled }} - set -e set +x IFS=: read -r CONNECT_SASL_USERNAME KAFKA_SASL_PASSWORD CONNECT_SASL_MECHANISM < $(find /mnt/users/* -print) @@ -64,7 +76,6 @@ spec: fi set -x - set +e {{- end }} {{- if .Values.connectors.brokerTLS.enabled }} diff --git a/charts/redpanda/redpanda/charts/console/Chart.yaml b/charts/redpanda/redpanda/charts/console/Chart.yaml index 65542a686..20a54ff6d 100644 --- a/charts/redpanda/redpanda/charts/console/Chart.yaml +++ b/charts/redpanda/redpanda/charts/console/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/redpandadata/console:v2.2.5 + image: docker.redpanda.com/redpandadata/console:v2.3.4 artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Documentation @@ -9,7 +9,7 @@ annotations: - name: "Helm (>= 3.6.0)" url: https://helm.sh/docs/intro/install/ apiVersion: v2 -appVersion: v2.3.3 +appVersion: v2.3.4 description: Helm chart to deploy Redpanda Console. icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg maintainers: @@ -19,4 +19,4 @@ name: console sources: - https://github.com/redpanda-data/helm-charts type: application -version: 0.7.3 +version: 0.7.5 diff --git a/charts/redpanda/redpanda/charts/console/templates/service.yaml b/charts/redpanda/redpanda/charts/console/templates/service.yaml index b35a3471a..f853c4a95 100644 --- a/charts/redpanda/redpanda/charts/console/templates/service.yaml +++ b/charts/redpanda/redpanda/charts/console/templates/service.yaml @@ -30,4 +30,7 @@ spec: targetPort: {{ include "console.containerPort" . }} protocol: TCP name: http + {{- if and (contains "NodePort" .Values.service.type) .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} selector: {{- include "console.selectorLabels" . | nindent 4 }} diff --git a/charts/redpanda/redpanda/charts/console/values.schema.json b/charts/redpanda/redpanda/charts/console/values.schema.json index dcab4b69e..98a150579 100644 --- a/charts/redpanda/redpanda/charts/console/values.schema.json +++ b/charts/redpanda/redpanda/charts/console/values.schema.json @@ -259,6 +259,9 @@ "port": { "type": "integer" }, + "nodePort": { + "type": "integer" + }, "targetPort": { "anyOf": [ { diff --git a/charts/redpanda/redpanda/charts/console/values.yaml b/charts/redpanda/redpanda/charts/console/values.yaml index a822b3e58..97cfbfd83 100644 --- a/charts/redpanda/redpanda/charts/console/values.yaml +++ b/charts/redpanda/redpanda/charts/console/values.yaml @@ -75,6 +75,7 @@ securityContext: service: type: ClusterIP port: 8080 + # nodePort: 30001 # -- Override the value in `console.config.server.listenPort` if not `nil` targetPort: annotations: {} diff --git a/charts/redpanda/redpanda/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml b/charts/redpanda/redpanda/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml index ac06b1f53..85a9219de 100644 --- a/charts/redpanda/redpanda/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml +++ b/charts/redpanda/redpanda/ci/02-one-node-cluster-no-tls-no-sasl-values.yaml @@ -28,3 +28,5 @@ storage: connectors: enabled: true + logging: + level: debug diff --git a/charts/redpanda/redpanda/ci/03-one-node-cluster-tls-no-sasl-values.yaml b/charts/redpanda/redpanda/ci/03-one-node-cluster-tls-no-sasl-values.yaml index fa0423867..b97709c23 100644 --- a/charts/redpanda/redpanda/ci/03-one-node-cluster-tls-no-sasl-values.yaml +++ b/charts/redpanda/redpanda/ci/03-one-node-cluster-tls-no-sasl-values.yaml @@ -26,3 +26,5 @@ storage: connectors: enabled: true + logging: + level: debug diff --git a/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml b/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml index 141dac616..e93eed3b6 100644 --- a/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml +++ b/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml @@ -32,3 +32,5 @@ storage: connectors: enabled: true + logging: + level: debug diff --git a/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml b/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml index c52d568b6..3b088c155 100644 --- a/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml +++ b/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml @@ -34,3 +34,5 @@ storage: connectors: enabled: true + logging: + level: debug diff --git a/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml b/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml index 671d1ea25..2c4c672b8 100644 --- a/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml +++ b/charts/redpanda/redpanda/ci/99-none-existent-config-options-with-empty-values.yaml @@ -19,17 +19,19 @@ enterprise: key: license-key storage: - tieredConfig: - cloud_storage_enabled: true - cloud_storage_secret_key: test - cloud_storage_access_key: test - cloud_storage_region: test - cloud_storage_bucket: test - storage_zero_value: 0 - storage_null_value: null - storage_empty_array_value: [] - storage_empty_map_value: {} - storage_empty_string_value: "" + tiered: + config: + cloud_storage_enabled: true + cloud_storage_cache_size: 11G + cloud_storage_secret_key: test + cloud_storage_access_key: test + cloud_storage_region: test + cloud_storage_bucket: test + storage_zero_value: 0 + storage_null_value: null + storage_empty_array_value: [] + storage_empty_map_value: {} + storage_empty_string_value: "" config: cluster: diff --git a/charts/redpanda/redpanda/templates/_configmap.tpl b/charts/redpanda/redpanda/templates/_configmap.tpl index 722c99396..1f829c55d 100644 --- a/charts/redpanda/redpanda/templates/_configmap.tpl +++ b/charts/redpanda/redpanda/templates/_configmap.tpl @@ -87,7 +87,11 @@ bootstrap.yaml: | {{- end }} {{- range $key, $element := $tieredStorageConfig}} {{- if or (eq (typeOf $element) "bool") $element }} - {{- dict $key $element | toYaml | nindent 2 }} + {{- if eq $key "cloud_storage_cache_size" }} + {{- dict $key (include "SI-to-bytes" $element) | toYaml | nindent 2 -}} + {{- else }} + {{- dict $key $element | toYaml | nindent 2 -}} + {{- end }} {{- end }} {{- end }} {{- end }} @@ -289,7 +293,11 @@ redpanda.yaml: | {{- end }} {{- range $key, $element := $tieredStorageConfig }} {{- if or (eq (typeOf $element) "bool") $element }} - {{- dict $key $element | toYaml | nindent 2 -}} + {{- if eq $key "cloud_storage_cache_size" }} + {{- dict $key (include "SI-to-bytes" $element) | toYaml | nindent 2 -}} + {{- else }} + {{- dict $key $element | toYaml | nindent 2 -}} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index e17f7671a..da6ad6d97 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -640,7 +640,7 @@ return licenseSecretRef.key checks deprecated values entry if current values emp mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} - name: mtls-client - mountPath: /etc/ls/certs/{{ template "redpanda.fullname" $ }}-client + mountPath: /etc/tls/certs/{{ template "redpanda.fullname" $ }}-client {{- end }} {{- end -}} @@ -683,28 +683,36 @@ return licenseSecretRef.key checks deprecated values entry if current values emp {{/* support legacy tiered storage type selection */}} {{- define "storage-tiered-mountType" -}} -{{- if dig "tieredStoragePersistentVolume" "enabled" false .Values.storage -}} -persistentVolume -{{- else if dig "tieredStorageHostPath" false .Values.storage -}} -hostPath -{{- else -}} -{{- .Values.storage.tiered.mountType -}} -{{- end -}} + {{- $mountType := .Values.storage.tiered.mountType -}} + {{- if dig "tieredStoragePersistentVolume" "enabled" false .Values.storage -}} + {{- $mountType = "persistentVolume" -}} + {{- else if dig "tieredStorageHostPath" false .Values.storage -}} + {{- $mountType = "hostPath" -}} + {{- end -}} + {{- $mountType -}} {{- end -}} {{/* support legacy storage.tieredStoragePersistentVolume */}} {{- define "storage-tiered-persistentvolume" -}} -{{- dig "tieredStoragePersistentVolume" .Values.storage.tiered.persistentVolume .Values.storage | toJson -}} + {{- $pv := dig "tieredStoragePersistentVolume" .Values.storage.tiered.persistentVolume .Values.storage | toJson -}} + {{- if empty $pv -}} + {{- fail "storage.tiered.mountType is \"persistentVolume\" but storage.tiered.persistentVolume is not configured" -}} + {{- end -}} + {{- $pv -}} {{- end -}} {{/* support legacy storage.tieredStorageHostPath */}} {{- define "storage-tiered-hostpath" -}} -{{- dig "tieredStorageHostPath" .Values.storage.tiered.hostPath .Values.storage -}} + {{- $hp := dig "tieredStorageHostPath" .Values.storage.tiered.hostPath .Values.storage -}} + {{- if empty $hp -}} + {{- fail "storage.tiered.mountType is \"hostPath\" but storage.tiered.hostPath is empty" -}} + {{- end -}} + {{- $hp -}} {{- end -}} {{/* support legacy storage.tieredConfig */}} {{- define "storage-tiered-config" -}} -{{- dig "tieredConfig" .Values.storage.tiered.config .Values.storage | toJson -}} + {{- dig "tieredConfig" .Values.storage.tiered.config .Values.storage | toJson -}} {{- end -}} {{/* @@ -720,3 +728,15 @@ RPK_USER RPK_PASS RPK_SASL_MECHANISM REDPANDA_SASL_USERNAME REDPANDA_SASL_PASSWORD REDPANDA_SASL_MECHANISM {{- end -}} {{- end -}} + +{{- define "curl-options" -}} +{{- print " -svm3 --fail --retry \"120\" --retry-max-time \"120\" --retry-all-errors -o - -w \"\\nstatus=%{http_code} %{redirect_url} size=%{size_download} time=%{time_total} content-type=\\\"%{content_type}\\\"\\n\" "}} +{{- end -}} + +{{- define "advertised-address-template" -}} + {{- $prefixTemplate := dig "prefixTemplate" "" .externalListener -}} + {{- if empty $prefixTemplate -}} + {{- $prefixTemplate = dig "prefixTemplate" "" .externalVals -}} + {{- end -}} + {{ quote $prefixTemplate }} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/_job.tpl b/charts/redpanda/redpanda/templates/_job.tpl new file mode 100644 index 000000000..98bd1f0db --- /dev/null +++ b/charts/redpanda/redpanda/templates/_job.tpl @@ -0,0 +1,38 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +Set affinity for post_install_job, defaults to global affinity if not defined in post_install_job +*/}} +{{- define "post-install-job-affinity" -}} +{{- $affinity := .Values.affinity -}} +{{- if not ( empty .Values.post_install_job.affinity ) -}} + {{- $affinity = .Values.post_install_job.affinity -}} +{{- end -}} +{{- toYaml $affinity -}} +{{- end -}} + +{{/* +Set affinity for post_upgrade_job, defaults to global affinity if not defined in post_upgrade_job +*/}} +{{- define "post-upgrade-job-affinity" -}} +{{- $affinity := .Values.affinity -}} +{{- if not ( empty .Values.post_upgrade_job.affinity ) -}} + {{- $affinity = .Values.post_upgrade_job.affinity -}} +{{- end -}} +{{- toYaml $affinity -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/_statefulset.tpl b/charts/redpanda/redpanda/templates/_statefulset.tpl index 882d5a767..e66c31b2f 100644 --- a/charts/redpanda/redpanda/templates/_statefulset.tpl +++ b/charts/redpanda/redpanda/templates/_statefulset.tpl @@ -67,3 +67,38 @@ Set nodeSelector for statefulset, defaults to global nodeSelector if not defined {{- toYaml $nodeSelectors -}} {{- end -}} +{{/* +Set affinity for statefulset, defaults to global affinity if not defined in statefulset +*/}} +{{- define "statefulset-affinity" -}} +{{- if not ( empty .Values.statefulset.nodeAffinity ) -}} +nodeAffinity: {{ toYaml .Values.statefulset.nodeAffinity | nindent 2 }} +{{- else if not ( empty .Values.affinity.nodeAffinity ) -}} +nodeAffinity: {{ toYaml .Values.affinity.nodeAffinity | nindent 2 }} +{{- end }} +{{- if not ( empty .Values.statefulset.podAffinity ) -}} +podAffinity: {{ toYaml .Values.statefulset.podAffinity | nindent 2 }} +{{- else if not ( empty .Values.affinity.podAffinity ) -}} +podAffinity: {{ toYaml .Values.affinity.podAffinity | nindent 2 }} +{{- end }} +{{- if not ( empty .Values.statefulset.podAntiAffinity ) -}} +podAntiAffinity: + {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: {{ include "statefulset-pod-labels" . | nindent 8 }} + {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} + podAffinityTerm: + topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} + labelSelector: + matchLabels: {{ include "statefulset-pod-labels" . | nindent 8 }} + {{- else if eq .Values.statefulset.podAntiAffinity.type "custom" -}} + {{- toYaml .Values.statefulset.podAntiAffinity.custom | nindent 2 }} + {{- end -}} +{{- else if not ( empty .Values.affinity.podAntiAffinity ) -}} +podAntiAffinity: {{ toYaml .Values.affinity.podAntiAffinity | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/cert-issuers.yaml b/charts/redpanda/redpanda/templates/cert-issuers.yaml index ebdb0bac0..1ac78ed2b 100644 --- a/charts/redpanda/redpanda/templates/cert-issuers.yaml +++ b/charts/redpanda/redpanda/templates/cert-issuers.yaml @@ -21,6 +21,7 @@ limitations under the License. {{- range $name, $data := $values.tls.certs }} {{/* If secretRef is defined, do not create any of these certificates. */}} {{- if not (hasKey $data "secretRef") }} + {{- $d := $data.duration }} --- {{/* If issuerRef is defined, use the specified issuer for the certs @@ -65,6 +66,7 @@ metadata: {{- . | nindent 4 }} {{- end }} spec: + duration: {{ $d | default "43800h" }} isCA: true commonName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-root-certificate diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index 287602e67..39fc7d2c4 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -56,11 +56,11 @@ spec: {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with ( include "post-install-job-affinity" . ) }} + affinity: {{- . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.post_install_job.affinity }} - affinity: {{- toYaml . | nindent 8 }} {{- end }} restartPolicy: Never securityContext: {{ include "pod-security-context" . | nindent 8 }} diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index f6c785b2a..03e86f349 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -50,11 +50,11 @@ spec: {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} + {{- with ( include "post-upgrade-job-affinity" . ) }} + affinity: {{- . | nindent 8 }} + {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.post_upgrade_job.affinity }} - affinity: {{- toYaml . | nindent 8 }} {{- end }} restartPolicy: Never securityContext: {{ include "pod-security-context" . | nindent 8 }} diff --git a/charts/redpanda/redpanda/templates/secrets.yaml b/charts/redpanda/redpanda/templates/secrets.yaml index 97ca27bf8..a82607f47 100644 --- a/charts/redpanda/redpanda/templates/secrets.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -200,7 +200,8 @@ stringData: USERS_FILE=$(find ${USERS_DIR}/* -print) USERS_LIST="" READ_LIST_SUCCESS=0 - while read p; do + # Read line by line, handle a missing EOL at the end of file + while read p || [ -n "$p" ] ; do IFS=":" read -r USER_NAME PASSWORD MECHANISM <<< $p # Do not process empty lines if [ -z "$USER_NAME" ]; then @@ -288,31 +289,6 @@ stringData: KUBERNETES_NODE_NAME=$2 POD_ORDINAL=${SERVICE_NAME##*-} BROKER_INDEX=`expr $POD_ORDINAL + 1` -{{- range $listenerName := (list "kafka" "http") }} -{{- $listenerVals := get $values.listeners $listenerName }} - {{- $ordList := list }} - {{- /* do this for each pod in the statefulset */}} - {{- range $replicaIndex := until ($values.statefulset.replicas | int) }} - {{- /* build a list of listeners */}} - {{- $listenerList := list (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" $listenerVals.port)) }} - {{- if $listenerVals.external }} - {{- /* add each external listener */}} - {{- range $externalName, $externalVals := $listenerVals.external }} - {{- $tmplVals := dict "listenerVals" $listenerVals "externalVals" $externalVals "externalName" $externalName "externalAdvertiseAddress" $externalAdvertiseAddress "values" $values "replicaIndex" $replicaIndex }} - {{- $port := int (include "advertised-port" $tmplVals) }} - {{- $host := tpl (include "advertised-host" (mustMerge $tmplVals (dict "port" $port)) ) $ }} - {{- $listenerList = mustAppend $listenerList $host }} - {{- end }} - {{- end }} - {{- /* - This is making a semicolon list of listeners, one list for each pod. - We can safely remove all the spaces as there cannot be a space in a name, address, or port, and this fixes - a problem where a user can feed in a trailing space on a hostname. - */}} - {{- $ordList = mustAppend $ordList (nospace (join ";" $listenerList)) }} - {{- end }} - ADVERTISED_{{ upper $listenerName }}_ADDRESSES={{ quote (join " " $ordList) }} -{{- end }} CONFIG=/etc/redpanda/redpanda.yaml @@ -328,29 +304,44 @@ stringData: rpk --config "${CONFIG}" redpanda config set redpanda.seed_servers '[]' --format yaml fi {{- end }} - - LISTENER_INDEX=1 - # So the first cut is to give us the listeners for that NODE (deliminated by a ' ' space), - # the second cut just starts us with the first listener since these are deliminated by ';' - LISTENER=`echo $ADVERTISED_KAFKA_ADDRESSES | cut -d ' ' -f $BROKER_INDEX | cut -d ';' -f $LISTENER_INDEX` - until [ "$LISTENER" == "" ]; do - rpk redpanda config --config "$CONFIG" set redpanda.advertised_kafka_api[$(($LISTENER_INDEX-1))] "$LISTENER" - let "LISTENER_INDEX+=1" - LISTENER=`echo $ADVERTISED_KAFKA_ADDRESSES | cut -d ' ' -f $BROKER_INDEX | cut -d ';' -f $LISTENER_INDEX` - done - - LISTENER_INDEX=1 - # So the first cut is to give us the listeners for that NODE (deliminated by a ' ' space), - # the second cut just starts us with the first listener since these are deliminated by ';' - LISTENER=`echo $ADVERTISED_HTTP_ADDRESSES | cut -d ' ' -f $BROKER_INDEX | cut -d ';' -f $LISTENER_INDEX` - until [ "$LISTENER" == "" ]; do - rpk redpanda config --config "$CONFIG" set pandaproxy.advertised_pandaproxy_api[$(($LISTENER_INDEX-1))] "$LISTENER" - let "LISTENER_INDEX+=1" - LISTENER=`echo $ADVERTISED_HTTP_ADDRESSES | cut -d ' ' -f $BROKER_INDEX | cut -d ';' -f $LISTENER_INDEX` - done - + +{{- range $listenerName := (list "kafka" "http") }} + {{- $listenerAdvertisedName := $listenerName }} + {{- $redpandaConfigPart := "redpanda" }} + {{- if eq $listenerAdvertisedName "http" }} + {{- $listenerAdvertisedName = "pandaproxy" }} + {{- $redpandaConfigPart = "pandaproxy" }} + {{- end }} + {{- $listenerVals := get $values.listeners $listenerName }} + + LISTENER={{ quote (toJson (dict "name" "internal" "address" $internalAdvertiseAddress "port" $listenerVals.port))}} + rpk redpanda config --config "$CONFIG" set {{ $redpandaConfigPart }}.advertised_{{ $listenerAdvertisedName }}_api[0] "$LISTENER" + + {{- if $listenerVals.external }} + {{- $externalCounter := 1 }} + {{- range $externalName, $externalVals := $listenerVals.external }} + + ADVERTISED_{{ upper $listenerName }}_ADDRESSES=() + {{- range $replicaIndex := until ($values.statefulset.replicas | int) }} + + {{- $tmplVals := dict "listenerVals" $listenerVals "externalVals" $externalVals "externalName" $externalName "externalAdvertiseAddress" $externalAdvertiseAddress "values" $values "replicaIndex" $replicaIndex }} + {{- $port := int (include "advertised-port" $tmplVals) }} + {{- $host := tpl (include "advertised-host" (mustMerge $tmplVals (dict "port" $port)) ) $ }} + + PREFIX_TEMPLATE={{ (include "advertised-address-template" (dict "externalVals" $values.external "externalListener" $externalVals)) }} + ADVERTISED_{{ upper $listenerName }}_ADDRESSES+=({{ quote ($host) }}) + {{- end }} + + rpk redpanda config --config "$CONFIG" set {{ $redpandaConfigPart }}.advertised_{{ $listenerAdvertisedName }}_api[{{ $externalCounter }}] "${ADVERTISED_{{ upper $listenerName }}_ADDRESSES[$POD_ORDINAL]}" + + {{- $externalCounter = add $externalCounter 1 }} + {{- end }} + {{- end }} +{{- end }} + {{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }} {{- if .Values.rackAwareness.enabled }} + # Configure Rack Awareness set +x RACK=$(curl --silent --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt --fail -H 'Authorization: Bearer '$(cat /run/secrets/kubernetes.io/serviceaccount/token) "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/nodes/${KUBERNETES_NODE_NAME}?pretty=true" | grep {{ .Values.rackAwareness.nodeAnnotation | quote | squote }} | grep -v '\"key\":' | sed 's/.*": "\([^"]\+\).*/\1/') diff --git a/charts/redpanda/redpanda/templates/servicemonitor.yaml b/charts/redpanda/redpanda/templates/servicemonitor.yaml index aace8929b..cd75372a5 100644 --- a/charts/redpanda/redpanda/templates/servicemonitor.yaml +++ b/charts/redpanda/redpanda/templates/servicemonitor.yaml @@ -34,10 +34,17 @@ spec: - interval: {{ .Values.monitoring.scrapeInterval }} path: /public_metrics targetPort: admin - {{- if .Values.tls.enabled }} + {{- if dig "enableHttp2" "" .Values.monitoring }} + enableHttp2: .Values.monitoring.enableHttp2 + {{- end }} + {{- if or .Values.tls.enabled .Values.monitoring.tlsConfig }} scheme: https tlsConfig: + {{- if dig "tlsConfig" dict .Values.monitoring }} + {{- .Values.monitoring.tlsConfig | toYaml | nindent 6 }} + {{- else }} insecureSkipVerify: true + {{- end}} {{- end }} selector: matchLabels: diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 3c6787e5d..7b760e3dc 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -137,6 +137,11 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + - name: HOST_IP_ADDRESS + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP securityContext: {{ include "container-security-context" . | nindent 12 }} volumeMounts: {{ include "common-mounts" . | nindent 12 }} {{- if dig "initContainers" "configurator" "extraVolumeMounts" false .Values.statefulset -}} @@ -363,33 +368,6 @@ spec: secret: secretName: {{ template "redpanda.fullname" . }}-config-watcher defaultMode: 0o775 -{{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} - affinity: - {{- with .Values.statefulset.nodeAffinity }} - nodeAffinity: {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .Values.statefulset.podAffinity }} - podAffinity: {{- toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.statefulset.podAntiAffinity }} - podAntiAffinity: - {{- if eq .Values.statefulset.podAntiAffinity.type "hard" }} - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: {{ include "statefulset-pod-labels" . | nindent 18 }} - {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} - preferredDuringSchedulingIgnoredDuringExecution: - - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} - podAffinityTerm: - topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} - labelSelector: - matchLabels: {{ include "statefulset-pod-labels" . | nindent 20 }} - {{- else if eq .Values.statefulset.podAntiAffinity.type "custom" }} - {{- toYaml .Values.statefulset.podAntiAffinity.custom | nindent 10 }} - {{- end }} - {{- end }} -{{- end }} {{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} topologySpreadConstraints: {{- range $v := .Values.statefulset.topologySpreadConstraints }} @@ -403,6 +381,9 @@ spec: {{- with ( include "statefulset-nodeSelectors" . ) }} nodeSelector: {{- . | nindent 8 }} {{- end }} +{{- with ( include "statefulset-affinity" . ) }} + affinity: {{- . | nindent 8 }} +{{- end }} {{- if .Values.statefulset.priorityClassName }} priorityClassName: {{ .Values.statefulset.priorityClassName }} {{- end }} diff --git a/charts/redpanda/redpanda/templates/tests/test-connector-via-console.yaml b/charts/redpanda/redpanda/templates/tests/test-connector-via-console.yaml index 9493a3bc7..1575fb374 100644 --- a/charts/redpanda/redpanda/templates/tests/test-connector-via-console.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-connector-via-console.yaml @@ -138,7 +138,7 @@ spec: URL=http://{{ include "console.fullname" $consoleValues }}:{{ include "console.containerPort" $consoleValues }}/api/kafka-connect/clusters/connectors/connectors {{/* outputting to /dev/null because the output contains the user password */}} echo "Creating mm2 connector" - if curl -svm3 --fail --retry 120 --retry-max-time 120 --retry-all-errors -H 'Content-Type: application/json' -o /dev/null "${URL}" -d @/tmp/mm2-conf.json + if curl {{ template "curl-options" . }} -H 'Content-Type: application/json' "${URL}" -d @/tmp/mm2-conf.json then echo "Result successful" else @@ -149,7 +149,7 @@ spec: rpk topic consume source.{{ $testTopic }} -n 1 echo "Destroying mm2 connector" - if curl -svm3 --fail --retry 120 --retry-max-time 120 --retry-all-errors -o /dev/null -X DELETE "${URL}/${CONNECTOR_NAME}" + if curl {{ template "curl-options" . }} -X DELETE "${URL}/${CONNECTOR_NAME}" then echo "Result successful" else diff --git a/charts/redpanda/redpanda/templates/tests/test-console.yaml b/charts/redpanda/redpanda/templates/tests/test-console.yaml index 5b96eb198..656e74ebc 100644 --- a/charts/redpanda/redpanda/templates/tests/test-console.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-console.yaml @@ -42,7 +42,7 @@ spec: - bash - -c - | - curl -svm3 --fail --retry 120 --retry-max-time 120 --retry-all-errors http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster + curl {{ template "curl-options" . }} http://{{ include "redpanda.fullname" . }}-console.{{ .Release.Namespace }}.svc:{{ include "console.containerPort" (dict "Values" .Values.console) }}/api/cluster volumeMounts: {{ include "default-mounts" . | nindent 8 }} securityContext: {{ include "container-security-context" . | nindent 8 }} volumes: {{ include "default-volumes" . | nindent 4 }} diff --git a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml index 3797035b0..38b302353 100644 --- a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-status.yaml @@ -55,13 +55,13 @@ spec: if [[ -n "$old_setting" ]]; then set -x; fi {{- end }} - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ + curl {{ template "curl-options" . }} \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.http.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} http://{{ include "redpanda.servicename" . }}:{{ .Values.listeners.http.port }}/brokers - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ + curl {{ template "curl-options" . }} \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.http.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} diff --git a/charts/redpanda/redpanda/templates/tests/test-prometheus-targets.yaml b/charts/redpanda/redpanda/templates/tests/test-prometheus-targets.yaml index 08f9e7e2b..8b23e2860 100644 --- a/charts/redpanda/redpanda/templates/tests/test-prometheus-targets.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-prometheus-targets.yaml @@ -14,9 +14,6 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{/* - ->>>>>> This test is failing. Re-enable it via https://github.com/redpanda-data/helm-charts/issues/680 <<<<<< {{- if .Values.monitoring.enabled }} apiVersion: v1 @@ -44,11 +41,29 @@ spec: args: - | set -xe + + HEALTHY=$( curl {{ template "curl-options" . }} http://prometheus-operated.prometheus.svc.cluster.local:9090/-/healthy) + if [ $HEALTHY != 200 ]; then + echo "prometheus is not healthy, exiting" + exit 1 + fi + + echo "prometheus is healthy, checking if ready..." + + READY=$( curl {{ template "curl-options" . }} http://prometheus-operated.prometheus.svc.cluster.local:9090/-/ready) + if [ $READY != 200 ]; then + echo "prometheus is not ready, exiting" + exit 1 + fi + + echo "prometheus is ready, requesting target information..." + + curl_prometheus() { # Run the command, and save the exit code # from: https://prometheus.io/docs/prometheus/latest/querying/api/ - local RESULT=$( curl -s --fail --retry "120" --retry-max-time "120" --retry-all-errors http://prometheus-operated.prometheus.svc.cluster.local:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{{ include "redpanda.fullname" . }}/0 | jq '.data.activeTargets[].health | select(. == "up")' | wc -l ) + local RESULT=$( curl {{ template "curl-options" . }} http://prometheus-operated.prometheus.svc.cluster.local:9090/api/v1/targets?scrapePool=serviceMonitor/{{ .Release.Namespace }}/{{ include "redpanda.fullname" . }}/0 | jq '.data.activeTargets[].health | select(. == "up")' | wc -l ) echo $RESULT } @@ -57,7 +72,7 @@ spec: if [ $RESULT == {{ .Values.statefulset.replicas }} ]; then break fi - sleep 2 + sleep 15 done set +x @@ -67,5 +82,3 @@ spec: exit 1 fi {{- end }} - -*/}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml b/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml index 77903dacf..f54d24520 100644 --- a/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-rack-awareness.yaml @@ -40,8 +40,7 @@ spec: - | set -e {{- if and .Values.rackAwareness.enabled (include "redpanda-atleast-22-3-0" . | fromJson).bool }} - curl --silent --fail --retry 120 \ - --retry-max-time 120 --retry-all-errors \ + curl {{ template "curl-options" . }} \ {{- if (include "tls-enabled" . | fromJson).bool }} {{- if (dig "default" "caEnabled" false .Values.tls.certs) }} --cacert "/etc/tls/certs/default/ca.crt" \ diff --git a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml index 1e72b009c..1e33a44ce 100644 --- a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml @@ -19,10 +19,11 @@ limitations under the License. {{- $cert := get .Values.tls.certs $service.tls.cert -}} {{- $root := deepCopy . }} {{- $sasl := .Values.auth.sasl }} + {{- $randNumber := randNumeric 3 }} apiVersion: v1 kind: Pod metadata: - name: {{ include "redpanda.fullname" . }}-test-schemaregistry-internal-tls-status + name: {{ include "redpanda.fullname" . }}-test-sr-internal-tls-status-{{ $randNumber }} namespace: {{ .Release.Namespace | quote }} labels: {{- with include "full.labels" . }} @@ -58,10 +59,48 @@ spec: if [[ -n "$old_setting" ]]; then set -x; fi {{- end }} - set -ex + set -e + + trap reportSchema ERR + + reportSchema () { + echo Retrieving schemas/types + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/types + echo Retrieving schemas/ids/1 + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/ids/1 + echo Retrieving subjects + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects + echo Retrieving subjects?deleted=true + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects?deleted=true + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions?deleted=true + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions?deleted=true + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest?deleted=true + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest?deleted=true + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest/schema + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest/schema + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest/schema?deleted=true + schemaCurlIgnore https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest/schema?deleted=true + echo + } + + + schemaCurlIgnore () { + curl {{ template "curl-options" . }} \ + {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} + -u "${RPK_USER}:${RPK_PASS}" \ + {{- end }} + {{- if $cert.caEnabled }} + --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ + {{- end }} + $* || true + } schemaCurl () { - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors -o - \ + curl {{ template "curl-options" . }} \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u "${RPK_USER}:${RPK_PASS}" \ {{- end }} @@ -75,7 +114,7 @@ spec: schemaCurl https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects echo "Create schema" - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors -o - \ + curl {{ template "curl-options" . }} \ -X POST -H 'Content-Type:application/vnd.schemaregistry.v1+json' \ -d '{"schema": "{\"type\":\"record\",\"name\":\"sensor_sample\",\"fields\":[{\"name\":\"timestamp\",\"type\":\"long\",\"logicalType\":\"timestamp-millis\"},{\"name\":\"identifier\",\"type\":\"string\",\"logicalType\":\"uuid\"},{\"name\":\"value\",\"type\":\"long\"}]}"}' \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} @@ -84,7 +123,7 @@ spec: {{- if $cert.caEnabled }} --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ {{- end }} - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-value/versions + https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions echo "Get schema 1" schemaCurl https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/ids/1 @@ -93,24 +132,24 @@ spec: schemaCurl https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects echo "Delete schema 1" - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors -X DELETE -o - \ + curl {{ template "curl-options" . }} -X DELETE \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} {{- if $cert.caEnabled }} --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ {{- end }} - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-value/versions/1 + https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/1 echo "Delete schema 1 permanently" - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors -X DELETE -o - \ + curl {{ template "curl-options" . }} -X DELETE \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} {{- if $cert.caEnabled }} --cacert /etc/tls/certs/{{ $service.tls.cert }}/ca.crt \ {{- end }} - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-value/versions/1?permanent=true + https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/1?permanent=true volumeMounts: {{ include "default-mounts" . | nindent 8 }} resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} diff --git a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml index 5d7ee92e9..13ec6babb 100644 --- a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-status.yaml @@ -16,10 +16,11 @@ limitations under the License. */}} {{- if and (not (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool) .Values.listeners.schemaRegistry.enabled (include "redpanda-22-2-x-without-sasl" . | fromJson).bool }} {{- $sasl := .Values.auth.sasl }} + {{- $randNumber := randNumeric 3 }} apiVersion: v1 kind: Pod metadata: - name: "{{ include "redpanda.fullname" . }}-test-schemaregistry-status" + name: {{ include "redpanda.fullname" . }}-test-sr-status-{{ $randNumber }} namespace: {{ .Release.Namespace | quote }} labels: {{- with include "full.labels" . }} @@ -55,8 +56,44 @@ spec: if [[ -n "$old_setting" ]]; then set -x; fi {{- end }} + set -e + + trap reportSchema ERR + + reportSchema () { + echo Retrieving schemas/types + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/types + echo Retrieving schemas/ids/1 + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/ids/1 + echo Retrieving subjects + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects + echo Retrieving subjects?deleted=true + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects?deleted=true + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions?deleted=true + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions?deleted=true + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest?deleted=true + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest?deleted=true + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest/schema + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest/schema + echo Retrieving subjects/sensor-{{ $randNumber }}-value/versions/latest/schema?deleted=true + schemaCurlIgnore http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/latest/schema?deleted=true + echo + } + + schemaCurlIgnore () { + curl {{ template "curl-options" . }} \ + {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} + -u "${RPK_USER}:${RPK_PASS}" \ + {{- end }} + $* || true + } + schemaCurl () { - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ + curl {{ template "curl-options" . }} \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} @@ -65,27 +102,34 @@ spec: schemaCurl http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/types - curl -svm3 --fail --retry "120" --retry-max-time "120" --retry-all-errors \ + echo "Get existng schemas" + schemaCurl http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects + + echo "Create schema" + curl {{ template "curl-options" . }} \ -X POST -H 'Content-Type:application/vnd.schemaregistry.v1+json' \ -d '{"schema":"{\"type\":\"record\",\"name\":\"sensor_sample\",\"fields\":[{\"name\":\"timestamp\",\"type\":\"long\",\"logicalType\":\"timestamp-millis\"},{\"name\":\"identifier\",\"type\":\"string\",\"logicalType\":\"uuid\"},{\"name\":\"value\",\"type\":\"long\"}]}"}' \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} - http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-value/versions + http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions + echo "Get schema 1" schemaCurl http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/schemas/ids/1 + echo "Get existng schemas" schemaCurl http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects max_iteration=10 + echo "Delete schema 1" for i in $(seq 1 $max_iteration) do - curl -vv -X DELETE \ + curl {{ template "curl-options" . }} -X DELETE \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} - http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-value/versions/1 + http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/1 result=$? if [[ $result -eq 0 ]] then @@ -102,13 +146,14 @@ spec: echo "All of the trials failed to delete schema!!!" fi + echo "Delete schema 1 permanently" for i in $(seq 1 $max_iteration) do - curl -vv -X DELETE \ + curl {{ template "curl-options" . }} -X DELETE \ {{- if or (include "sasl-enabled" .|fromJson).bool .Values.listeners.schemaRegistry.authenticationMethod }} -u ${RPK_USER}:${RPK_PASS} \ {{- end }} - http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-value/versions/1?permanent=true + http://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects/sensor-{{ $randNumber }}-value/versions/1?permanent=true result=$? if [[ $result -eq 0 ]] then diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 07635975d..a13e4f53d 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -20,6 +20,20 @@ "nodeSelector": { "type": "object" }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object" + }, + "podAffinity": { + "type": "object" + }, + "podAntiAffinity": { + "type": "object" + } + } + }, "tolerations": { "type": "array" }, @@ -236,6 +250,9 @@ "sourceRanges": { "type": "array" }, + "prefixTemplate": { + "type": "string" + }, "annotations": { "type": "object" }, @@ -292,6 +309,9 @@ }, "labels": { "type": "object" + }, + "tlsConfig": { + "type": "object" } } }, @@ -1162,6 +1182,9 @@ "port" ], "properties": { + "prefixTemplate": { + "type": "string" + }, "enabled": { "type": "boolean" }, @@ -1241,6 +1264,9 @@ "port" ], "properties": { + "prefixTemplate": { + "type": "string" + }, "enabled": { "type": "boolean" }, diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 1980dcbfe..f67357b00 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -37,6 +37,10 @@ commonLabels: {} # For details, # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector). nodeSelector: {} +# -- Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. +# For details, +# see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). +affinity: {} # -- Taints to be tolerated by Pods, can override this for StatefulSets. # For details, # see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/). @@ -248,6 +252,7 @@ external: # matching external.addresses + external.domain # externalDns: # enabled: true + # prefixTemplate: "" # -- Log-level settings. logging: @@ -271,6 +276,13 @@ monitoring: enabled: false scrapeInterval: 30s labels: {} + # Enables http2 for scraping metrics for prometheus. Used when Istio's mTLS is enabled and using tlsConfig. + # enableHttp2: true + tlsConfig: {} + # caFile: /etc/prom-certs/root-cert.pem + # certFile: /etc/prom-certs/cert-chain.pem + # insecureSkipVerify: true + # keyFile: /etc/prom-certs/key.pem # -- Pod resource management. # This section simplifies resource allocation @@ -790,6 +802,7 @@ listeners: # enabled: true # -- The port used for external client connections. port: 9094 + # prefixTemplate: "" # -- If undefined, `listeners.kafka.external.default.port` is used. advertisedPorts: - 31092 @@ -845,6 +858,7 @@ listeners: default: # enabled: true port: 8083 + # prefixTemplate: "" advertisedPorts: - 30082 tls: @@ -926,7 +940,7 @@ config: # create_topic_timeout_ms: 2000ms # Timeout (ms) to wait for new topic creation # default_num_windows: 10 # Default number of quota tracking windows # default_window_sec: 1000ms # Default quota tracking window size in milliseconds - # delete_retention_ms: 10080min # delete segments older than this (default 1 week) + # log_retention_ms: 10080min # delete segments older than this (default 1 week) # disable_batch_cache: false # Disable batch cache in log manager # fetch_reads_debounce_timeout: 1ms # Time to wait for next read in fetch request when requested min bytes wasn't reached # fetch_session_eviction_timeout_ms: 60s # Minimum time before which unused session will get evicted from sessions; Maximum time after which inactive session will be deleted is two time given configuration valuecache diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index a688048c1..2d9115238 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.3.485 +appVersion: 1.3.494 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.3.37 +version: 1.3.39 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index da6da41a9..0b3479484 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.37 +### Upgrade to 1.3.39 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.37/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.39/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index da6da41a9..0b3479484 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.37 +### Upgrade to 1.3.39 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.37/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.39/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index 08dbafee2..fb0467643 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.3.485 + tag: v1.3.494 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 605b49d70..e357fd316 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,9 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.16.15 +### New Features +* [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395)) # v1.16.14 ### New Features * [45e2f7a9](https://github.com/sysdiglabs/charts/commit/45e2f7a96c565bfe0687acaacf350e81f94a23bb): release agent 12.16.2 ([#1381](https://github.com/sysdiglabs/charts/issues/1381)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index 78896a263..2e8cffbdf 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: Sysdig catalog.cattle.io/release-name: sysdig apiVersion: v1 -appVersion: 12.16.2 +appVersion: 12.16.3 deprecated: true description: Sysdig Monitor and Secure agent home: https://www.sysdig.com/ @@ -19,4 +19,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.16.14 +version: 1.16.15 diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index 965664103..57dc6a58d 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,5 +1,5 @@ # What's Changed ### New Features -- [45e2f7a9](https://github.com/sysdiglabs/charts/commit/45e2f7a96c565bfe0687acaacf350e81f94a23bb): release agent 12.16.2 ([#1381](https://github.com/sysdiglabs/charts/issues/1381)) -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.23.6...sysdig-1.16.14 +- [9fc9ddd4](https://github.com/sysdiglabs/charts/commit/9fc9ddd48e6cb2c3ea334bfc10048ffc15646fd2): release agent 12.16.3 ([#1395](https://github.com/sysdiglabs/charts/issues/1395)) +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.24.1...sysdig-1.16.15 diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml index 0c2b6d634..c0dd4a173 100644 --- a/charts/sysdig/sysdig/values.yaml +++ b/charts/sysdig/sysdig/values.yaml @@ -7,7 +7,7 @@ image: overrideValue: null registry: quay.io repository: sysdig/agent - tag: 12.16.2 + tag: 12.16.3 # Specify a imagePullPolicy # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/charts/yugabyte/yugabyte/Chart.yaml b/charts/yugabyte/yugabyte/Chart.yaml index b90552f88..97bf978cd 100644 --- a/charts/yugabyte/yugabyte/Chart.yaml +++ b/charts/yugabyte/yugabyte/Chart.yaml @@ -3,18 +3,20 @@ annotations: catalog.cattle.io/display-name: YugabyteDB catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: yugabyte -apiVersion: v1 -appVersion: 2.14.13.0-b13 + charts.openshift.io/name: yugabyte +apiVersion: v2 +appVersion: 2.16.8.0-b16 description: YugabyteDB is the high-performance distributed SQL database for building global, internet-scale apps. home: https://www.yugabyte.com icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 +kubeVersion: '>=1.18-0' maintainers: -- email: ram@yugabyte.com - name: Ram Sri -- email: arnav@yugabyte.com - name: Arnav Agarwal +- email: sanketh@yugabyte.com + name: Sanketh Indarapu +- email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla name: yugabyte sources: - https://github.com/yugabyte/yugabyte-db -version: 2.14.13 +version: 2.16.8 diff --git a/charts/yugabyte/yugabyte/app-readme.md b/charts/yugabyte/yugabyte/app-readme.md index a1cb82a29..2f1292856 100644 --- a/charts/yugabyte/yugabyte/app-readme.md +++ b/charts/yugabyte/yugabyte/app-readme.md @@ -1 +1 @@ -This chart bootstraps an RF3 Yugabyte DB version 2.14.13.0-b13 cluster using the Helm Package Manager. +This chart bootstraps an RF3 YugabyteDB version 2.16.8.0-b16 cluster using the Helm Package Manager. diff --git a/charts/yugabyte/yugabyte/generate_kubeconfig.py b/charts/yugabyte/yugabyte/generate_kubeconfig.py index b974c0f2d..3e2e1d5d7 100644 --- a/charts/yugabyte/yugabyte/generate_kubeconfig.py +++ b/charts/yugabyte/yugabyte/generate_kubeconfig.py @@ -11,84 +11,177 @@ from sys import exit import json import base64 import tempfile +import time +import os.path -def run_command(command_args, namespace=None, as_json=True): - command = ['kubectl'] +def run_command(command_args, namespace=None, as_json=True, log_command=True): + command = ["kubectl"] if namespace: - command.extend(['--namespace', namespace]) + command.extend(["--namespace", namespace]) command.extend(command_args) if as_json: - command.extend(['-o', 'json']) - return json.loads(check_output(command)) + command.extend(["-o", "json"]) + if log_command: + print("Running command: {}".format(" ".join(command))) + output = check_output(command) + if as_json: + return json.loads(output) else: - return check_output(command).decode('utf8') + return output.decode("utf8") -parser = argparse.ArgumentParser(description='Generate KubeConfig with Token') -parser.add_argument('-s', '--service_account', help='Service Account name', required=True) -parser.add_argument('-n', '--namespace', help='Kubernetes namespace', default='kube-system') -parser.add_argument('-c', '--context', help='kubectl context') +def create_sa_token_secret(directory, sa_name, namespace): + """Creates a service account token secret for sa_name in + namespace. Returns the name of the secret created. + + Ref: + https://k8s.io/docs/concepts/configuration/secret/#service-account-token-secrets + + """ + token_secret = { + "apiVersion": "v1", + "data": { + "do-not-delete-used-for-yugabyte-anywhere": "MQ==", + }, + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/service-account.name": sa_name, + }, + "name": sa_name, + }, + "type": "kubernetes.io/service-account-token", + } + token_secret_file_name = os.path.join(directory, "token_secret.yaml") + with open(token_secret_file_name, "w") as token_secret_file: + json.dump(token_secret, token_secret_file) + run_command(["apply", "-f", token_secret_file_name], namespace) + return sa_name + + +def get_secret_data(secret, namespace): + """Returns the secret in JSON format if it has ca.crt and token in + it, else returns None. It retries 3 times with 1 second timeout + for the secret to be populated with this data. + + """ + secret_data = None + num_retries = 5 + timeout = 2 + while True: + secret_json = run_command(["get", "secret", secret], namespace) + if "ca.crt" in secret_json["data"] and "token" in secret_json["data"]: + secret_data = secret_json + break + + num_retries -= 1 + if num_retries == 0: + break + print( + "Secret '{}' is not populated. Sleep {}s, ({} retries left)".format( + secret, timeout, num_retries + ) + ) + time.sleep(timeout) + return secret_data + + +parser = argparse.ArgumentParser(description="Generate KubeConfig with Token") +parser.add_argument("-s", "--service_account", help="Service Account name", required=True) +parser.add_argument("-n", "--namespace", help="Kubernetes namespace", default="kube-system") +parser.add_argument("-c", "--context", help="kubectl context") +parser.add_argument("-o", "--output_file", help="output file path") args = vars(parser.parse_args()) # if the context is not provided we use the current-context -context = args['context'] +context = args["context"] if context is None: - context = run_command(['config', 'current-context'], - args['namespace'], as_json=False) + context = run_command(["config", "current-context"], args["namespace"], as_json=False) -cluster_attrs = run_command(['config', 'get-contexts', context.strip(), - '--no-headers'], args['namespace'], as_json=False) +cluster_attrs = run_command( + ["config", "get-contexts", context.strip(), "--no-headers"], args["namespace"], as_json=False +) cluster_name = cluster_attrs.strip().split()[2] -endpoint = run_command(['config', 'view', '-o', - 'jsonpath="{.clusters[?(@.name =="' + - cluster_name + '")].cluster.server}"'], - args['namespace'], as_json=False) -service_account_info = run_command(['get', 'sa', args['service_account']], - args['namespace']) +endpoint = run_command( + [ + "config", + "view", + "-o", + 'jsonpath="{.clusters[?(@.name =="' + cluster_name + '")].cluster.server}"', + ], + args["namespace"], + as_json=False, +) +service_account_info = run_command(["get", "sa", args["service_account"]], args["namespace"]) + +tmpdir = tempfile.TemporaryDirectory() + +# Get the token and ca.crt from service account secret. +sa_secrets = list() +# Kubernetes 1.22 onwards doesn't create a token secret, so we create +# it ourselves. +if "secrets" not in service_account_info: + token_secret = create_sa_token_secret(tmpdir.name, args["service_account"], args["namespace"]) + sa_secrets.append(token_secret) +else: + # some ServiceAccounts have multiple secrets, and not all them have a + # ca.crt and a token. + sa_secrets = [secret["name"] for secret in service_account_info["secrets"]] -# some ServiceAccounts have multiple secrets, and not all them have a -# ca.crt and a token. -sa_secrets = [secret['name'] for secret in service_account_info['secrets']] secret_data = None for secret in sa_secrets: - secret_json = run_command(['get', 'secret', secret], args['namespace']) - if 'ca.crt' not in secret_json['data'] and 'token' not in secret_json['data']: - continue - secret_data = secret_json + secret_data = get_secret_data(secret, args["namespace"]) + if secret_data is not None: + break if secret_data is None: - exit("No usable secret found for '{}'.".format(args['service_account'])) + exit("No usable secret found for '{}'.".format(args["service_account"])) -context_name = '{}-{}'.format(args['service_account'], cluster_name) -kube_config = '/tmp/{}.conf'.format(args['service_account']) +context_name = "{}-{}".format(args["service_account"], cluster_name) +kube_config = args["output_file"] +if not kube_config: + kube_config = "/tmp/{}.conf".format(args["service_account"]) -with tempfile.NamedTemporaryFile() as ca_crt_file: - ca_crt = base64.b64decode(secret_data['data']['ca.crt']) - ca_crt_file.write(ca_crt) - ca_crt_file.flush() - # create kubeconfig entry - set_cluster_cmd = ['config', 'set-cluster', cluster_name, - '--kubeconfig={}'.format(kube_config), - '--server={}'.format(endpoint.strip('"')), - '--embed-certs=true', - '--certificate-authority={}'.format(ca_crt_file.name)] - run_command(set_cluster_cmd, as_json=False) -user_token = base64.b64decode(secret_data['data']['token']).decode('utf-8') -set_credentials_cmd = ['config', 'set-credentials', context_name, - '--token={}'.format(user_token), - '--kubeconfig={}'.format(kube_config)] -run_command(set_credentials_cmd, as_json=False) +ca_crt_file_name = os.path.join(tmpdir.name, "ca.crt") +ca_crt_file = open(ca_crt_file_name, "wb") +ca_crt_file.write(base64.b64decode(secret_data["data"]["ca.crt"])) +ca_crt_file.close() -set_context_cmd = ['config', 'set-context', context_name, - '--cluster={}'.format(cluster_name), - '--user={}'.format(context_name), - '--kubeconfig={}'.format(kube_config)] +# create kubeconfig entry +set_cluster_cmd = [ + "config", + "set-cluster", + cluster_name, + "--kubeconfig={}".format(kube_config), + "--server={}".format(endpoint.strip('"')), + "--embed-certs=true", + "--certificate-authority={}".format(ca_crt_file_name), +] +run_command(set_cluster_cmd, as_json=False) + +user_token = base64.b64decode(secret_data["data"]["token"]).decode("utf-8") +set_credentials_cmd = [ + "config", + "set-credentials", + context_name, + "--token={}".format(user_token), + "--kubeconfig={}".format(kube_config), +] +run_command(set_credentials_cmd, as_json=False, log_command=False) + +set_context_cmd = [ + "config", + "set-context", + context_name, + "--cluster={}".format(cluster_name), + "--user={}".format(context_name), + "--kubeconfig={}".format(kube_config), +] run_command(set_context_cmd, as_json=False) -use_context_cmd = ['config', 'use-context', context_name, - '--kubeconfig={}'.format(kube_config)] +use_context_cmd = ["config", "use-context", context_name, "--kubeconfig={}".format(kube_config)] run_command(use_context_cmd, as_json=False) print("Generated the kubeconfig file: {}".format(kube_config)) diff --git a/charts/yugabyte/yugabyte/openshift.values.yaml b/charts/yugabyte/yugabyte/openshift.values.yaml new file mode 100644 index 000000000..d2784b23e --- /dev/null +++ b/charts/yugabyte/yugabyte/openshift.values.yaml @@ -0,0 +1,4 @@ +# OCP compatible values for yugabyte + +Image: + repository: "quay.io/yugabyte/yugabyte-ubi" diff --git a/charts/yugabyte/yugabyte/questions.yaml b/charts/yugabyte/yugabyte/questions.yaml index c88fd43c0..6befa49e1 100644 --- a/charts/yugabyte/yugabyte/questions.yaml +++ b/charts/yugabyte/yugabyte/questions.yaml @@ -16,7 +16,7 @@ questions: label: YugabyteDB image repository description: "YugabyteDB image repository" - variable: Image.tag - default: "2.14.1.0-b36" + default: "2.5.1.0-b153" required: true type: string label: YugabyteDB image tag diff --git a/charts/yugabyte/yugabyte/templates/_helpers.tpl b/charts/yugabyte/yugabyte/templates/_helpers.tpl index 27697d799..1d506a432 100644 --- a/charts/yugabyte/yugabyte/templates/_helpers.tpl +++ b/charts/yugabyte/yugabyte/templates/_helpers.tpl @@ -26,7 +26,7 @@ Generate common labels. {{- define "yugabyte.labels" }} heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }} release: {{ .Release.Name | quote }} -chart: {{ .Values.oldNamingStyle | ternary .Chart.Name (include "yugabyte.chart" .) | quote }} +chart: {{ .Chart.Name | quote }} component: {{ .Values.Component | quote }} {{- if .Values.commonLabels}} {{ toYaml .Values.commonLabels }} @@ -116,26 +116,24 @@ Get files from fs data directories for readiness / liveness probes. {{- end -}} -{{/* -Command to do a disk write and sync for liveness probes. -*/}} -{{- define "yugabyte.fs_data_dirs_probe" -}} -echo "disk check at: $(date)" \ - | tee {{ template "yugabyte.fs_data_dirs_probe_files" . }} \ - && sync {{ template "yugabyte.fs_data_dirs_probe_files" . }} -{{- end -}} - - {{/* Generate server FQDN. */}} {{- define "yugabyte.server_fqdn" -}} {{- if (and .Values.istioCompatibility.enabled .Values.multicluster.createServicePerPod) -}} {{- printf "$(HOSTNAME).$(NAMESPACE).svc.%s" .Values.domainName -}} + {{- else if (and .Values.oldNamingStyle .Values.multicluster.createServiceExports) -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s.$(NAMESPACE).svc.clusterset.local" $membershipName .Service.name -}} {{- else if .Values.oldNamingStyle -}} - {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} + {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} {{- else -}} - {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- if .Values.multicluster.createServiceExports -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s-%s.$(NAMESPACE).svc.clusterset.local" $membershipName (include "yugabyte.fullname" .) .Service.name -}} + {{- else -}} + {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- end -}} {{- end -}} {{- end -}} @@ -148,10 +146,17 @@ Generate server broadcast address. {{/* Generate server RPC bind address. + +In case of multi-cluster services (MCS), we set it to $(POD_IP) to +ensure YCQL uses a resolvable address. +See https://github.com/yugabyte/yugabyte-db/issues/16155 */}} {{- define "yugabyte.rpc_bind_address" -}} + {{- $port := index .Service.ports "tcp-rpc-port" -}} {{- if .Values.istioCompatibility.enabled -}} - 0.0.0.0:{{ index .Service.ports "tcp-rpc-port" -}} + 0.0.0.0:{{ $port }} + {{- else if .Values.multicluster.createServiceExports -}} + $(POD_IP):{{ $port }} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} {{- end -}} @@ -168,7 +173,7 @@ Generate server web interface. Generate server CQL proxy bind address. */}} {{- define "yugabyte.cql_proxy_bind_address" -}} - {{- if .Values.istioCompatibility.enabled -}} + {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports -}} 0.0.0.0:{{ index .Service.ports "tcp-yql-port" -}} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} @@ -213,10 +218,10 @@ Compute the maximum number of unavailable pods based on the number of master rep Set consistent issuer name. */}} {{- define "yugabyte.tls_cm_issuer" -}} - {{- if .Values.tls.certManager.useClusterIssuer -}} - {{ .Values.tls.certManager.clusterIssuer }} - {{- else -}} + {{- if .Values.tls.certManager.bootstrapSelfsigned -}} {{ .Values.oldNamingStyle | ternary "yugabyte-selfsigned" (printf "%s-selfsigned" (include "yugabyte.fullname" .)) }} + {{- else -}} + {{ .Values.tls.certManager.useClusterIssuer | ternary .Values.tls.certManager.clusterIssuer .Values.tls.certManager.issuer}} {{- end -}} {{- end -}} diff --git a/charts/yugabyte/yugabyte/templates/certificates.yaml b/charts/yugabyte/yugabyte/templates/certificates.yaml index f8dd4acb5..5c7814de4 100644 --- a/charts/yugabyte/yugabyte/templates/certificates.yaml +++ b/charts/yugabyte/yugabyte/templates/certificates.yaml @@ -1,7 +1,7 @@ {{- $root := . -}} --- {{- if $root.Values.tls.certManager.enabled }} -{{- if not $root.Values.tls.certManager.useClusterIssuer }} +{{- if $root.Values.tls.certManager.bootstrapSelfsigned }} --- apiVersion: cert-manager.io/v1 kind: Issuer @@ -37,13 +37,38 @@ spec: ca: secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-ca" (printf "%s-ca" (include "yugabyte.fullname" $root)) }} --- +{{- else }} +{{/* when bootstrapSelfsigned = false, ie. when using an external CA. +Create a Secret with just the rootCA.cert value and mount into master/tserver pods. +This will be used as a fall back in case the Secret generated by cert-manager does not +have a root ca.crt. This can happen for certain certificate issuers like LetsEncrypt. +*/}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $root | indent 4 }} +type: Opaque +data: + ca.crt: {{ $root.Values.tls.rootCA.cert }} +--- {{- end }} +{{/* +The below Certificate resource will trigger cert-manager to issue crt/key into Secrets. +These secrets are mounted into master/tserver pods. +*/}} {{- range .Values.Services }} {{- $service := . -}} {{- $appLabelArgs := dict "label" .label "root" $root -}} {{- $serviceValues := (dict "Service" $service "Values" $root.Values "Chart" $root.Chart "Release" $root.Release) -}} +{{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} + +{{- if (gt (int $replicas) 0) }} --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -65,18 +90,17 @@ spec: secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" $service.label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) $service.label) }} duration: {{ $root.Values.tls.certManager.certificates.duration | quote }} renewBefore: {{ $root.Values.tls.certManager.certificates.renewBefore | quote }} - commonName: yugabyte-{{ .name }} isCA: false privateKey: algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} encoding: PKCS8 size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always usages: - server auth - client auth # At least one of a DNS Name, URI, or IP address is required. dnsNames: - {{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} {{- range $index := until ( int ( $replicas ) ) }} {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} @@ -87,6 +111,7 @@ spec: ipAddresses: [] --- {{- end }} +{{- end }} --- apiVersion: cert-manager.io/v1 @@ -114,6 +139,7 @@ spec: algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} encoding: PKCS8 size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always usages: - client auth dnsNames: [] diff --git a/charts/yugabyte/yugabyte/templates/multicluster-common-tserver-service.yaml b/charts/yugabyte/yugabyte/templates/multicluster/common-tserver-service.yaml similarity index 100% rename from charts/yugabyte/yugabyte/templates/multicluster-common-tserver-service.yaml rename to charts/yugabyte/yugabyte/templates/multicluster/common-tserver-service.yaml diff --git a/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml b/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml new file mode 100644 index 000000000..eeafcb1bb --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/multicluster/mcs-service-export.yaml @@ -0,0 +1,21 @@ +{{- /* + Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + https://github.com/kubernetes/enhancements/tree/master/keps/sig-multicluster/1645-multi-cluster-services-api#exporting-services +*/}} +{{- if .Values.multicluster.createServiceExports }} +apiVersion: {{ .Values.multicluster.mcsApiVersion }} +kind: ServiceExport +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-masters" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-masters") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +--- +apiVersion: {{ .Values.multicluster.mcsApiVersion }} +kind: ServiceExport +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-tservers" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-tservers") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +{{ end -}} diff --git a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml b/charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml similarity index 96% rename from charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml rename to charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml index a26b39018..681231e29 100644 --- a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml +++ b/charts/yugabyte/yugabyte/templates/multicluster/service-per-pod.yaml @@ -11,6 +11,7 @@ metadata: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} {{- include "yugabyte.labels" $ | indent 4 }} + service-type: "non-endpoint" spec: ports: {{- range $label, $port := $server.ports }} diff --git a/charts/yugabyte/yugabyte/templates/service.yaml b/charts/yugabyte/yugabyte/templates/service.yaml index f44ece98d..8983707f6 100644 --- a/charts/yugabyte/yugabyte/templates/service.yaml +++ b/charts/yugabyte/yugabyte/templates/service.yaml @@ -46,10 +46,27 @@ data: {{- range $index := until ( int ( $replicas ) ) }} {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} + +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $nodeOldStyle = printf "%s-%d.%s.%s.%s.svc.clusterset.local" $service.label $index $root.Values.multicluster.kubernetesClusterId $service.name $root.Release.Namespace }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.%s-%s.%s.svc.clusterset.local" (include "yugabyte.fullname" $root) $service.label $index $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- end -}} + +{{- if (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod) -}} + {{- $nodeOldStyle = printf "%s-%d.%s.svc.%s" $service.label $index $root.Release.Namespace $root.Values.domainName }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index $root.Release.Namespace $root.Values.domainName }} +{{- end -}} + {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} {{- if $root.Values.tls.rootCA.key }} {{- $dns1 := printf "*.*.%s" $root.Release.Namespace }} {{- $dns2 := printf "%s.svc.%s" $dns1 $root.Values.domainName }} +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $dns1 = printf "*.*.*.%s.svc.clusterset.local" $root.Release.Namespace }} +{{- end -}} +{{- if (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod) -}} + {{- $dns1 = printf "*.%s.svc.%s" $root.Release.Namespace $root.Values.domainName }} +{{- end -}} {{- $rootCA := buildCustomCert $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key -}} {{- $server := genSignedCert $node ( default nil ) (list $dns1 $dns2 ) 3650 $rootCA }} node.{{$node}}.crt: {{ $server.Cert | b64enc }} @@ -94,6 +111,7 @@ metadata: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} {{- include "yugabyte.labels" $root | indent 4 }} + service-type: "endpoint" spec: {{ if eq $root.Release.Service "Tiller" }} clusterIP: @@ -197,6 +215,9 @@ spec: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 8 }} {{- include "yugabyte.labels" $root | indent 8 }} + {{- if $root.Values.istioCompatibility.enabled }} + sidecar.istio.io/inject: "true" + {{- end }} {{- if eq .name "yb-masters" }} {{- with $root.Values.master.podLabels }}{{ toYaml . | nindent 8 }}{{ end }} {{- else }} @@ -214,7 +235,6 @@ spec: nodeSelector: {{ toYaml $root.Values.nodeSelector | indent 8 }} {{- end }} - terminationGracePeriodSeconds: 300 {{- if eq .name "yb-masters" }} # yb-masters {{- if $root.Values.master.tolerations }} tolerations: @@ -226,6 +246,7 @@ spec: {{- with $root.Values.tserver.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} {{- end }} {{- end }} + terminationGracePeriodSeconds: 300 affinity: # Set the anti-affinity selector scope to YB masters. {{ if $root.Values.AZ }} @@ -293,13 +314,8 @@ spec: exec: command: - bash - - -v - -c - - | - {{- include "yugabyte.fs_data_dirs_probe" $storageInfo | nindent 14 }}; - exit_code="$?"; - echo "disk check exited with: ${exit_code}"; - exit "${exit_code}" + - touch {{ template "yugabyte.fs_data_dirs_probe_files" $storageInfo }} failureThreshold: 3 periodSeconds: 10 successThreshold: 1 @@ -355,7 +371,7 @@ spec: fi && \ {{- end }} {{- if (and (not $root.Values.storage.ephemeral) (not $root.Values.preflight.skipAll)) }} - {{- include "yugabyte.fs_data_dirs_probe" $storageInfo | nindent 12 }} && \ + touch {{ template "yugabyte.fs_data_dirs_probe_files" $storageInfo }} && \ {{- end }} {{- $rpcAddr := include "yugabyte.rpc_bind_address" $serviceValues -}} {{- $rpcPort := index $service.ports "tcp-rpc-port" -}} @@ -363,10 +379,13 @@ spec: {{- $rpcPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $rpcDict) -}} {{- if $rpcPreflight -}}{{ $rpcPreflight | nindent 12 }}{{ end -}} {{- $broadcastAddr := include "yugabyte.server_broadcast_address" $serviceValues -}} - {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} - {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} - {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} - {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{/* skip bind check for Istio multi-cluster, we cannot/don't bind to service IP */}} + {{- if (not (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod)) }} + {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} + {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} + {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} + {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{- end }} {{- $webserverAddr := include "yugabyte.webserver_interface" $serviceValues -}} {{- $webserverPort := index $service.ports "http-ui" -}} {{- $webserverDict := dict "Addr" $webserverAddr "Port" $webserverPort -}} @@ -377,6 +396,25 @@ spec: else k8s_parent="" fi && \ + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + echo "Creating ephemeral /opt/certs/yugabyte/ as symlink to persisted /mnt/disk0/certs/" && \ + mkdir -p /mnt/disk0/certs && \ + mkdir -p /opt/certs && \ + ln -s /mnt/disk0/certs /opt/certs/yugabyte && \ + if [[ ! -f /opt/certs/yugabyte/ca.crt ]]; then + echo "Fresh install of /opt/certs/yugabyte/ca.crt" + cp /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt; + fi && \ + cmp -s /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt;sameRootCA=$? && \ + if [[ $sameRootCA -eq 0 ]]; then + echo "Refreshing tls certs at /opt/certs/yugabyte/"; + cp /home/yugabyte/cert-manager/tls.crt /opt/certs/yugabyte/node.{{$rpcAddr}}.crt; + cp /home/yugabyte/cert-manager/tls.key /opt/certs/yugabyte/node.{{$rpcAddr}}.key; + chmod 600 /opt/certs/yugabyte/* + else + echo "WARNING: Not refreshing certificates as the root ca.crt has changed" + fi && \ + {{- end }} {{- if eq .name "yb-masters" }} exec ${k8s_parent} /home/yugabyte/bin/yb-master \ {{- if not $root.Values.storage.ephemeral }} @@ -492,7 +530,7 @@ spec: {{- end }} {{- if $root.Values.tls.enabled }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} - mountPath: /opt/certs/yugabyte + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} readOnly: true - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} mountPath: /root/.yugabytedb/ @@ -542,25 +580,24 @@ spec: {{- end }} {{- end }} {{- if $root.Values.tls.enabled }} + {{- if $root.Values.tls.certManager.enabled }} + {{- /* certManager enabled */}} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + projected: + sources: + {{- if not $root.Values.tls.certManager.bootstrapSelfsigned }} + - secret: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + {{- end }} + - secret: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + {{- else }} + {{/* certManager disabled */}} - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} secret: secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} - {{- if $root.Values.tls.certManager.enabled }} - items: - {{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} - {{- range $index := until ( int ( $replicas ) ) }} - {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} - {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} - {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} - - key: tls.crt - path: node.{{$node}}.crt - - key: tls.key - path: node.{{$node}}.key - {{- end }} - - key: ca.crt - path: ca.crt - {{- end }} defaultMode: 256 + {{- end }} - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} secret: secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} diff --git a/charts/yugabyte/yugabyte/values.yaml b/charts/yugabyte/yugabyte/values.yaml index f1984e3e0..bcd4aa243 100644 --- a/charts/yugabyte/yugabyte/values.yaml +++ b/charts/yugabyte/yugabyte/values.yaml @@ -2,10 +2,15 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. Component: "yugabytedb" + +fullnameOverride: "" +nameOverride: "" + Image: repository: "yugabytedb/yugabyte" - tag: 2.14.13.0-b13 + tag: 2.16.8.0-b16 pullPolicy: IfNotPresent + pullSecretName: "" storage: ephemeral: false # will not allocate PVs when true @@ -21,27 +26,38 @@ storage: resource: master: requests: - cpu: 2 + cpu: "2" memory: 2Gi limits: - cpu: 2 + cpu: "2" memory: 2Gi tserver: requests: - cpu: 2 + cpu: "2" memory: 4Gi limits: - cpu: 2 + cpu: "2" memory: 4Gi replicas: master: 3 tserver: 3 + ## Used to set replication factor when isMultiAz is set to true + totalMasters: 3 partition: master: 0 tserver: 0 +# Used in Multi-AZ setup +masterAddresses: "" + +isMultiAz: false +AZ: "" + +# Disable the YSQL +disableYsql: false + tls: # Set to true to enable the TLS. enabled: false @@ -52,10 +68,14 @@ tls: # Set enabled to true to use cert-manager instead of providing your own rootCA certManager: enabled: false - # Will create own ca certificate and issuer when set to false + # Will create own ca certificate and issuer when set to true + bootstrapSelfsigned: true + # Use ClusterIssuer when set to true, otherwise use Issuer useClusterIssuer: false - # ignored when useClusterIssuer is false + # Name of ClusterIssuer to use when useClusterIssuer is true clusterIssuer: cluster-ca + # Name of Issuer to use when useClusterIssuer is false + issuer: yugabyte-ca certificates: # The lifetime before cert-manager will issue a new certificate. # The re-issued certificates will not be automatically reloaded by the service. @@ -67,10 +87,14 @@ tls: # Or 256, 384 or 521 for ECDSA keySize: 521 - # Will be ignored when certManager.enabled=true + ## When certManager.enabled=false, rootCA.cert and rootCA.key are used to generate TLS certs. + ## When certManager.enabled=true and boostrapSelfsigned=true, rootCA is ignored. + ## When certManager.enabled=true and bootstrapSelfsigned=false, only rootCA.cert is used + ## to verify TLS certs generated and signed by the external provider. rootCA: cert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2VENDQWRHZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0WmRXZGgKWW5sMFpTQkVRakFlRncweE9UQXlNRGd3TURRd01qSmFGdzB5T1RBeU1EVXdNRFF3TWpKYU1CWXhGREFTQmdOVgpCQU1UQzFsMVoyRmllWFJsSUVSQ01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCnVOMWF1aWc4b2pVMHM0OXF3QXhrT2FCaHkwcTlyaVg2akVyZWJyTHJOWDJOeHdWQmNVcWJkUlhVc3VZNS96RUQKUC9CZTNkcTFuMm9EQ2ZGVEwweGkyNFdNZExRcnJBMndCdzFtNHM1WmQzcEJ1U04yWHJkVVhkeUx6dUxlczJNbgovckJxcWRscXp6LzAyTk9TOE9SVFZCUVRTQTBSOFNMQ1RjSGxMQmRkMmdxZ1ZmemVXRlVObXhWQ2EwcHA5UENuCmpUamJJRzhJWkh5dnBkTyt3aURQM1Y1a1ZEaTkvbEtUaGUzcTFOeDg5VUNFcnRJa1pjSkYvWEs3aE90MU1sOXMKWDYzb2lVMTE1Q2svbGFGRjR6dWgrZk9VenpOVXRXeTc2RE92cm5pVGlaU0tQZDBBODNNa2l2N2VHaDVkV3owWgpsKzJ2a3dkZHJaRzVlaHhvbGhGS3pRSURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsCkJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dFQkFEQjVRbmlYd1ptdk52eG5VbS9sTTVFbms3VmhTUzRUZldIMHY4Q0srZWZMSVBTbwpVTkdLNXU5UzNEUWlvaU9SN1Vmc2YrRnk1QXljMmNUY1M2UXBxTCt0V1QrU1VITXNJNk9oQ05pQ1gvQjNKWERPCkd2R0RIQzBVOHo3aWJTcW5zQ2Rid05kajAyM0lwMHVqNE9DVHJ3azZjd0RBeXlwVWkwN2tkd28xYWJIWExqTnAKamVQMkwrY0hkc2dKM1N4WWpkK1kvei9IdmFrZG1RZDJTL1l2V0R3aU1SRDkrYmZXWkJVRHo3Y0QyQkxEVmU0aAp1bkFaK3NyelR2Sjd5dkVodzlHSDFyajd4Qm9VNjB5SUUrYSszK2xWSEs4WnBSV0NXMnh2eWNrYXJSKytPS2NKClFsL04wWExqNWJRUDVoUzdhOTdhQktTamNqY3E5VzNGcnhJa2tKST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdU4xYXVpZzhvalUwczQ5cXdBeGtPYUJoeTBxOXJpWDZqRXJlYnJMck5YMk54d1ZCCmNVcWJkUlhVc3VZNS96RURQL0JlM2RxMW4yb0RDZkZUTDB4aTI0V01kTFFyckEyd0J3MW00czVaZDNwQnVTTjIKWHJkVVhkeUx6dUxlczJNbi9yQnFxZGxxenovMDJOT1M4T1JUVkJRVFNBMFI4U0xDVGNIbExCZGQyZ3FnVmZ6ZQpXRlVObXhWQ2EwcHA5UENualRqYklHOElaSHl2cGRPK3dpRFAzVjVrVkRpOS9sS1RoZTNxMU54ODlVQ0VydElrClpjSkYvWEs3aE90MU1sOXNYNjNvaVUxMTVDay9sYUZGNHp1aCtmT1V6ek5VdFd5NzZET3ZybmlUaVpTS1BkMEEKODNNa2l2N2VHaDVkV3owWmwrMnZrd2RkclpHNWVoeG9saEZLelFJREFRQUJBb0lCQUJsdW1tU3gxR1djWER1Mwpwei8wZEhWWkV4c2NsU3U0SGRmZkZPcTF3cFlCUjlmeGFTZGsxQzR2YXF1UjhMaWl6WWVtVWViRGgraitkSnlSCmpwZ2JNaDV4S1BtRkw5empwU3ZUTkN4UHB3OUF5bm5sM3dyNHZhcU1CTS9aZGpuSGttRC9kQzBadEEvL0JIZ3YKNHk4d3VpWCsvUWdVaER0Z1JNcmR1ZUZ1OVlKaFo5UE9jYXkzSkkzMFhEYjdJSS9vNFNhYnhTcFI3bTg5WjY0NwpUb3hsOEhTSzl0SUQxbkl1bHVpTmx1dHI1RzdDdE93WTBSc2N5dmZ2elg4a1d2akpLZVJVbmhMSCtXVFZOaExICjdZc0tMNmlLa1NkckMzeWVPWnV4R0pEbVdrZVgxTzNPRUVGYkc4TjVEaGNqL0lXbDh1dGt3LzYwTEthNHBCS2cKTXhtNEx3RUNnWUVBNnlPRkhNY2pncHYxLzlHZC8yb3c2YmZKcTFjM1dqQkV2cnM2ZXNyMzgrU3UvdVFneXJNcAo5V01oZElpb2dYZjVlNjV5ZlIzYVBXcjJJdWMxZ0RUNlYycDZFR2h0NysyQkF1YkIzczloZisycVNRY1lkS3pmCnJOTDdKalE4ZEVGZWdYd041cHhKOTRTTVFZNEI4Qm9hOHNJWTd3TzU4dHpVMjZoclVnanFXQ1VDZ1lFQXlVUUIKNzViWlh6MGJ5cEc5NjNwYVp0bGlJY0cvUk1XMnVPOE9rVFNYSGdDSjBob25uRm5IMGZOc1pGTHdFWEtnTTRORworU3ZNbWtUekE5eVVSMHpIMFJ4UW44L1YzVWZLT2k5RktFeWx6NzNiRkV6ZW1QSEppQm12NWQ4ZTlOenZmU0E0CkdpRTYrYnFyV3VVWWRoRWlYTnY1SFNPZ3I4bUx1TzJDbGlmNTg0a0NnWUFlZzlDTmlJWmlOODAzOHNNWFYzZWIKalI5ZDNnYXY3SjJ2UnVyeTdvNDVGNDlpUXNiQ3AzZWxnY1RnczY5eWhkaFpwYXp6OGNEVndhREpyTW16cHF4cQpWY1liaFFIblppSWM5MGRubS9BaVF2eWJWNUZqNnQ5b05VVWtreGpaV1haalJXOGtZMW55QmtDUmJWVnhER0k4CjZOV0ZoeTFGaUVVVGNJcms3WVZFQlFLQmdRREpHTVIrYWRFamtlRlUwNjVadkZUYmN0VFVPY3dzb1Foalc2akkKZVMyTThxakNYeE80NnhQMnVTeFNTWFJKV3FpckQ3NDRkUVRvRjRCaEdXS21veGI3M3pqSGxWaHcwcXhDMnJ4VQorZENxODE0VXVJR3BlOTBMdWU3QTFlRU9kRHB1WVdUczVzc1FmdTE3MG5CUWQrcEhzaHNFZkhhdmJjZkhyTGpQCjQzMmhVUUtCZ1FDZ3hMZG5Pd2JMaHZLVkhhdTdPVXQxbGpUT240SnB5bHpnb3hFRXpzaDhDK0ZKUUQ1bkFxZXEKZUpWSkNCd2VkallBSDR6MUV3cHJjWnJIN3IyUTBqT2ZFallwU1dkZGxXaWh4OTNYODZ0aG83UzJuUlYrN1hNcQpPVW9ZcVZ1WGlGMWdMM1NGeHZqMHhxV3l0d0NPTW5DZGFCb0M0Tkw3enJtL0lZOEUwSkw2MkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" + ## When tls.certManager.enabled=false ## nodeCert and clientCert will be used only when rootCA.key is empty. ## Will be ignored and genSignedCert will be used to generate ## node and client certs if rootCA.key is provided. @@ -85,33 +109,35 @@ tls: gflags: master: default_memory_limit_to_ram_ratio: 0.85 -# tserver: + tserver: {} # use_cassandra_authentication: false PodManagementPolicy: Parallel enableLoadBalancer: true -isMultiAz: false - domainName: "cluster.local" serviceEndpoints: - name: "yb-master-ui" type: LoadBalancer + annotations: {} + clusterIP: "" ## Sets the Service's externalTrafficPolicy - # externalTrafficPolicy: "" + externalTrafficPolicy: "" app: "yb-master" - # loadBalancerIP: "" + loadBalancerIP: "" ports: http-ui: "7000" - name: "yb-tserver-service" type: LoadBalancer + annotations: {} + clusterIP: "" ## Sets the Service's externalTrafficPolicy - # externalTrafficPolicy: "" + externalTrafficPolicy: "" app: "yb-tserver" - # loadBalancerIP: "" + loadBalancerIP: "" ports: tcp-yql-port: "9042" tcp-yedis-port: "6379" @@ -139,7 +165,8 @@ Services: http-yedis-met: "11000" http-ysql-met: "13000" -## Should be set to true only if Istio is being used. +## Should be set to true only if Istio is being used. This also adds +## the Istio sidecar injection labels to the pods. ## TODO: remove this once ## https://github.com/yugabyte/yugabyte-db/issues/5641 is fixed. ## @@ -156,6 +183,22 @@ multicluster: ## failover. Useful when using new naming style. createCommonTserverService: false + ## Enable it to deploy YugabyteDB in a multi-cluster services enabled + ## Kubernetes cluster (KEP-1645). This will create ServiceExport. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + ## You can use this gist for the reference to deploy the YugabyteDB in a multi-cluster scenario. + ## Gist - https://gist.github.com/baba230896/78cc9bb6f4ba0b3d0e611cd49ed201bf + createServiceExports: false + + ## Mandatory variable when createServiceExports is set to true. + ## Use: In case of GKE, you need to pass GKE Hub Membership Name. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#enabling + kubernetesClusterId: "" + + ## mcsApiVersion is used for the MCS resources created by the + ## chart. Set to net.gke.io/v1 when using GKE MCS. + mcsApiVersion: "multicluster.x-k8s.io/v1alpha1" + serviceMonitor: ## If true, two ServiceMonitor CRs are created. One for yb-master ## and one for yb-tserver @@ -231,6 +274,10 @@ affinity: {} statefulSetAnnotations: {} +networkAnnotation: {} + +commonLabels: {} + master: ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#affinity-v1-core ## This might override the default affinity from service.yaml diff --git a/charts/yugabyte/yugaware/Chart.yaml b/charts/yugabyte/yugaware/Chart.yaml index 9c6b083f3..8fd888c1b 100644 --- a/charts/yugabyte/yugaware/Chart.yaml +++ b/charts/yugabyte/yugaware/Chart.yaml @@ -3,15 +3,20 @@ annotations: catalog.cattle.io/display-name: YugabyteDB Anywhere catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: yugaware -apiVersion: v1 -appVersion: 2.14.13.0-b13 -description: YugaWare is YugaByte Database's Orchestration and Management console. + charts.openshift.io/name: yugaware +apiVersion: v2 +appVersion: 2.16.8.0-b16 +description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB cluster + with multiple pods provided by Kubernetes or OpenShift and logically grouped together + to form one logical distributed database. home: https://www.yugabyte.com icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 +kubeVersion: '>=1.18-0' maintainers: -- email: ram@yugabyte.com - name: Ram Sri -- email: arnav@yugabyte.com - name: Arnav Agarwal +- email: sanketh@yugabyte.com + name: Sanketh Indarapu +- email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla name: yugaware -version: 2.14.13 +version: 2.16.8 diff --git a/charts/yugabyte/yugaware/README.md b/charts/yugabyte/yugaware/README.md index fa27ce3e0..0d190c0be 100644 --- a/charts/yugabyte/yugaware/README.md +++ b/charts/yugabyte/yugaware/README.md @@ -1,5 +1,7 @@ YugabyteDB Anywhere gives you the simplicity and support to deliver a private database-as-a-service (DBaaS) at scale. Use YugabyteDB Anywhere to deploy YugabyteDB across any cloud anywhere in the world with a few clicks, simplify day 2 operations through automation, and get the services needed to realize business outcomes with the database. -YugabyteDB Anywhere can be deployed using this helm chart. Detailed documentation is available at +YugabyteDB Anywhere can be deployed using this Helm chart. Detailed documentation is available at: +- [Install YugabyteDB Anywhere software - Kubernetes](https://docs.yugabyte.com/preview/yugabyte-platform/install-yugabyte-platform/install-software/kubernetes/) +- [Install YugabyteDB Anywhere software - OpenShift (Helm based)](https://docs.yugabyte.com/preview/yugabyte-platform/install-yugabyte-platform/install-software/openshift/#helm-based-installation) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/yugabyte)](https://artifacthub.io/packages/search?repo=yugabyte) diff --git a/charts/yugabyte/yugaware/openshift.values.yaml b/charts/yugabyte/yugaware/openshift.values.yaml new file mode 100644 index 000000000..22ae952b0 --- /dev/null +++ b/charts/yugabyte/yugaware/openshift.values.yaml @@ -0,0 +1,26 @@ +# OCP compatible values for yugaware + +image: + + repository: quay.io/yugabyte/yugaware-ubi + + postgres: + registry: registry.redhat.io + tag: 1-88.1661531722 + name: rhscl/postgresql-13-rhel7 + + prometheus: + registry: registry.redhat.io + tag: v4.11.0 + name: openshift4/ose-prometheus + + nginx: + registry: registry.access.redhat.com + tag: 1-60.1665590917 + name: ubi8/nginx-120 + +rbac: + create: false + +ocpCompatibility: + enabled: true \ No newline at end of file diff --git a/charts/yugabyte/yugaware/questions.yaml b/charts/yugabyte/yugaware/questions.yaml index 0f2a48dd3..904b9cf75 100644 --- a/charts/yugabyte/yugaware/questions.yaml +++ b/charts/yugabyte/yugaware/questions.yaml @@ -15,7 +15,7 @@ questions: label: Yugabyte Platform image repository description: "Yugabyte Platform image repository" - variable: image.tag - default: "2.14.1.0-b36" + default: "2.5.1.0-b153" required: false type: string label: Yugabyte Platform image tag diff --git a/charts/yugabyte/yugaware/templates/configs.yaml b/charts/yugabyte/yugaware/templates/configs.yaml index 76b2f80cf..1c7454945 100644 --- a/charts/yugabyte/yugaware/templates/configs.yaml +++ b/charts/yugabyte/yugaware/templates/configs.yaml @@ -86,6 +86,8 @@ data: kubernetes.storageClass = "{{ .Values.yugaware.storageClass }}" kubernetes.pullSecretName = "{{ .Values.image.pullSecret }}" url = "https://{{ .Values.tls.hostname }}" + # GKE MCS takes 7 to 10 minutes to setup DNS + wait_for_server_timeout = 15 minutes } play.filters { @@ -161,7 +163,7 @@ data: listen {{ eq .Values.ip_version_support "v6_only" | ternary "[::]:8080" "8080" }}; server_name {{ .Values.tls.hostname }}; return 301 https://$host$request_uri; - } + } {{- end }} server { @@ -180,7 +182,7 @@ data: {{- end }} proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; @@ -199,6 +201,7 @@ data: } } --- +{{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} apiVersion: v1 kind: ConfigMap metadata: @@ -224,6 +227,7 @@ data: docker-upgrade pg_upgrade | tee -a /pg_upgrade_logs/pg_upgrade_11_to_14.log; echo "host all all all scram-sha-256" >> "${PGDATANEW}/pg_hba.conf"; fi +{{- end }} --- apiVersion: v1 kind: ConfigMap @@ -252,6 +256,8 @@ data: uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; + proxy_read_timeout {{ .Values.nginx.proxyReadTimeoutSec }}; + include /etc/nginx/mime.types; default_type application/octet-stream; diff --git a/charts/yugabyte/yugaware/templates/global-config.yaml b/charts/yugabyte/yugaware/templates/global-config.yaml index 925e1bbb7..4d7f54f45 100644 --- a/charts/yugabyte/yugaware/templates/global-config.yaml +++ b/charts/yugabyte/yugaware/templates/global-config.yaml @@ -16,8 +16,8 @@ data: postgres_user: {{ .Values.postgres.external.user | b64enc | quote }} postgres_password: {{ .Values.postgres.external.pass | b64enc | quote }} {{- else }} - postgres_db: {{ "yugaware" | b64enc | quote }} - postgres_user: {{ "postgres" | b64enc | quote }} + postgres_db: {{ .Values.postgres.dbname | b64enc | quote }} + postgres_user: {{ .Values.postgres.user | b64enc | quote }} postgres_password: {{ include "getOrGeneratePasswordConfigMapToSecret" (dict "Namespace" .Release.Namespace "Name" (printf "%s%s" .Release.Name "-yugaware-global-config") "Key" "postgres_password") | quote }} {{- end }} app_secret: {{ randAlphaNum 64 | b64enc | b64enc | quote }} diff --git a/charts/yugabyte/yugaware/templates/rbac.yaml b/charts/yugabyte/yugaware/templates/rbac.yaml index 907f9e1ce..a445885f5 100644 --- a/charts/yugabyte/yugaware/templates/rbac.yaml +++ b/charts/yugabyte/yugaware/templates/rbac.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.yugaware.serviceAccount }} apiVersion: v1 kind: ServiceAccount metadata: @@ -10,6 +11,7 @@ metadata: annotations: {{ toYaml .Values.yugaware.serviceAccountAnnotations | indent 4 }} {{- end }} +{{ end }} {{- if .Values.rbac.create }} {{- if .Values.ocpCompatibility.enabled }} --- @@ -21,7 +23,7 @@ metadata: app: yugaware subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ .Values.yugaware.serviceAccount | default .Release.Name }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole @@ -77,7 +79,7 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount - name: {{ .Release.Name }} + name: {{ .Values.yugaware.serviceAccount | default .Release.Name }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole diff --git a/charts/yugabyte/yugaware/templates/service.yaml b/charts/yugabyte/yugaware/templates/service.yaml index 8b93d84cb..fa25427d9 100644 --- a/charts/yugabyte/yugaware/templates/service.yaml +++ b/charts/yugabyte/yugaware/templates/service.yaml @@ -40,6 +40,10 @@ spec: {{- if and (eq .Values.yugaware.service.type "LoadBalancer") (.Values.yugaware.service.ip) }} loadBalancerIP: "{{ .Values.yugaware.service.ip }}" {{- end }} + {{- if .Values.yugaware.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml .Values.yugaware.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} {{- end }} {{- if .Values.yugaware.serviceMonitor.enabled }} --- diff --git a/charts/yugabyte/yugaware/templates/statefulset.yaml b/charts/yugabyte/yugaware/templates/statefulset.yaml index 33a260ada..c6c824ff7 100644 --- a/charts/yugabyte/yugaware/templates/statefulset.yaml +++ b/charts/yugabyte/yugaware/templates/statefulset.yaml @@ -25,8 +25,11 @@ spec: {{- end }} labels: app: {{ .Release.Name }}-yugaware +{{- if .Values.yugaware.pod.labels }} +{{ toYaml .Values.yugaware.pod.labels | indent 8 }} +{{- end }} spec: - serviceAccountName: {{ .Release.Name }} + serviceAccountName: {{ .Values.yugaware.serviceAccount | default .Release.Name }} imagePullSecrets: - name: {{ .Values.image.pullSecret }} {{- if .Values.securityContext.enabled }} @@ -36,6 +39,30 @@ spec: fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8}} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- with .Values.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- end }} + {{- if .Values.zoneAffinity }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: +{{ toYaml .Values.zoneAffinity | indent 18 }} + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: +{{ toYaml .Values.zoneAffinity | indent 18 }} + {{- end }} volumes: - name: yugaware-storage persistentVolumeClaim: @@ -93,12 +120,14 @@ spec: secret: secretName: {{ .Release.Name }}-yugaware-prometheus-remote-write-tls {{- end }} + {{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} - name: pg-upgrade-11-to-14 configMap: name: {{ .Release.Name }}-yugaware-pg-upgrade items: - key: pg-upgrade-11-to-14.sh path: pg-upgrade-11-to-14.sh + {{- end }} initContainers: - image: {{ include "full_yugaware_image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -129,6 +158,7 @@ spec: - name: init-container-script mountPath: /init-container {{- end }} + {{- if not (and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io")) }} - image: {{ include "full_image" (dict "containerName" "postgres-upgrade" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} name: postgres-upgrade @@ -161,12 +191,18 @@ spec: - name: yugaware-storage mountPath: /pg_upgrade_logs subPath: postgres_data_14 + {{- end }} containers: {{ if not .Values.postgres.external.host }} - name: postgres image: {{ include "full_image" (dict "containerName" "postgres" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} - args: ["-c", "huge_pages=off"] + args: + {{- if and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io") }} + - "run-postgresql" + {{- end }} + - "-c" + - "huge_pages=off" env: - name: POSTGRES_USER valueFrom: @@ -183,8 +219,37 @@ spec: secretKeyRef: name: {{ .Release.Name }}-yugaware-global-config key: postgres_db + {{- if and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io") }} + # Hardcoded the POSTGRESQL_USER because it's mandatory env var in RH PG image + # It doesn't have access to create the DB, so YBA fails to create the perf_advisor DB. + # Need to use admin user of RH PG image (postgres) + # Changing the user name won't be possible moving forward for OpenShift certified chart + - name: POSTGRESQL_USER + value: pg-yba + # valueFrom: + # secretKeyRef: + # name: {{ .Release.Name }}-yugaware-global-config + # key: postgres_user + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_password + - name: POSTGRESQL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_password + - name: POSTGRESQL_DATABASE + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_db + {{- else }} + # The RH Postgres image doesn't allow this directory to be changed. - name: PGDATA value: /var/lib/postgresql/data/pgdata + {{- end }} ports: - containerPort: 5432 name: postgres @@ -196,8 +261,13 @@ spec: volumeMounts: - name: yugaware-storage + {{- if and (.Values.ocpCompatibility.enabled) (eq .Values.image.postgres.registry "registry.redhat.io") }} + mountPath: /var/lib/pgsql/data + subPath: postgres_data_13 + {{- else }} mountPath: /var/lib/postgresql/data subPath: postgres_data_14 + {{- end }} {{ end }} - name: prometheus image: {{ include "full_image" (dict "containerName" "prometheus" "root" .) }} @@ -244,6 +314,9 @@ spec: - --web.enable-admin-api - --web.enable-lifecycle - --storage.tsdb.retention.time={{ .Values.prometheus.retentionTime }} + - --query.max-concurrency={{ .Values.prometheus.queryConcurrency }} + - --query.max-samples={{ .Values.prometheus.queryMaxSamples }} + - --query.timeout={{ .Values.prometheus.queryTimeout }} ports: - containerPort: 9090 - name: yugaware @@ -302,6 +375,9 @@ spec: - name: yugaware-storage mountPath: /opt/yugabyte/releases/ subPath: releases + - name: yugaware-storage + mountPath: /opt/yugabyte/ybc/releases/ + subPath: ybc_releases # old path for backward compatibility - name: yugaware-storage mountPath: /opt/releases/ @@ -318,6 +394,7 @@ spec: - name: nginx image: {{ include "full_image" (dict "containerName" "nginx" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["nginx", "-g", "daemon off;"] ports: - containerPort: 8080 diff --git a/charts/yugabyte/yugaware/templates/tests/test.yaml b/charts/yugabyte/yugaware/templates/tests/test.yaml new file mode 100644 index 000000000..1bd9a600b --- /dev/null +++ b/charts/yugabyte/yugaware/templates/tests/test.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Release.Name }}-yugaware-test + labels: + app: {{ .Release.Name }}-yugaware-test + chart: {{ template "yugaware.chart" . }} + release: {{ .Release.Name }} + annotations: + "helm.sh/hook": test +spec: + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + containers: + - name: yugaware-test + image: {{ include "full_yugaware_image" . }} + command: + - '/bin/bash' + - '-ec' + {{- if .Values.tls.enabled }} + - > + curl --head -k https://{{ .Release.Name }}-yugaware-ui + {{- else }} + - > + curl --head http://{{ .Release.Name }}-yugaware-ui + {{- end }} + restartPolicy: Never diff --git a/charts/yugabyte/yugaware/values.yaml b/charts/yugabyte/yugaware/values.yaml index 14ffa3035..2d5b92dfa 100644 --- a/charts/yugabyte/yugaware/values.yaml +++ b/charts/yugabyte/yugaware/values.yaml @@ -2,19 +2,21 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +fullnameOverride: "" +nameOverride: "" + image: commonRegistry: "" # Setting commonRegistry to say, quay.io overrides the registry settings for all images # including the yugaware image repository: quay.io/yugabyte/yugaware - tag: 2.14.13.0-b13 + tag: 2.16.8.0-b16 pullPolicy: IfNotPresent pullSecret: yugabyte-k8s-pull-secret ## Docker config JSON File name ## If set, this file content will be used to automatically create secret named as above - # pullSecretFile: - + pullSecretFile: "" postgres: registry: "" @@ -42,30 +44,39 @@ yugaware: storageClass: "" storageAnnotations: {} multiTenant: false - serviceAccount: yugaware + ## Name of existing ServiceAccount. When provided, the chart won't create a ServiceAccount. + ## It will attach the required RBAC roles to it. + ## Helpful in Yugabyte Platform GKE App. + serviceAccount: '' serviceMonitor: enabled: false annotations: {} serviceAccountAnnotations: {} service: annotations: {} + clusterIP: "" enabled: true ip: "" type: "LoadBalancer" + ## whitelist source CIDRs + #loadBalancerSourceRanges: + #- 0.0.0.0/0 + #- 192.168.100.0/24 pod: annotations: {} + labels: {} health: username: "" password: "" email: "" resources: requests: - cpu: 2 + cpu: "2" memory: 4Gi enableProxyMetricsAuth: true ## List of additional alowed CORS origins in case of complex rev-proxy additionAllowedCorsOrigins: [] - proxyEndpointTimeoutMs: 1 minute + proxyEndpointTimeoutMs: 3 minute ## Enables features specific for cloud deployments cloud: enabled: false @@ -76,8 +87,14 @@ yugaware: # Note that the default of 0 doesn't really make sense since a StatefulSet isn't allowed to schedule extra replicas. However it is maintained as the default while we do additional testing. This value will likely change in the future. maxUnavailable: 0 + universe_boot_script: "" + ## Configure PostgreSQL part of the application postgres: + # DO NOT CHANGE if using OCP Certified helm chart + user: postgres + dbname: yugaware + service: ## Expose internal Postgres as a Service enabled: false @@ -90,12 +107,12 @@ postgres: resources: requests: - cpu: 0.5 + cpu: "0.5" memory: 1Gi # If external.host is set then we will connect to an external postgres database server instead of starting our own. external: - host: null + host: "" port: 5432 pass: "" dbname: postgres @@ -143,9 +160,11 @@ nginx: resources: requests: - cpu: 0.25 + cpu: "0.25" memory: 300Mi + proxyReadTimeoutSec: 600 + rbac: ## Set this to false if you don't have enough permissions to create ## ClusterRole and Binding, for example an OpenShift cluster. When @@ -161,15 +180,45 @@ ocpCompatibility: # Extra containers to add to the pod. sidecars: [] +## Following two controls for placement of pod - nodeSelector and AZ affinity. +## Note: Remember to also provide a yugaware.StorageClass that has a olumeBindingMode of +## WaitForFirstConsumer so that the PVC is created in the right topology visible to this pod. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +## eg. +## nodeSelector: +## topology.kubernetes.io/region: us-west1 +nodeSelector: {} + +## Affinity to a particular zone for the pod. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## eg. +## nodeAffinity: +## requiredDuringSchedulingIgnoredDuringExecution: +## nodeSelectorTerms: +## - matchExpressions: +## - key: failure-domain.beta.kubernetes.io/zone +## operator: In +## values: +## - us-west1-a +## - us-west1-b +zoneAffinity: {} + +## The tolerations that the pod should have. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +tolerations: [] + ## Don't want prometheus to scrape nodes and evaluate alert rules in some cases (for example - cloud). prometheus: scrapeNodes: true evaluateAlertRules: true retentionTime: 15d + queryConcurrency: 20 + queryMaxSamples: 5000000 + queryTimeout: 30s resources: requests: - cpu: 2 + cpu: "2" memory: 4Gi ## Prometheus remote write config, as described here: @@ -190,8 +239,10 @@ prometheus: # Arbitrary key=value config entries for application.docker.conf additionalAppConf: - stringConf: - nonStringConf: + stringConf: {} + nonStringConf: {} + +jdbcParams: "" ## Override the APIVersion used by policy group for ## PodDisruptionBudget resources. The chart selects the correct @@ -199,3 +250,4 @@ additionalAppConf: ## to modify this unless you are using helm template command i.e. GKE ## app's deployer image against a Kubernetes cluster >= 1.21. # pdbPolicyVersionOverride: "v1beta1" +pdbPolicyVersionOverride: "" diff --git a/index.yaml b/index.yaml index 5359e510f..bb0b149da 100644 --- a/index.yaml +++ b/index.yaml @@ -80,6 +80,63 @@ entries: - assets/datawiza/access-broker-0.1.1.tgz version: 0.1.1 airflow: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + images: | + - name: airflow-exporter + image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r438 + - name: airflow-scheduler + image: docker.io/bitnami/airflow-scheduler:2.7.2-debian-11-r0 + - name: airflow-worker + image: docker.io/bitnami/airflow-worker:2.7.2-debian-11-r0 + - name: airflow + image: docker.io/bitnami/airflow:2.7.2-debian-11-r0 + - name: git + image: docker.io/bitnami/git:2.42.0-debian-11-r45 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.7.2 + created: "2023-10-16T14:36:02.902213435Z" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 18.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 13.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: 4cfd97ccf9255aa9aa41b16df610e78dedd59d69b42a67afe60cb230364c1072 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/airflow + urls: + - assets/bitnami/airflow-16.0.5.tgz + version: 16.0.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Airflow @@ -2007,8 +2064,8 @@ entries: argo-cd: - annotations: artifacthub.io/changes: | - - kind: security - description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 + - kind: fixed + description: Sync redis / redis-ha readOnlyRootFilesystem=true option from upstream. This was part of Argo CD 2.8.0. artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -2019,7 +2076,7 @@ entries: catalog.cattle.io/release-name: argo-cd apiVersion: v2 appVersion: v2.8.4 - created: "2023-09-25T17:23:22.363414073Z" + created: "2023-10-16T14:36:01.092047577Z" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -2027,7 +2084,46 @@ entries: version: 4.23.0 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: d018352ecae465c511ee91cc7c312f4311280d525d2ded7cd510bfd4e726577a + digest: 3c1ff329bcda57a4e24228bdb1d45f3e33ef487b76c7bd95884622c7ba67932e + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.46.8.tgz + version: 5.46.8 + - annotations: + artifacthub.io/changes: | + - kind: security + description: updated redis dependency to 7.0.13-alpine to fix CVE-2022-48174 + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.8.4 + created: "2023-10-16T14:35:34.452226153Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 40ba397ffbfc66ed2fa8686a38f10b372be0639f7a59baefe16d1a671a1d35a4 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -7885,6 +7981,71 @@ entries: - assets/jfrog/artifactory-jcr-2.5.100.tgz version: 2.5.100 asserts: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Asserts + catalog.cattle.io/kube-version: '>=1.17-0' + catalog.cattle.io/release-name: asserts + apiVersion: v2 + created: "2023-10-16T14:36:02.017579915Z" + dependencies: + - condition: knowledge-sensor.enabled + name: knowledge-sensor + repository: file://./charts/knowledge-sensor + version: 1.1.0 + - alias: tsdb + condition: tsdb.enabled + name: victoria-metrics-single + repository: file://./charts/victoria-metrics-single + version: 1.1.0 + - condition: alertmanager.enabled + name: alertmanager + repository: file://./charts/alertmanager + version: 1.6.0 + - alias: promxyruler + condition: promxyruler.enabled + name: promxy + repository: file://./charts/promxy + version: 0.8.0 + - alias: promxyuser + condition: promxyuser.enabled + name: promxy + repository: file://./charts/promxy + version: 0.8.0 + - alias: ebpfProbe + condition: ebpfProbe.enabled + name: ebpf-probe + repository: file://./charts/ebpf-probe + version: 0.8.0 + - name: common + repository: file://./charts/common + version: 1.x.x + - alias: redisgraph + condition: redisgraph.enabled + name: redis + repository: file://./charts/redis + version: 16.13.2 + - alias: redisearch + condition: redisearch.enabled + name: redis + repository: file://./charts/redis + version: 16.13.2 + - alias: postgres + condition: postgres.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: Asserts Helm Chart to configure entire asserts stack + digest: 28be0f9391bbf56854a4b05f8d3faee3ca7e26eb624cc7efadb5b602aff15e08 + icon: https://www.asserts.ai/favicon.png + maintainers: + - name: Asserts + url: https://github.com/asserts + name: asserts + type: application + urls: + - assets/asserts/asserts-1.59.0.tgz + version: 1.59.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Asserts @@ -10362,6 +10523,48 @@ entries: - assets/aws-event-sources/aws-event-sources-0.1.901.tgz version: 0.1.901 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + images: | + - name: cassandra-exporter + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r429 + - name: cassandra + image: docker.io/bitnami/cassandra:4.1.3-debian-11-r71 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.3 + created: "2023-10-16T14:36:02.995798334Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: 2b52498a9dfc4b9c0b2d24493989740f842b05d527069389dc1a955bb502d4b3 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/cassandra + urls: + - assets/bitnami/cassandra-10.5.8.tgz + version: 10.5.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -14624,8 +14827,8 @@ entries: catalog.cattle.io/featured: "1" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 - appVersion: 1.106.2 - created: "2023-09-29T14:17:17.35201853Z" + appVersion: 1.106.3 + created: "2023-10-16T14:36:52.42069252Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -14641,7 +14844,38 @@ entries: version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. - digest: 51c9c80fa0f30aa9aabd40fb10dd473a2aa7f8b3d8cc681a33a4bc3acf0896f6 + digest: d20b16dcb8a085a0cc3d7be4b3b98f32e0ffdefc7768d2e429e09170ac3269b8 + icon: https://partner-charts.rancher.io/assets/logos/kubecost.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-1.106.3.tgz + version: 1.106.3 + - annotations: + artifacthub.io/links: | + - name: Homepage + url: https://www.kubecost.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kubecost + catalog.cattle.io/release-name: cost-analyzer + apiVersion: v2 + appVersion: 1.106.2 + created: "2023-10-16T14:36:30.652994328Z" + dependencies: + - condition: global.grafana.enabled + name: grafana + repository: file://./charts/grafana + version: ~1.17.2 + - condition: global.prometheus.enabled + name: prometheus + repository: file://./charts/prometheus + version: ~11.0.2 + - condition: global.thanos.enabled + name: thanos + repository: file://./charts/thanos + version: ~0.29.0 + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: 5e439a122de50ecbc68c77591f2ecc752b3ad505cedce39637a6a49a4f96058f icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer urls: @@ -20061,6 +20295,33 @@ entries: - assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz version: 0.8.000 dynatrace-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dynatrace Operator + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: dynatrace-operator + apiVersion: v2 + appVersion: 0.14.0 + created: "2023-10-16T14:36:07.769499442Z" + description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift + digest: 71e2a47a7a35995b8ef5656b463cdd2871477e16914c14363c599283e5cb4e35 + home: https://www.dynatrace.com/ + icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png + kubeVersion: '>=1.19.0-0' + maintainers: + - email: marcell.sevcsik@dynatrace.com + name: 0sewa0 + - email: christoph.muellner@dynatrace.com + name: chrismuellner + - email: lukas.hinterreiter@dynatrace.com + name: luhi-DT + name: dynatrace-operator + sources: + - https://github.com/Dynatrace/dynatrace-operator + type: application + urls: + - assets/dynatrace/dynatrace-operator-0.14.0.tgz + version: 0.14.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dynatrace Operator @@ -20564,6 +20825,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.9.6 + created: "2023-10-16T14:36:07.890519686Z" + description: External secret management for Kubernetes + digest: 7709f3d73a7da867b29cdad4e0af69f0ed6f818c96b347334c08b6662f6052ea + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.9.6.tgz + version: 0.9.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -21581,6 +21866,38 @@ entries: - assets/crowdstrike/falcon-sensor-0.9.300.tgz version: 0.9.300 federatorai: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Federator.ai + catalog.cattle.io/kube-version: '>= 1.16.0-0' + catalog.cattle.io/release-name: federatorai + apiVersion: v2 + appVersion: 5.1.5-2289 + created: "2023-10-16T14:36:53.778051468Z" + description: Federator.ai helps enterprises optimize cloud resources, maximize + application performance, and save significant cost without excessive over-provisioning + or under-provisioning of resources, meeting the service-level requirements of + their applications. + digest: 86e297a7c6e4209300f9772ff2393dce21b0f2cf17057e9be51635b8402f2897 + home: https://www.prophetstor.com + icon: https://raw.githubusercontent.com/prophetstor-ai/public/master/images/logo.png + keywords: + - AI + - Resource Orchestration + - NoOps + - AIOps + - Intelligent Workload Management + - Cost Optimization + kubeVersion: '>= 1.16.0-0' + maintainers: + - email: support@prophetstor.com + name: ProphetStor Data Services, Inc. + name: federatorai + sources: + - https://www.prophetstor.com + urls: + - assets/prophetstor/federatorai-5.1.5.tgz + version: 5.1.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Federator.ai @@ -22125,6 +22442,113 @@ entries: - assets/inaccel/fpga-operator-2.5.201.tgz version: 2.5.201 gluu: + - annotations: + artifacthub.io/changes: | + - Chart 5.0.23 release + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/images: | + - name: auth-server + image: ghcr.io/janssenproject/jans/auth-server:1.0.19_dev + - name: auth-server-key-rotation + image: ghcr.io/janssenproject/jans/certmanager:1.0.19_dev + - name: configuration-manager + image: ghcr.io/janssenproject/jans/configurator:1.0.19_dev + - name: config-api + image: ghcr.io/janssenproject/jans/config-api:1.0.19_dev + - name: fido2 + image: ghcr.io/janssenproject/jans/fido2:1.0.19_dev + - name: opendj + image: gluufederation/opendj:5.0.0-1 + - name: persistence + image: ghcr.io/janssenproject/jans/persistence-loader:1.0.19_dev + - name: scim + image: ghcr.io/janssenproject/jans/scim:1.0.19_dev + - name: casa + image: ghcr.io/janssenproject/jans/casa:1.0.19_dev + - name: admin-ui + image: ghcr.io/gluufederation/flex/admin-ui:1.0.19_dev + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "true" + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management + catalog.cattle.io/featured: "4" + catalog.cattle.io/kube-version: '>=v1.21.0-0' + catalog.cattle.io/release-name: gluu + apiVersion: v2 + appVersion: 5.0.0 + created: "2023-10-16T14:36:27.449179029Z" + dependencies: + - condition: global.config.enabled + name: config + repository: file://./charts/config + version: 5.0.23 + - condition: global.config-api.enabled + name: config-api + repository: file://./charts/config-api + version: 5.0.23 + - condition: global.opendj.enabled + name: opendj + repository: file://./charts/opendj + version: 5.0.23 + - condition: global.auth-server.enabled + name: auth-server + repository: file://./charts/auth-server + version: 5.0.23 + - condition: global.admin-ui.enabled + name: admin-ui + repository: file://./charts/admin-ui + version: 5.0.23 + - condition: global.fido2.enabled + name: fido2 + repository: file://./charts/fido2 + version: 5.0.23 + - condition: global.scim.enabled + name: scim + repository: file://./charts/scim + version: 5.0.23 + - condition: global.nginx-ingress.enabled + name: nginx-ingress + repository: file://./charts/nginx-ingress + version: 5.0.23 + - condition: global.oxshibboleth.enabled + name: oxshibboleth + repository: file://./charts/oxshibboleth + version: 5.0.23 + - condition: global.oxpassport.enabled + name: oxpassport + repository: file://./charts/oxpassport + version: 5.0.23 + - condition: global.casa.enabled + name: casa + repository: file://./charts/casa + version: 5.0.23 + - condition: global.auth-server-key-rotation.enabled + name: auth-server-key-rotation + repository: file://./charts/auth-server-key-rotation + version: 5.0.23 + - condition: global.persistence.enabled + name: persistence + repository: file://./charts/persistence + version: 5.0.23 + - condition: global.istio.ingress + name: cn-istio-ingress + repository: file://./charts/cn-istio-ingress + version: 5.0.23 + description: Gluu Access and Identity Management + digest: 0f2ac287a6d0a682c654982c2d422c405d113de063b98ed330f18e198934048d + home: https://www.gluu.org + icon: https://gluu.org/docs/gluu-server/favicon.ico + kubeVersion: '>=v1.21.0-0' + maintainers: + - email: support@gluu.org + name: moabu + name: gluu + sources: + - https://gluu.org/docs/gluu-server + - https://github.com/GluuFederation/flex/flex-cn-setup + urls: + - assets/gluu/gluu-5.0.23.tgz + version: 5.0.23 - annotations: artifacthub.io/changes: | - Chart 5.0.23 dev release @@ -22154,12 +22578,11 @@ entries: artifacthub.io/prerelease: "true" catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Gluu Cloud Identity and Access Management - catalog.cattle.io/featured: "4" catalog.cattle.io/kube-version: '>=v1.21.0-0' catalog.cattle.io/release-name: gluu apiVersion: v2 appVersion: 5.0.0 - created: "2023-09-25T17:23:42.393636175Z" + created: "2023-10-16T14:36:08.177262712Z" dependencies: - condition: global.config.enabled name: config @@ -22218,7 +22641,7 @@ entries: repository: file://./charts/cn-istio-ingress version: 5.0.22 description: Gluu Access and Identity Management - digest: 7ed59963f12a3870d8af0e43c5f1078e4ad44d10b15de5d52d7061c04a1fd209 + digest: c7ed65d50508af94ab57d5b6b7c5a6f67b4898d00a646cf89fb0ed3ab4252459 home: https://www.gluu.org icon: https://gluu.org/docs/gluu-server/favicon.ico kubeVersion: '>=v1.21.0-0' @@ -25163,6 +25586,36 @@ entries: - assets/hpe/hpe-flexvolume-driver-3.1.000.tgz version: 3.1.000 instana-agent: + - annotations: + artifacthub.io/links: | + - name: Instana website + url: https://www.instana.com + - name: Instana Helm charts + url: https://github.com/instana/helm-charts + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Instana Agent + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: instana-agent + apiVersion: v2 + appVersion: 1.259.0 + created: "2023-10-16T14:36:27.876674997Z" + description: Instana Agent for Kubernetes + digest: ab2b7ae1de000fa440c5db7fee2f6307a97c17caa3ff8f00fbcfff2146c9e022 + home: https://www.instana.com/ + icon: https://agents.instana.io/helm/stan-logo-2020.png + maintainers: + - email: felix.marx@ibm.com + name: FelixMarxIBM + - email: henning.treu@ibm.com + name: htreu + - email: torsten.kohn@ibm.com + name: tkohn + name: instana-agent + sources: + - https://github.com/instana/instana-agent-docker + urls: + - assets/instana/instana-agent-1.2.65.tgz + version: 1.2.65 - annotations: artifacthub.io/links: | - name: Instana website @@ -26337,6 +26790,62 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/category: integration-delivery + artifacthub.io/images: | + - name: jenkins + image: jenkins/jenkins:2.414.2-jdk11 + - name: k8s-sidecar + image: kiwigrid/k8s-sidecar:1.24.4 + - name: inbound-agent + image: jenkins/inbound-agent:3107.v665000b_51092-15 + - name: backup + image: maorfr/kube-tasks:0.2.0 + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + - name: support + url: https://github.com/jenkinsci/helm-charts/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.414.2 + created: "2023-10-16T14:36:28.130472244Z" + description: Jenkins - Build great things at any scale! The leading open source + automation server, Jenkins provides over 1800 plugins to support building, deploying + and automating any project. + digest: bceae9ff72487645fc3ed8896e4f2f03d16f6907bb52fd56955d045819462fc6 + home: https://jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + keywords: + - jenkins + - ci + - devops + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + urls: + - assets/jenkins/jenkins-4.7.2.tgz + version: 4.7.2 - annotations: artifacthub.io/category: integration-delivery artifacthub.io/images: | @@ -29925,6 +30434,58 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + images: | + - name: jmx-exporter + image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r95 + - name: kafka-exporter + image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r132 + - name: kafka + image: docker.io/bitnami/kafka:3.5.1-debian-11-r72 + - name: kubectl + image: docker.io/bitnami/kubectl:1.28.2-debian-11-r16 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.1 + created: "2023-10-16T14:36:03.670032724Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: b6741f4f1251fd36dd211640a3c57c3fd74a570808a71341baeb8eef9bd6d0d9 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/kafka + urls: + - assets/bitnami/kafka-25.3.5.tgz + version: 25.3.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -34611,6 +35172,33 @@ entries: - assets/avesha/kubeslice-worker-0.4.5.tgz version: 0.4.5 kuma: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kuma + catalog.cattle.io/namespace: kuma-system + catalog.cattle.io/release-name: kuma + apiVersion: v2 + appVersion: 2.4.3 + created: "2023-10-16T14:36:52.574918944Z" + description: A Helm chart for the Kuma Control Plane + digest: a2fc3aae061f3103dd802fa3c03bb0d1e8b03cd57b442088a17c494dfda9c1c3 + home: https://github.com/kumahq/kuma + icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg + keywords: + - service mesh + - control plane + maintainers: + - email: austin.cawley@gmail.com + name: austince + - email: jakub.dyszkiewicz@konghq.com + name: jakubdyszkiewicz + - email: nikolay.nikolaev@konghq.com + name: nickolaev + name: kuma + type: application + urls: + - assets/kuma/kuma-2.4.3.tgz + version: 2.4.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kuma @@ -35635,6 +36223,50 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + images: | + - name: mariadb + image: docker.io/bitnami/mariadb:11.1.2-debian-11-r0 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 11.1.2 + created: "2023-10-16T14:36:03.860125435Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 1036169b042a9f5e34282d83c587955526200337d9b30c4150074ef3165d2042 + home: https://bitnami.com + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mariadb + urls: + - assets/bitnami/mariadb-14.0.2.tgz + version: 14.0.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -37204,6 +37836,32 @@ entries: - assets/metallb/metallb-0.13.7.tgz version: 0.13.7 minio-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Minio Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: minio-operator + apiVersion: v2 + appVersion: v5.0.10 + created: "2023-10-16T14:36:52.618005774Z" + description: A Helm chart for MinIO Operator + digest: af0bb2b6bec1d2c7dfde91f5b6dbb7a18828988f43eb9de6136eb97c3b3589be + home: https://min.io + icon: https://min.io/resources/img/logo/MINIO_wordmark.png + keywords: + - storage + - object-storage + - S3 + maintainers: + - email: dev@minio.io + name: MinIO, Inc + name: minio-operator + sources: + - https://github.com/minio/operator + type: application + urls: + - assets/minio/minio-operator-5.0.10.tgz + version: 5.0.10 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Minio Operator @@ -37595,6 +38253,50 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + images: | + - name: mysql + image: docker.io/bitnami/mysql:8.0.34-debian-11-r75 + - name: mysqld-exporter + image: docker.io/bitnami/mysqld-exporter:0.15.0-debian-11-r70 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 8.0.34 + created: "2023-10-16T14:36:03.939294457Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: 52cd1f860ddc398ff00738405813ba6a14693ec7f7e930543f362823594e0925 + home: https://bitnami.com + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mysql + urls: + - assets/bitnami/mysql-9.12.5.tgz + version: 9.12.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -38795,6 +39497,31 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.10.2 + created: "2023-10-16T14:36:52.689498156Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 82ca3569ec46ce8be93940ae6c01d29db404fd8cd6b98a7a04b82dbb8020873a + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io + name: nats + urls: + - assets/nats/nats-1.1.1.tgz + version: 1.1.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -39449,6 +40176,32 @@ entries: - assets/nats/nats-0.10.0.tgz version: 0.10.0 nginx-ingress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NGINX Ingress Controller + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/release-name: nginx-ingress + apiVersion: v2 + appVersion: 3.3.1 + created: "2023-10-16T14:36:07.949928503Z" + description: NGINX Ingress Controller + digest: 0e8a2e9b076ba0bfbc0f972d9c10b4808a53f5b3f557b63f8e0f6a2b38a4cea2 + home: https://github.com/nginxinc/kubernetes-ingress + icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.3.1/deployments/helm-chart/chart-icon.png + keywords: + - ingress + - nginx + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: kubernetes@nginx.com + name: nginxinc + name: nginx-ingress + sources: + - https://github.com/nginxinc/kubernetes-ingress/tree/v3.3.1/deployments/helm-chart + type: application + urls: + - assets/f5/nginx-ingress-1.0.1.tgz + version: 1.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NGINX Ingress Controller @@ -39978,6 +40731,102 @@ entries: - assets/f5/nginx-service-mesh-0.2.100.tgz version: 0.2.100 nri-bundle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: New Relic + catalog.cattle.io/release-name: nri-bundle + apiVersion: v2 + created: "2023-10-16T14:36:53.149500912Z" + dependencies: + - condition: infrastructure.enabled,newrelic-infrastructure.enabled + name: newrelic-infrastructure + repository: file://./charts/newrelic-infrastructure + version: 3.23.1 + - condition: prometheus.enabled,nri-prometheus.enabled + name: nri-prometheus + repository: file://./charts/nri-prometheus + version: 2.1.17 + - condition: newrelic-prometheus-agent.enabled + name: newrelic-prometheus-agent + repository: file://./charts/newrelic-prometheus-agent + version: 1.4.1 + - condition: webhook.enabled,nri-metadata-injection.enabled + name: nri-metadata-injection + repository: file://./charts/nri-metadata-injection + version: 4.10.0 + - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled + name: newrelic-k8s-metrics-adapter + repository: file://./charts/newrelic-k8s-metrics-adapter + version: 1.4.1 + - condition: ksm.enabled,kube-state-metrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + version: 5.12.1 + - condition: kubeEvents.enabled,nri-kube-events.enabled + name: nri-kube-events + repository: file://./charts/nri-kube-events + version: 3.2.4 + - condition: logging.enabled,newrelic-logging.enabled + name: newrelic-logging + repository: file://./charts/newrelic-logging + version: 1.18.1 + - condition: newrelic-pixie.enabled + name: newrelic-pixie + repository: file://./charts/newrelic-pixie + version: 2.1.2 + - alias: pixie-chart + condition: pixie-chart.enabled + name: pixie-operator-chart + repository: file://./charts/pixie-operator-chart + version: 0.1.4 + - condition: newrelic-infra-operator.enabled + name: newrelic-infra-operator + repository: file://./charts/newrelic-infra-operator + version: 2.3.1 + description: Groups together the individual charts for the New Relic Kubernetes + solution for a more comfortable deployment. + digest: d4f813d7ad0ac56bedf54cdcccd89e8aa6ca12514485ded01f31344519bd48b4 + home: https://github.com/newrelic/helm-charts + icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg + keywords: + - infrastructure + - newrelic + - monitoring + maintainers: + - name: nserrino + url: https://github.com/nserrino + - name: philkuz + url: https://github.com/philkuz + - name: htroisi + url: https://github.com/htroisi + - name: juanjjaramillo + url: https://github.com/juanjjaramillo + - name: svetlanabrennan + url: https://github.com/svetlanabrennan + - name: nrepai + url: https://github.com/nrepai + - name: csongnr + url: https://github.com/csongnr + - name: vuqtran88 + url: https://github.com/vuqtran88 + - name: xqi-nr + url: https://github.com/xqi-nr + name: nri-bundle + sources: + - https://github.com/newrelic/nri-bundle/ + - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle + - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure + - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus + - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent + - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection + - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter + - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie + - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator + urls: + - assets/new-relic/nri-bundle-5.0.40.tgz + version: 5.0.40 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: New Relic @@ -44146,6 +44995,51 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + - name: postgres-exporter + image: docker.io/bitnami/postgres-exporter:0.14.0-debian-11-r15 + - name: postgresql + image: docker.io/bitnami/postgresql:16.0.0-debian-11-r13 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 16.0.0 + created: "2023-10-16T14:36:04.404565733Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: b70d4fba4f66b608b47f6f741a6603c7dab75aa23750b28f488092f79eef5c0e + home: https://bitnami.com + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/postgresql + urls: + - assets/bitnami/postgresql-13.1.5.tgz + version: 13.1.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -47280,6 +48174,50 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + - name: redis-exporter + image: docker.io/bitnami/redis-exporter:1.55.0-debian-11-r0 + - name: redis-sentinel + image: docker.io/bitnami/redis-sentinel:7.2.1-debian-11-r26 + - name: redis + image: docker.io/bitnami/redis:7.2.1-debian-11-r26 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.2.1 + created: "2023-10-16T14:36:04.83988525Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 2b1d1e0b1df573dc8d0dd5ff58ac175436a1f72adc51792761380edbd4e667a0 + home: https://bitnami.com + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-18.1.5.tgz + version: 18.1.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -49336,6 +50274,50 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.2.12 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.2.12 + created: "2023-10-16T14:36:54.214924001Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: file://./charts/connectors + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 402a99bd56b3bdcaa966af62380d8f105d380e0598919f6899792c68b7217a40 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.6.17.tgz + version: 5.6.17 - annotations: artifacthub.io/images: | - name: redpanda @@ -53578,6 +54560,43 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + images: | + - name: spark + image: docker.io/bitnami/spark:3.5.0-debian-11-r0 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.0 + created: "2023-10-16T14:36:04.982044707Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: 734bcaf18b0b821c1ddcee8f2dd09cd9aeb39c930b86ed8139d1746f6a14d711 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-8.0.1.tgz + version: 8.0.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -54732,6 +55751,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.3.494 + created: "2023-10-16T14:36:54.359526073Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: bf0a566e59de2327dac386edbafe44965d4f552f19ab9674b67253e9095965ee + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.3.39.tgz + version: 1.3.39 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -56797,6 +57847,32 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.16.3 + created: "2023-10-16T14:36:54.713622964Z" + deprecated: true + description: Sysdig Monitor and Secure agent + digest: e9f02e55f4df4ee393ca80cf1f396798075a22b3e8bedd9937a2a925a9febe44 + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.16.15.tgz + version: 1.16.15 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -58304,6 +59380,51 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 tomcat: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + images: | + - name: jmx-exporter + image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r95 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + - name: tomcat + image: docker.io/bitnami/tomcat:10.1.14-debian-11-r0 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.14 + created: "2023-10-16T14:36:05.010016656Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 02d42a8c6d08b346b0051133b6a24f6822bb0ef1de5b17b2be495b4968f063f9 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/tomcat + urls: + - assets/bitnami/tomcat-10.10.9.tgz + version: 10.10.9 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Tomcat @@ -61781,6 +62902,60 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.2-debian-11-r10 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + - name: wordpress + image: docker.io/bitnami/wordpress:6.3.2-debian-11-r0 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.3.2 + created: "2023-10-16T14:36:06.260746312Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 14.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 39e118315960be28bdf3e969043d1dc55de06cfc2b8db05776fa96124e77d40c + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-18.0.6.tgz + version: 18.0.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -65990,6 +67165,32 @@ entries: urls: - assets/yugabyte/yugabyte-2.18.0.tgz version: 2.18.0 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugabyte + charts.openshift.io/name: yugabyte + apiVersion: v2 + appVersion: 2.16.8.0-b16 + created: "2023-10-16T14:36:55.313218666Z" + description: YugabyteDB is the high-performance distributed SQL database for building + global, internet-scale apps. + digest: 2997489589f968e25b7b3142db6b08ac77cbc31ff7fecc460eeed876c1d64a9d + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugabyte + sources: + - https://github.com/yugabyte/yugabyte-db + urls: + - assets/yugabyte/yugabyte-2.16.8.tgz + version: 2.16.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB @@ -66561,6 +67762,32 @@ entries: urls: - assets/yugabyte/yugaware-2.18.0.tgz version: 2.18.0 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB Anywhere + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugaware + charts.openshift.io/name: yugaware + apiVersion: v2 + appVersion: 2.16.8.0-b16 + created: "2023-10-16T14:36:55.379048517Z" + description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB + cluster with multiple pods provided by Kubernetes or OpenShift and logically + grouped together to form one logical distributed database. + digest: 1dbe71c49ce235955d42469c8a59fc55dff892ce20aa57c91ae875632309bc87 + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + kubeVersion: '>=1.18-0' + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugaware + urls: + - assets/yugabyte/yugaware-2.16.8.tgz + version: 2.16.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB Anywhere @@ -67004,6 +68231,43 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + - name: zookeeper + image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r1 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.9.1 + created: "2023-10-16T14:36:06.383559066Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: c8880c7ee37b4526bab9a5c5ab0c96f226ef5ff6f151c0a675ab4c92ef263f92 + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + urls: + - assets/bitnami/zookeeper-12.1.6.tgz + version: 12.1.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper