diff --git a/assets/aquarist-labs/s3gw-0.18.0.tgz b/assets/aquarist-labs/s3gw-0.18.0.tgz new file mode 100644 index 000000000..27ba7397f Binary files /dev/null and b/assets/aquarist-labs/s3gw-0.18.0.tgz differ diff --git a/assets/argo/argo-cd-5.37.0.tgz b/assets/argo/argo-cd-5.37.0.tgz index 5ac354a42..00461bbf9 100644 Binary files a/assets/argo/argo-cd-5.37.0.tgz and b/assets/argo/argo-cd-5.37.0.tgz differ diff --git a/assets/argo/argo-cd-5.38.0.tgz b/assets/argo/argo-cd-5.38.0.tgz new file mode 100644 index 000000000..b69fcc10d Binary files /dev/null and b/assets/argo/argo-cd-5.38.0.tgz differ diff --git a/assets/asserts/asserts-1.44.0.tgz b/assets/asserts/asserts-1.44.0.tgz new file mode 100644 index 000000000..5812c3fcc Binary files /dev/null and b/assets/asserts/asserts-1.44.0.tgz differ diff --git a/assets/bitnami/kafka-23.0.2.tgz b/assets/bitnami/kafka-23.0.2.tgz new file mode 100644 index 000000000..be2f85d0e Binary files /dev/null and b/assets/bitnami/kafka-23.0.2.tgz differ diff --git a/assets/bitnami/mariadb-12.2.7.tgz b/assets/bitnami/mariadb-12.2.7.tgz new file mode 100644 index 000000000..9eb6e41c7 Binary files /dev/null and b/assets/bitnami/mariadb-12.2.7.tgz differ diff --git a/assets/bitnami/mysql-9.10.5.tgz b/assets/bitnami/mysql-9.10.5.tgz new file mode 100644 index 000000000..edeb7501e Binary files /dev/null and b/assets/bitnami/mysql-9.10.5.tgz differ diff --git a/assets/bitnami/postgresql-12.6.4.tgz b/assets/bitnami/postgresql-12.6.4.tgz new file mode 100644 index 000000000..bb70ebf34 Binary files /dev/null and b/assets/bitnami/postgresql-12.6.4.tgz differ diff --git a/assets/bitnami/wordpress-16.1.25.tgz b/assets/bitnami/wordpress-16.1.25.tgz new file mode 100644 index 000000000..e201c72ea Binary files /dev/null and b/assets/bitnami/wordpress-16.1.25.tgz differ diff --git a/assets/clastix/kamaji-0.12.2.tgz b/assets/clastix/kamaji-0.12.2.tgz new file mode 100644 index 000000000..5fda88389 Binary files /dev/null and b/assets/clastix/kamaji-0.12.2.tgz differ diff --git a/assets/cockroach-labs/cockroachdb-11.0.4.tgz b/assets/cockroach-labs/cockroachdb-11.0.4.tgz new file mode 100644 index 000000000..a98e9e669 Binary files /dev/null and b/assets/cockroach-labs/cockroachdb-11.0.4.tgz differ diff --git a/assets/crate/crate-operator-2.30.1.tgz b/assets/crate/crate-operator-2.30.1.tgz new file mode 100644 index 000000000..e08cf928c Binary files /dev/null and b/assets/crate/crate-operator-2.30.1.tgz differ diff --git a/assets/datadog/datadog-3.33.0.tgz b/assets/datadog/datadog-3.33.0.tgz new file mode 100644 index 000000000..958fcbd2d Binary files /dev/null and b/assets/datadog/datadog-3.33.0.tgz differ diff --git a/assets/datadog/datadog-operator-1.0.6.tgz b/assets/datadog/datadog-operator-1.0.6.tgz new file mode 100644 index 000000000..755a31d6c Binary files /dev/null and b/assets/datadog/datadog-operator-1.0.6.tgz differ diff --git a/assets/external-secrets/external-secrets-0.9.1.tgz b/assets/external-secrets/external-secrets-0.9.1.tgz new file mode 100644 index 000000000..3514cdb45 Binary files /dev/null and b/assets/external-secrets/external-secrets-0.9.1.tgz differ diff --git a/assets/jaeger/jaeger-operator-2.46.1.tgz b/assets/jaeger/jaeger-operator-2.46.1.tgz new file mode 100644 index 000000000..9230ebbb0 Binary files /dev/null and b/assets/jaeger/jaeger-operator-2.46.1.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.59.12.tgz b/assets/jfrog/artifactory-ha-107.59.12.tgz new file mode 100644 index 000000000..3303e2970 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.59.12.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.59.12.tgz b/assets/jfrog/artifactory-jcr-107.59.12.tgz new file mode 100644 index 000000000..887925852 Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.59.12.tgz differ diff --git a/assets/kong/kong-2.24.0.tgz b/assets/kong/kong-2.24.0.tgz new file mode 100644 index 000000000..e4b6d06c4 Binary files /dev/null and b/assets/kong/kong-2.24.0.tgz differ diff --git a/assets/redpanda/redpanda-4.0.52.tgz b/assets/redpanda/redpanda-4.0.52.tgz new file mode 100644 index 000000000..1a415fe22 Binary files /dev/null and b/assets/redpanda/redpanda-4.0.52.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.3.19.tgz b/assets/speedscale/speedscale-operator-1.3.19.tgz new file mode 100644 index 000000000..6dc8c85b1 Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.3.19.tgz differ diff --git a/assets/triggermesh/triggermesh-0.8.3.tgz b/assets/triggermesh/triggermesh-0.8.3.tgz new file mode 100644 index 000000000..1fb91ee46 Binary files /dev/null and b/assets/triggermesh/triggermesh-0.8.3.tgz differ diff --git a/charts/aquarist-labs/s3gw/Chart.yaml b/charts/aquarist-labs/s3gw/Chart.yaml index 8fc41d390..1b790bc9b 100644 --- a/charts/aquarist-labs/s3gw/Chart.yaml +++ b/charts/aquarist-labs/s3gw/Chart.yaml @@ -17,7 +17,7 @@ appVersion: latest description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s Kubernetes. ' home: https://github.com/aquarist-labs/s3gw -icon: https://raw.githubusercontent.com/aquarist-labs/aquarium-website/gh-pages/images/logo-xl.png +icon: https://s3gw.io/img/logo-xl.png keywords: - storage - s3 @@ -31,5 +31,8 @@ sources: - https://github.com/aquarist-labs/s3gw-charts - https://github.com/aquarist-labs/s3gw - https://github.com/aquarist-labs/ceph +- https://github.com/aquarist-labs/s3gw-ui +- https://github.com/aquarist-labs/s3gw-cosi-driver +- https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar type: application -version: 0.17.0 +version: 0.18.0 diff --git a/charts/aquarist-labs/s3gw/templates/chart-validation.yaml b/charts/aquarist-labs/s3gw/templates/chart-validation.yaml index b6022009c..31fd797d3 100644 --- a/charts/aquarist-labs/s3gw/templates/chart-validation.yaml +++ b/charts/aquarist-labs/s3gw/templates/chart-validation.yaml @@ -1,4 +1,4 @@ -{{- if (empty .Values.publicDomain) }} +{{- if (and .Values.ingress.enabled (empty .Values.publicDomain)) }} {{- fail "Please provide a value for `.Values.publicDomain`." }} {{- end }} @@ -9,3 +9,11 @@ {{- if (and .Values.useExistingSecret (empty .Values.defaultUserCredentialsSecret)) }} {{- fail "Please provide a secret name for `.Values.defaultUserCredentialSecret`" }} {{- end }} + +{{- if .Values.useCertManager }} +{{- if eq .Values.tlsIssuer "s3gw-letsencrypt-issuer" }} +{{- if eq .Values.email "mail@example.com" }} +{{- fail "Please provide a valid email for letsencrypt" }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/aquarist-labs/s3gw/templates/tls-issuer.yaml b/charts/aquarist-labs/s3gw/templates/tls-issuer.yaml index 726e9d8ad..e9ae2492a 100644 --- a/charts/aquarist-labs/s3gw/templates/tls-issuer.yaml +++ b/charts/aquarist-labs/s3gw/templates/tls-issuer.yaml @@ -1,4 +1,5 @@ {{- if .Values.useCertManager }} +{{- if eq .Values.tlsIssuer "s3gw-issuer" }} --- # Self-signed issuer apiVersion: cert-manager.io/v1 @@ -20,6 +21,7 @@ metadata: spec: ca: secretName: {{ .Release.Name }}-{{ .Release.Namespace }}-ca-root +{{- else if eq .Values.tlsIssuer "s3gw-letsencrypt-issuer" }} --- # Let's encrypt production issuer apiVersion: cert-manager.io/v1 @@ -44,3 +46,4 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" {{- end }} +{{- end }} diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index 96bd24348..fc001a701 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: added - description: add applicationSet deployment cmd-params checksum + - kind: changed + description: Upgrade dexidp from v2.36.0 to v2.37.0 artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -11,7 +11,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.7.6 +appVersion: v2.7.7 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -33,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.37.0 +version: 5.38.0 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 907cd0fe2..51db48705 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -857,7 +857,7 @@ server: | dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | | dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| dex.image.tag | string | `"v2.36.0"` | Dex image tag | +| dex.image.tag | string | `"v2.37.0"` | Dex image tag | | dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | dex.initContainers | list | `[]` | Init containers to add to the dex pod | | dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 63588ea9b..08f3404a0 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -928,7 +928,7 @@ dex: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.36.0 + tag: v2.37.0 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" diff --git a/charts/asserts/asserts/Chart.yaml b/charts/asserts/asserts/Chart.yaml index ab3111a83..afbec50cd 100644 --- a/charts/asserts/asserts/Chart.yaml +++ b/charts/asserts/asserts/Chart.yaml @@ -58,4 +58,4 @@ maintainers: url: https://github.com/asserts name: asserts type: application -version: 1.43.0 +version: 1.44.0 diff --git a/charts/asserts/asserts/values.yaml b/charts/asserts/asserts/values.yaml index 5421223df..843b66a1e 100644 --- a/charts/asserts/asserts/values.yaml +++ b/charts/asserts/asserts/values.yaml @@ -142,7 +142,7 @@ server: repository: asserts/asserts-server pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.2.670 + tag: v0.2.675 resources: requests: @@ -251,7 +251,7 @@ authorization: repository: asserts/authorization pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.2.670 + tag: v0.2.675 resources: requests: @@ -317,7 +317,7 @@ ui: repository: asserts/asserts-ui pullPolicy: IfNotPresent ## Overrides the image tag whose default is the chart appVersion. - tag: v0.1.1251 + tag: v0.1.1254 imagePullSecrets: [] diff --git a/charts/bitnami/kafka/Chart.lock b/charts/bitnami/kafka/Chart.lock index 5d258ab32..5b17d2c79 100644 --- a/charts/bitnami/kafka/Chart.lock +++ b/charts/bitnami/kafka/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 11.4.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.4.0 -digest: sha256:33b2935785d886ed0e2f0349c57278481234c71d6db72ec57ba8721d40408aa9 -generated: "2023-06-26T20:59:56.145279557Z" + version: 2.6.0 +digest: sha256:4271c5c11b86e9fd012122ff557d14248e61e0f36c88c5f55b4bbc1ea0fb2500 +generated: "2023-07-05T20:04:24.503191641Z" diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index b57b18d68..d3994a4e4 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 23.0.1 +version: 23.0.2 diff --git a/charts/bitnami/kafka/README.md b/charts/bitnami/kafka/README.md index 613c38718..68cd10ea4 100644 --- a/charts/bitnami/kafka/README.md +++ b/charts/bitnami/kafka/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Kafka image registry | `docker.io` | | `image.repository` | Kafka image repository | `bitnami/kafka` | -| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.0-debian-11-r1` | +| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.0-debian-11-r4` | | `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -256,7 +256,7 @@ The command removes all the Kubernetes components associated with the chart and | `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` | | `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` | | `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` | -| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.11-debian-11-r4` | +| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.11-debian-11-r6` | | `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` | | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | @@ -312,7 +312,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r130` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r132` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -337,7 +337,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | | `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` | | `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` | -| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r11` | +| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r14` | | `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` | | `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -385,7 +385,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r34` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r1` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/kafka/charts/common/Chart.yaml b/charts/bitnami/kafka/charts/common/Chart.yaml index 4fc56bbb7..191699db1 100644 --- a/charts/bitnami/kafka/charts/common/Chart.yaml +++ b/charts/bitnami/kafka/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.4.0 +appVersion: 2.6.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.4.0 +version: 2.6.0 diff --git a/charts/bitnami/kafka/charts/common/README.md b/charts/bitnami/kafka/charts/common/README.md index 72fca33da..b48bb7a25 100644 --- a/charts/bitnami/kafka/charts/common/README.md +++ b/charts/bitnami/kafka/charts/common/README.md @@ -2,8 +2,6 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. -Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```yaml @@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/kafka/charts/common/templates/_affinities.tpl b/charts/bitnami/kafka/charts/common/templates/_affinities.tpl index 81902a681..0e571028f 100644 --- a/charts/bitnami/kafka/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_affinities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl b/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl index 697486a31..c6d115fe5 100644 --- a/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_capabilities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/kafka/charts/common/templates/_errors.tpl b/charts/bitnami/kafka/charts/common/templates/_errors.tpl index a79cc2e32..07ded6f64 100644 --- a/charts/bitnami/kafka/charts/common/templates/_errors.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_errors.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Through error when upgrading using empty passwords values that must not be empty. diff --git a/charts/bitnami/kafka/charts/common/templates/_images.tpl b/charts/bitnami/kafka/charts/common/templates/_images.tpl index d60c22e25..2181f3224 100644 --- a/charts/bitnami/kafka/charts/common/templates/_images.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_images.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name diff --git a/charts/bitnami/kafka/charts/common/templates/_ingress.tpl b/charts/bitnami/kafka/charts/common/templates/_ingress.tpl index 831da9caa..efa5b85c7 100644 --- a/charts/bitnami/kafka/charts/common/templates/_ingress.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_ingress.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/kafka/charts/common/templates/_labels.tpl b/charts/bitnami/kafka/charts/common/templates/_labels.tpl index 252066c7e..a1d7a95bc 100644 --- a/charts/bitnami/kafka/charts/common/templates/_labels.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_labels.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Kubernetes standard labels diff --git a/charts/bitnami/kafka/charts/common/templates/_names.tpl b/charts/bitnami/kafka/charts/common/templates/_names.tpl index 617a23489..a222924f1 100644 --- a/charts/bitnami/kafka/charts/common/templates/_names.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_names.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/charts/bitnami/kafka/charts/common/templates/_secrets.tpl b/charts/bitnami/kafka/charts/common/templates/_secrets.tpl index a1708b2e8..a193c46b6 100644 --- a/charts/bitnami/kafka/charts/common/templates/_secrets.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_secrets.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Generate secret name. @@ -72,7 +77,7 @@ Params: - strong - Boolean - Optional - Whether to add symbols to the generated random password. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - context - Context - Required - Parent context. - + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. The order in which this function returns a secret password: 1. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) @@ -86,6 +91,7 @@ The order in which this function returns a secret password: {{- $password := "" }} {{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} {{- $chartName := default "" .chartName }} {{- $passwordLength := default 10 .length }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} @@ -94,7 +100,7 @@ The order in which this function returns a secret password: {{- if $secretData }} {{- if hasKey $secretData .key }} {{- $password = index $secretData .key | quote }} - {{- else }} + {{- else if $failOnNew }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- end -}} {{- else if $providedPasswordValue }} @@ -137,15 +143,16 @@ Params: */}} {{- define "common.secrets.lookup" -}} {{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} {{- if and $secretData (hasKey $secretData .key) -}} {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} {{- end -}} +{{- if $value -}} {{- printf "%s" $value -}} {{- end -}} +{{- end -}} {{/* Returns whether a previous generated secret already exists diff --git a/charts/bitnami/kafka/charts/common/templates/_storage.tpl b/charts/bitnami/kafka/charts/common/templates/_storage.tpl index 60e2a844f..16405a0f8 100644 --- a/charts/bitnami/kafka/charts/common/templates/_storage.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_storage.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper Storage Class diff --git a/charts/bitnami/kafka/charts/common/templates/_tplvalues.tpl b/charts/bitnami/kafka/charts/common/templates/_tplvalues.tpl index 2db166851..dc15f7fdc 100644 --- a/charts/bitnami/kafka/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_tplvalues.tpl @@ -1,13 +1,27 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* -Renders a value that contains template. +Renders a value that contains template perhaps with scope if the scope is present. Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- if .scope }} + {{- if typeIs "string" .value }} + {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- end }} +{{- else }} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{- end -}} diff --git a/charts/bitnami/kafka/charts/common/templates/_utils.tpl b/charts/bitnami/kafka/charts/common/templates/_utils.tpl index b1ead50cf..c87040cd9 100644 --- a/charts/bitnami/kafka/charts/common/templates/_utils.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_utils.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Print instructions to get a secret value. diff --git a/charts/bitnami/kafka/charts/common/templates/_warnings.tpl b/charts/bitnami/kafka/charts/common/templates/_warnings.tpl index ae10fa41e..66dffc1fe 100644 --- a/charts/bitnami/kafka/charts/common/templates/_warnings.tpl +++ b/charts/bitnami/kafka/charts/common/templates/_warnings.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Warning about using rolling tag. diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_cassandra.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_cassandra.tpl index ded1ae3bc..eda9aada5 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_cassandra.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_cassandra.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate Cassandra required passwords are not empty. diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_mariadb.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_mariadb.tpl index b6906ff77..17d83a2fd 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_mariadb.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_mariadb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MariaDB required passwords are not empty. diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_mongodb.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_mongodb.tpl index f820ec107..bbb445b86 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_mongodb.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_mongodb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MongoDB® required passwords are not empty. diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_mysql.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_mysql.tpl index 74472a061..ca3953f86 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_mysql.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_mysql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MySQL required passwords are not empty. diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_postgresql.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_postgresql.tpl index 164ec0d01..8c9aa570e 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_postgresql.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_postgresql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate PostgreSQL required passwords are not empty. diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_redis.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_redis.tpl index dcccfc1ae..fc0d208dd 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_redis.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_redis.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/kafka/charts/common/templates/validations/_validations.tpl b/charts/bitnami/kafka/charts/common/templates/validations/_validations.tpl index 9a814cf40..31ceda871 100644 --- a/charts/bitnami/kafka/charts/common/templates/validations/_validations.tpl +++ b/charts/bitnami/kafka/charts/common/templates/validations/_validations.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate values must not be empty. diff --git a/charts/bitnami/kafka/charts/common/values.yaml b/charts/bitnami/kafka/charts/common/values.yaml index f2df68e5e..9abe0e154 100644 --- a/charts/bitnami/kafka/charts/common/values.yaml +++ b/charts/bitnami/kafka/charts/common/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## bitnami/common ## It is required by CI/CD tools and processes. ## @skip exampleValue diff --git a/charts/bitnami/kafka/values.yaml b/charts/bitnami/kafka/values.yaml index 0fb235f89..4848d9187 100644 --- a/charts/bitnami/kafka/values.yaml +++ b/charts/bitnami/kafka/values.yaml @@ -80,7 +80,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.5.0-debian-11-r1 + tag: 3.5.0-debian-11-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -784,7 +784,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.25.11-debian-11-r4 + tag: 1.25.11-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1033,7 +1033,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r130 + tag: 11-debian-11-r132 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1115,7 +1115,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.7.0-debian-11-r11 + tag: 1.7.0-debian-11-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1351,7 +1351,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.18.0-debian-11-r34 + tag: 0.19.0-debian-11-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/mariadb/Chart.lock b/charts/bitnami/mariadb/Chart.lock index cc6e4f153..6afd81ec1 100644 --- a/charts/bitnami/mariadb/Chart.lock +++ b/charts/bitnami/mariadb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.4.0 -digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 -generated: "2023-05-21T18:46:17.326179513Z" + version: 2.6.0 +digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a +generated: "2023-07-06T21:34:41.934329163Z" diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index 46c1db8ba..1089ea188 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -30,4 +30,4 @@ maintainers: name: mariadb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb -version: 12.2.5 +version: 12.2.7 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index 8fc6bd939..697888ddc 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -22,6 +22,8 @@ MariaDB is developed as open source software and as a relational database it pro Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use MariaDB in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -80,28 +82,28 @@ The command removes all the Kubernetes components associated with the chart and ### MariaDB common parameters -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | MariaDB image registry | `docker.io` | -| `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.4-debian-11-r0` | -| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | -| `auth.replicationUser` | MariaDB replication user | `replicator` | -| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` | -| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` | -| `auth.forcePassword` | Force users to specify required passwords | `false` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `image.registry` | MariaDB image registry | `docker.io` | +| `image.repository` | MariaDB image repository | `bitnami/mariadb` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.11.4-debian-11-r10` | +| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | +| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` | +| `auth.database` | Name for a custom database to create | `my_database` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | +| `auth.replicationUser` | MariaDB replication user | `replicator` | +| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` | +| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` | +| `auth.forcePassword` | Force users to specify required passwords | `false` | +| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` | +| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | ### MariaDB Primary parameters @@ -306,7 +308,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r123` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r133` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -320,7 +322,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r125` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r136` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/mariadb/charts/common/Chart.yaml b/charts/bitnami/mariadb/charts/common/Chart.yaml index 4fc56bbb7..191699db1 100644 --- a/charts/bitnami/mariadb/charts/common/Chart.yaml +++ b/charts/bitnami/mariadb/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.4.0 +appVersion: 2.6.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.4.0 +version: 2.6.0 diff --git a/charts/bitnami/mariadb/charts/common/README.md b/charts/bitnami/mariadb/charts/common/README.md index 72fca33da..b48bb7a25 100644 --- a/charts/bitnami/mariadb/charts/common/README.md +++ b/charts/bitnami/mariadb/charts/common/README.md @@ -2,8 +2,6 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. -Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```yaml @@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/mariadb/charts/common/templates/_affinities.tpl b/charts/bitnami/mariadb/charts/common/templates/_affinities.tpl index 81902a681..0e571028f 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_affinities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl b/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl index 697486a31..c6d115fe5 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_capabilities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mariadb/charts/common/templates/_errors.tpl b/charts/bitnami/mariadb/charts/common/templates/_errors.tpl index a79cc2e32..07ded6f64 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_errors.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_errors.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Through error when upgrading using empty passwords values that must not be empty. diff --git a/charts/bitnami/mariadb/charts/common/templates/_images.tpl b/charts/bitnami/mariadb/charts/common/templates/_images.tpl index d60c22e25..2181f3224 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_images.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_images.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name diff --git a/charts/bitnami/mariadb/charts/common/templates/_ingress.tpl b/charts/bitnami/mariadb/charts/common/templates/_ingress.tpl index 831da9caa..efa5b85c7 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_ingress.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_ingress.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mariadb/charts/common/templates/_labels.tpl b/charts/bitnami/mariadb/charts/common/templates/_labels.tpl index 252066c7e..a1d7a95bc 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_labels.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_labels.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Kubernetes standard labels diff --git a/charts/bitnami/mariadb/charts/common/templates/_names.tpl b/charts/bitnami/mariadb/charts/common/templates/_names.tpl index 617a23489..a222924f1 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_names.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_names.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/charts/bitnami/mariadb/charts/common/templates/_secrets.tpl b/charts/bitnami/mariadb/charts/common/templates/_secrets.tpl index a1708b2e8..a193c46b6 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_secrets.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_secrets.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Generate secret name. @@ -72,7 +77,7 @@ Params: - strong - Boolean - Optional - Whether to add symbols to the generated random password. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - context - Context - Required - Parent context. - + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. The order in which this function returns a secret password: 1. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) @@ -86,6 +91,7 @@ The order in which this function returns a secret password: {{- $password := "" }} {{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} {{- $chartName := default "" .chartName }} {{- $passwordLength := default 10 .length }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} @@ -94,7 +100,7 @@ The order in which this function returns a secret password: {{- if $secretData }} {{- if hasKey $secretData .key }} {{- $password = index $secretData .key | quote }} - {{- else }} + {{- else if $failOnNew }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- end -}} {{- else if $providedPasswordValue }} @@ -137,15 +143,16 @@ Params: */}} {{- define "common.secrets.lookup" -}} {{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} {{- if and $secretData (hasKey $secretData .key) -}} {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} {{- end -}} +{{- if $value -}} {{- printf "%s" $value -}} {{- end -}} +{{- end -}} {{/* Returns whether a previous generated secret already exists diff --git a/charts/bitnami/mariadb/charts/common/templates/_storage.tpl b/charts/bitnami/mariadb/charts/common/templates/_storage.tpl index 60e2a844f..16405a0f8 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_storage.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_storage.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper Storage Class diff --git a/charts/bitnami/mariadb/charts/common/templates/_tplvalues.tpl b/charts/bitnami/mariadb/charts/common/templates/_tplvalues.tpl index 2db166851..dc15f7fdc 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_tplvalues.tpl @@ -1,13 +1,27 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* -Renders a value that contains template. +Renders a value that contains template perhaps with scope if the scope is present. Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- if .scope }} + {{- if typeIs "string" .value }} + {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- end }} +{{- else }} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{- end -}} diff --git a/charts/bitnami/mariadb/charts/common/templates/_utils.tpl b/charts/bitnami/mariadb/charts/common/templates/_utils.tpl index b1ead50cf..c87040cd9 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_utils.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_utils.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Print instructions to get a secret value. diff --git a/charts/bitnami/mariadb/charts/common/templates/_warnings.tpl b/charts/bitnami/mariadb/charts/common/templates/_warnings.tpl index ae10fa41e..66dffc1fe 100644 --- a/charts/bitnami/mariadb/charts/common/templates/_warnings.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/_warnings.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Warning about using rolling tag. diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_cassandra.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_cassandra.tpl index ded1ae3bc..eda9aada5 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_cassandra.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_cassandra.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate Cassandra required passwords are not empty. diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_mariadb.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_mariadb.tpl index b6906ff77..17d83a2fd 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_mariadb.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_mariadb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MariaDB required passwords are not empty. diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_mongodb.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_mongodb.tpl index f820ec107..bbb445b86 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_mongodb.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_mongodb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MongoDB® required passwords are not empty. diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_mysql.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_mysql.tpl index 74472a061..ca3953f86 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_mysql.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_mysql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MySQL required passwords are not empty. diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_postgresql.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_postgresql.tpl index 164ec0d01..8c9aa570e 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_postgresql.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_postgresql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate PostgreSQL required passwords are not empty. diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_redis.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_redis.tpl index dcccfc1ae..fc0d208dd 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_redis.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_redis.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mariadb/charts/common/templates/validations/_validations.tpl b/charts/bitnami/mariadb/charts/common/templates/validations/_validations.tpl index 9a814cf40..31ceda871 100644 --- a/charts/bitnami/mariadb/charts/common/templates/validations/_validations.tpl +++ b/charts/bitnami/mariadb/charts/common/templates/validations/_validations.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate values must not be empty. diff --git a/charts/bitnami/mariadb/charts/common/values.yaml b/charts/bitnami/mariadb/charts/common/values.yaml index f2df68e5e..9abe0e154 100644 --- a/charts/bitnami/mariadb/charts/common/values.yaml +++ b/charts/bitnami/mariadb/charts/common/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## bitnami/common ## It is required by CI/CD tools and processes. ## @skip exampleValue diff --git a/charts/bitnami/mariadb/templates/_helpers.tpl b/charts/bitnami/mariadb/templates/_helpers.tpl index d940b5ac6..d2633372f 100644 --- a/charts/bitnami/mariadb/templates/_helpers.tpl +++ b/charts/bitnami/mariadb/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{- define "mariadb.primary.fullname" -}} diff --git a/charts/bitnami/mariadb/templates/extra-list.yaml b/charts/bitnami/mariadb/templates/extra-list.yaml index 9ac65f9e1..2d35a580e 100644 --- a/charts/bitnami/mariadb/templates/extra-list.yaml +++ b/charts/bitnami/mariadb/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml b/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml index 84f5d839f..dc8991a4f 100644 --- a/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml +++ b/charts/bitnami/mariadb/templates/networkpolicy-egress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy diff --git a/charts/bitnami/mariadb/templates/primary/configmap.yaml b/charts/bitnami/mariadb/templates/primary/configmap.yaml index ae4d5b17e..a24d25a06 100644 --- a/charts/bitnami/mariadb/templates/primary/configmap.yaml +++ b/charts/bitnami/mariadb/templates/primary/configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "mariadb.primary.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/mariadb/templates/primary/initialization-configmap.yaml b/charts/bitnami/mariadb/templates/primary/initialization-configmap.yaml index f85903c30..a9fe7ad80 100644 --- a/charts/bitnami/mariadb/templates/primary/initialization-configmap.yaml +++ b/charts/bitnami/mariadb/templates/primary/initialization-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml b/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml index 125d0dda9..446de4d63 100644 --- a/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml +++ b/charts/bitnami/mariadb/templates/primary/networkpolicy-ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy diff --git a/charts/bitnami/mariadb/templates/primary/pdb.yaml b/charts/bitnami/mariadb/templates/primary/pdb.yaml index d92305869..21ed6cac0 100644 --- a/charts/bitnami/mariadb/templates/primary/pdb.yaml +++ b/charts/bitnami/mariadb/templates/primary/pdb.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.primary.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget diff --git a/charts/bitnami/mariadb/templates/primary/statefulset.yaml b/charts/bitnami/mariadb/templates/primary/statefulset.yaml index b1605df17..d4648c945 100644 --- a/charts/bitnami/mariadb/templates/primary/statefulset.yaml +++ b/charts/bitnami/mariadb/templates/primary/statefulset.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: diff --git a/charts/bitnami/mariadb/templates/primary/svc.yaml b/charts/bitnami/mariadb/templates/primary/svc.yaml index 85d31562e..a12025eff 100644 --- a/charts/bitnami/mariadb/templates/primary/svc.yaml +++ b/charts/bitnami/mariadb/templates/primary/svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/mariadb/templates/prometheusrules.yaml b/charts/bitnami/mariadb/templates/prometheusrules.yaml index 523e533b0..29eb87709 100644 --- a/charts/bitnami/mariadb/templates/prometheusrules.yaml +++ b/charts/bitnami/mariadb/templates/prometheusrules.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule diff --git a/charts/bitnami/mariadb/templates/role.yaml b/charts/bitnami/mariadb/templates/role.yaml index a561f51cc..4d53ccecf 100644 --- a/charts/bitnami/mariadb/templates/role.yaml +++ b/charts/bitnami/mariadb/templates/role.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.serviceAccount.create .Values.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: Role diff --git a/charts/bitnami/mariadb/templates/rolebinding.yaml b/charts/bitnami/mariadb/templates/rolebinding.yaml index 671aa6efd..f831afa9b 100644 --- a/charts/bitnami/mariadb/templates/rolebinding.yaml +++ b/charts/bitnami/mariadb/templates/rolebinding.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.serviceAccount.create .Values.rbac.create }} kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} diff --git a/charts/bitnami/mariadb/templates/secondary/configmap.yaml b/charts/bitnami/mariadb/templates/secondary/configmap.yaml index 4cfec646a..0129c97cc 100644 --- a/charts/bitnami/mariadb/templates/secondary/configmap.yaml +++ b/charts/bitnami/mariadb/templates/secondary/configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "mariadb.secondary.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml b/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml index 51a88855e..e715c5d22 100644 --- a/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml +++ b/charts/bitnami/mariadb/templates/secondary/networkpolicy-ingress.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.secondaryAccessOnlyFrom.enabled) }} apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} kind: NetworkPolicy diff --git a/charts/bitnami/mariadb/templates/secondary/pdb.yaml b/charts/bitnami/mariadb/templates/secondary/pdb.yaml index cae28ffdd..2f91d7311 100644 --- a/charts/bitnami/mariadb/templates/secondary/pdb.yaml +++ b/charts/bitnami/mariadb/templates/secondary/pdb.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget diff --git a/charts/bitnami/mariadb/templates/secondary/statefulset.yaml b/charts/bitnami/mariadb/templates/secondary/statefulset.yaml index 568bf7ff4..d680b97ff 100644 --- a/charts/bitnami/mariadb/templates/secondary/statefulset.yaml +++ b/charts/bitnami/mariadb/templates/secondary/statefulset.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if eq .Values.architecture "replication" }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet diff --git a/charts/bitnami/mariadb/templates/secondary/svc.yaml b/charts/bitnami/mariadb/templates/secondary/svc.yaml index 3d72171b3..ca295c909 100644 --- a/charts/bitnami/mariadb/templates/secondary/svc.yaml +++ b/charts/bitnami/mariadb/templates/secondary/svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if eq .Values.architecture "replication" }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/mariadb/templates/secrets.yaml b/charts/bitnami/mariadb/templates/secrets.yaml index c2fca1205..223527635 100644 --- a/charts/bitnami/mariadb/templates/secrets.yaml +++ b/charts/bitnami/mariadb/templates/secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- $host := include "mariadb.primary.fullname" . }} {{- $port := print .Values.primary.service.ports.mysql }} {{- $rootPassword := include "common.secrets.passwords.manage" ( dict "secret" ( include "mariadb.secretName" . ) "key" "mariadb-root-password" "providedValues" ( list "auth.rootPassword" ) "context" $ ) | trimAll "\"" | b64dec }} diff --git a/charts/bitnami/mariadb/templates/serviceaccount.yaml b/charts/bitnami/mariadb/templates/serviceaccount.yaml index 03a6b4e99..9945aa65a 100644 --- a/charts/bitnami/mariadb/templates/serviceaccount.yaml +++ b/charts/bitnami/mariadb/templates/serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/mariadb/templates/servicemonitor.yaml b/charts/bitnami/mariadb/templates/servicemonitor.yaml index ca5bf7caa..6217f989e 100644 --- a/charts/bitnami/mariadb/templates/servicemonitor.yaml +++ b/charts/bitnami/mariadb/templates/servicemonitor.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index 5f19aec4f..27c85bb5c 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -87,7 +90,7 @@ serviceBindings: image: registry: docker.io repository: bitnami/mariadb - tag: 10.11.4-debian-11-r0 + tag: 10.11.4-debian-11-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -194,6 +197,7 @@ primary: skip-name-resolve explicit_defaults_for_timestamp basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data plugin_dir=/opt/bitnami/mariadb/plugin port=3306 socket=/opt/bitnami/mariadb/tmp/mysql.sock @@ -205,7 +209,6 @@ primary: character-set-server=UTF8 collation-server=utf8_general_ci slow_query_log=0 - slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log long_query_time=10.0 [client] @@ -592,6 +595,7 @@ secondary: skip-name-resolve explicit_defaults_for_timestamp basedir=/opt/bitnami/mariadb + datadir=/bitnami/mariadb/data port=3306 socket=/opt/bitnami/mariadb/tmp/mysql.sock tmpdir=/opt/bitnami/mariadb/tmp @@ -602,7 +606,6 @@ secondary: character-set-server=UTF8 collation-server=utf8_general_ci slow_query_log=0 - slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log long_query_time=10.0 [client] @@ -1001,7 +1004,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r123 + tag: 11-debian-11-r133 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1037,7 +1040,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r125 + tag: 0.14.0-debian-11-r136 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) diff --git a/charts/bitnami/mysql/Chart.lock b/charts/bitnami/mysql/Chart.lock index 7567cfc4d..5d826bf26 100644 --- a/charts/bitnami/mysql/Chart.lock +++ b/charts/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.4.0 -digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3 -generated: "2023-05-21T16:18:55.681404482Z" + version: 2.6.0 +digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a +generated: "2023-07-05T18:35:58.359207844Z" diff --git a/charts/bitnami/mysql/Chart.yaml b/charts/bitnami/mysql/Chart.yaml index 67294b564..85c1b85f1 100644 --- a/charts/bitnami/mysql/Chart.yaml +++ b/charts/bitnami/mysql/Chart.yaml @@ -29,4 +29,4 @@ maintainers: name: mysql sources: - https://github.com/bitnami/charts/tree/main/bitnami/mysql -version: 9.10.4 +version: 9.10.5 diff --git a/charts/bitnami/mysql/README.md b/charts/bitnami/mysql/README.md index 34c471030..de6f1c941 100644 --- a/charts/bitnami/mysql/README.md +++ b/charts/bitnami/mysql/README.md @@ -20,6 +20,8 @@ This chart bootstraps a [MySQL](https://github.com/bitnami/containers/tree/main/ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use MySQL in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -81,7 +83,7 @@ The command removes all the Kubernetes components associated with the chart and | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | `image.registry` | MySQL image registry | `docker.io` | | `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r17` | +| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r28` | | `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -305,7 +307,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r123` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r132` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -318,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r125` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r135` | | `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | diff --git a/charts/bitnami/mysql/charts/common/Chart.yaml b/charts/bitnami/mysql/charts/common/Chart.yaml index 4fc56bbb7..191699db1 100644 --- a/charts/bitnami/mysql/charts/common/Chart.yaml +++ b/charts/bitnami/mysql/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.4.0 +appVersion: 2.6.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.4.0 +version: 2.6.0 diff --git a/charts/bitnami/mysql/charts/common/README.md b/charts/bitnami/mysql/charts/common/README.md index 72fca33da..b48bb7a25 100644 --- a/charts/bitnami/mysql/charts/common/README.md +++ b/charts/bitnami/mysql/charts/common/README.md @@ -2,8 +2,6 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. -Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. - ## TL;DR ```yaml @@ -32,6 +30,8 @@ This chart provides a common template helpers which can be used to develop new c Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -220,7 +220,7 @@ helm install test mychart --set path.to.value00="",path.to.value01="" ## License -Copyright © 2023 Bitnami +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/mysql/charts/common/templates/_affinities.tpl b/charts/bitnami/mysql/charts/common/templates/_affinities.tpl index 81902a681..0e571028f 100644 --- a/charts/bitnami/mysql/charts/common/templates/_affinities.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_affinities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl b/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl index 697486a31..c6d115fe5 100644 --- a/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_capabilities.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mysql/charts/common/templates/_errors.tpl b/charts/bitnami/mysql/charts/common/templates/_errors.tpl index a79cc2e32..07ded6f64 100644 --- a/charts/bitnami/mysql/charts/common/templates/_errors.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_errors.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Through error when upgrading using empty passwords values that must not be empty. diff --git a/charts/bitnami/mysql/charts/common/templates/_images.tpl b/charts/bitnami/mysql/charts/common/templates/_images.tpl index d60c22e25..2181f3224 100644 --- a/charts/bitnami/mysql/charts/common/templates/_images.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_images.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper image name diff --git a/charts/bitnami/mysql/charts/common/templates/_ingress.tpl b/charts/bitnami/mysql/charts/common/templates/_ingress.tpl index 831da9caa..efa5b85c7 100644 --- a/charts/bitnami/mysql/charts/common/templates/_ingress.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_ingress.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mysql/charts/common/templates/_labels.tpl b/charts/bitnami/mysql/charts/common/templates/_labels.tpl index 252066c7e..a1d7a95bc 100644 --- a/charts/bitnami/mysql/charts/common/templates/_labels.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_labels.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Kubernetes standard labels diff --git a/charts/bitnami/mysql/charts/common/templates/_names.tpl b/charts/bitnami/mysql/charts/common/templates/_names.tpl index 617a23489..a222924f1 100644 --- a/charts/bitnami/mysql/charts/common/templates/_names.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_names.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/charts/bitnami/mysql/charts/common/templates/_secrets.tpl b/charts/bitnami/mysql/charts/common/templates/_secrets.tpl index a1708b2e8..a193c46b6 100644 --- a/charts/bitnami/mysql/charts/common/templates/_secrets.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_secrets.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Generate secret name. @@ -72,7 +77,7 @@ Params: - strong - Boolean - Optional - Whether to add symbols to the generated random password. - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - context - Context - Required - Parent context. - + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. The order in which this function returns a secret password: 1. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) @@ -86,6 +91,7 @@ The order in which this function returns a secret password: {{- $password := "" }} {{- $subchart := "" }} +{{- $failOnNew := default true .failOnNew }} {{- $chartName := default "" .chartName }} {{- $passwordLength := default 10 .length }} {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} @@ -94,7 +100,7 @@ The order in which this function returns a secret password: {{- if $secretData }} {{- if hasKey $secretData .key }} {{- $password = index $secretData .key | quote }} - {{- else }} + {{- else if $failOnNew }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} {{- end -}} {{- else if $providedPasswordValue }} @@ -137,15 +143,16 @@ Params: */}} {{- define "common.secrets.lookup" -}} {{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} {{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} {{- if and $secretData (hasKey $secretData .key) -}} {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} {{- end -}} +{{- if $value -}} {{- printf "%s" $value -}} {{- end -}} +{{- end -}} {{/* Returns whether a previous generated secret already exists diff --git a/charts/bitnami/mysql/charts/common/templates/_storage.tpl b/charts/bitnami/mysql/charts/common/templates/_storage.tpl index 60e2a844f..16405a0f8 100644 --- a/charts/bitnami/mysql/charts/common/templates/_storage.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_storage.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Return the proper Storage Class diff --git a/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl b/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl index 2db166851..dc15f7fdc 100644 --- a/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_tplvalues.tpl @@ -1,13 +1,27 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* -Renders a value that contains template. +Renders a value that contains template perhaps with scope if the scope is present. Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- if .scope }} + {{- if typeIs "string" .value }} + {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- end }} +{{- else }} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{- end -}} diff --git a/charts/bitnami/mysql/charts/common/templates/_utils.tpl b/charts/bitnami/mysql/charts/common/templates/_utils.tpl index b1ead50cf..c87040cd9 100644 --- a/charts/bitnami/mysql/charts/common/templates/_utils.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_utils.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Print instructions to get a secret value. diff --git a/charts/bitnami/mysql/charts/common/templates/_warnings.tpl b/charts/bitnami/mysql/charts/common/templates/_warnings.tpl index ae10fa41e..66dffc1fe 100644 --- a/charts/bitnami/mysql/charts/common/templates/_warnings.tpl +++ b/charts/bitnami/mysql/charts/common/templates/_warnings.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Warning about using rolling tag. diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_cassandra.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_cassandra.tpl index ded1ae3bc..eda9aada5 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_cassandra.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_cassandra.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate Cassandra required passwords are not empty. diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_mariadb.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_mariadb.tpl index b6906ff77..17d83a2fd 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_mariadb.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_mariadb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MariaDB required passwords are not empty. diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_mongodb.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_mongodb.tpl index f820ec107..bbb445b86 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_mongodb.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_mongodb.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MongoDB® required passwords are not empty. diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_mysql.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_mysql.tpl index 74472a061..ca3953f86 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_mysql.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_mysql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate MySQL required passwords are not empty. diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_postgresql.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_postgresql.tpl index 164ec0d01..8c9aa570e 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_postgresql.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_postgresql.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate PostgreSQL required passwords are not empty. diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_redis.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_redis.tpl index dcccfc1ae..fc0d208dd 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_redis.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_redis.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* diff --git a/charts/bitnami/mysql/charts/common/templates/validations/_validations.tpl b/charts/bitnami/mysql/charts/common/templates/validations/_validations.tpl index 9a814cf40..31ceda871 100644 --- a/charts/bitnami/mysql/charts/common/templates/validations/_validations.tpl +++ b/charts/bitnami/mysql/charts/common/templates/validations/_validations.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{/* Validate values must not be empty. diff --git a/charts/bitnami/mysql/charts/common/values.yaml b/charts/bitnami/mysql/charts/common/values.yaml index f2df68e5e..9abe0e154 100644 --- a/charts/bitnami/mysql/charts/common/values.yaml +++ b/charts/bitnami/mysql/charts/common/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## bitnami/common ## It is required by CI/CD tools and processes. ## @skip exampleValue diff --git a/charts/bitnami/mysql/templates/_helpers.tpl b/charts/bitnami/mysql/templates/_helpers.tpl index 322826f9e..21c6889c9 100644 --- a/charts/bitnami/mysql/templates/_helpers.tpl +++ b/charts/bitnami/mysql/templates/_helpers.tpl @@ -1,3 +1,8 @@ +{{/* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{/* vim: set filetype=mustache: */}} {{- define "mysql.primary.fullname" -}} diff --git a/charts/bitnami/mysql/templates/extra-list.yaml b/charts/bitnami/mysql/templates/extra-list.yaml index 9ac65f9e1..2d35a580e 100644 --- a/charts/bitnami/mysql/templates/extra-list.yaml +++ b/charts/bitnami/mysql/templates/extra-list.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- range .Values.extraDeploy }} --- {{ include "common.tplvalues.render" (dict "value" . "context" $) }} diff --git a/charts/bitnami/mysql/templates/metrics-svc.yaml b/charts/bitnami/mysql/templates/metrics-svc.yaml index 7d604d304..4f583daa7 100644 --- a/charts/bitnami/mysql/templates/metrics-svc.yaml +++ b/charts/bitnami/mysql/templates/metrics-svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.metrics.enabled }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/mysql/templates/networkpolicy.yaml b/charts/bitnami/mysql/templates/networkpolicy.yaml index 6b62bb551..45a67db36 100644 --- a/charts/bitnami/mysql/templates/networkpolicy.yaml +++ b/charts/bitnami/mysql/templates/networkpolicy.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} diff --git a/charts/bitnami/mysql/templates/primary/configmap.yaml b/charts/bitnami/mysql/templates/primary/configmap.yaml index 82d0774bf..847142479 100644 --- a/charts/bitnami/mysql/templates/primary/configmap.yaml +++ b/charts/bitnami/mysql/templates/primary/configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "mysql.primary.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/mysql/templates/primary/initialization-configmap.yaml b/charts/bitnami/mysql/templates/primary/initialization-configmap.yaml index a34f80de2..c3d17eec4 100644 --- a/charts/bitnami/mysql/templates/primary/initialization-configmap.yaml +++ b/charts/bitnami/mysql/templates/primary/initialization-configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/mysql/templates/primary/pdb.yaml b/charts/bitnami/mysql/templates/primary/pdb.yaml index ca22a0e09..0d59b1399 100644 --- a/charts/bitnami/mysql/templates/primary/pdb.yaml +++ b/charts/bitnami/mysql/templates/primary/pdb.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.primary.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget diff --git a/charts/bitnami/mysql/templates/primary/statefulset.yaml b/charts/bitnami/mysql/templates/primary/statefulset.yaml index ac20482b1..0aa7c1f11 100644 --- a/charts/bitnami/mysql/templates/primary/statefulset.yaml +++ b/charts/bitnami/mysql/templates/primary/statefulset.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: diff --git a/charts/bitnami/mysql/templates/primary/svc-headless.yaml b/charts/bitnami/mysql/templates/primary/svc-headless.yaml index c430d9407..749afb659 100644 --- a/charts/bitnami/mysql/templates/primary/svc-headless.yaml +++ b/charts/bitnami/mysql/templates/primary/svc-headless.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/mysql/templates/primary/svc.yaml b/charts/bitnami/mysql/templates/primary/svc.yaml index b61d453cd..2ee9cdcde 100644 --- a/charts/bitnami/mysql/templates/primary/svc.yaml +++ b/charts/bitnami/mysql/templates/primary/svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + apiVersion: v1 kind: Service metadata: diff --git a/charts/bitnami/mysql/templates/prometheusrule.yaml b/charts/bitnami/mysql/templates/prometheusrule.yaml index 64fa44f52..acf1ceee9 100644 --- a/charts/bitnami/mysql/templates/prometheusrule.yaml +++ b/charts/bitnami/mysql/templates/prometheusrule.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule diff --git a/charts/bitnami/mysql/templates/role.yaml b/charts/bitnami/mysql/templates/role.yaml index 1ccc00a5c..ed05cf436 100644 --- a/charts/bitnami/mysql/templates/role.yaml +++ b/charts/bitnami/mysql/templates/role.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.serviceAccount.create .Values.rbac.create }} apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} kind: Role diff --git a/charts/bitnami/mysql/templates/rolebinding.yaml b/charts/bitnami/mysql/templates/rolebinding.yaml index 9b0520846..43594dba0 100644 --- a/charts/bitnami/mysql/templates/rolebinding.yaml +++ b/charts/bitnami/mysql/templates/rolebinding.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.serviceAccount.create .Values.rbac.create }} kind: RoleBinding apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} diff --git a/charts/bitnami/mysql/templates/secondary/configmap.yaml b/charts/bitnami/mysql/templates/secondary/configmap.yaml index c94724f29..19537c076 100644 --- a/charts/bitnami/mysql/templates/secondary/configmap.yaml +++ b/charts/bitnami/mysql/templates/secondary/configmap.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if (include "mysql.secondary.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap diff --git a/charts/bitnami/mysql/templates/secondary/pdb.yaml b/charts/bitnami/mysql/templates/secondary/pdb.yaml index b4a5aee5a..501c7aab9 100644 --- a/charts/bitnami/mysql/templates/secondary/pdb.yaml +++ b/charts/bitnami/mysql/templates/secondary/pdb.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.create }} apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} kind: PodDisruptionBudget diff --git a/charts/bitnami/mysql/templates/secondary/statefulset.yaml b/charts/bitnami/mysql/templates/secondary/statefulset.yaml index 237786def..56857f7fb 100644 --- a/charts/bitnami/mysql/templates/secondary/statefulset.yaml +++ b/charts/bitnami/mysql/templates/secondary/statefulset.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if eq .Values.architecture "replication" }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet diff --git a/charts/bitnami/mysql/templates/secondary/svc-headless.yaml b/charts/bitnami/mysql/templates/secondary/svc-headless.yaml index 44cfa4a61..1e64d8152 100644 --- a/charts/bitnami/mysql/templates/secondary/svc-headless.yaml +++ b/charts/bitnami/mysql/templates/secondary/svc-headless.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if eq .Values.architecture "replication" }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/mysql/templates/secondary/svc.yaml b/charts/bitnami/mysql/templates/secondary/svc.yaml index e6e662c11..90ce08fc8 100644 --- a/charts/bitnami/mysql/templates/secondary/svc.yaml +++ b/charts/bitnami/mysql/templates/secondary/svc.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if eq .Values.architecture "replication" }} apiVersion: v1 kind: Service diff --git a/charts/bitnami/mysql/templates/secrets.yaml b/charts/bitnami/mysql/templates/secrets.yaml index 65574366d..4f1be99b8 100644 --- a/charts/bitnami/mysql/templates/secrets.yaml +++ b/charts/bitnami/mysql/templates/secrets.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- $host := include "mysql.primary.fullname" . }} {{- $port := print .Values.primary.service.ports.mysql }} {{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mysql.secretName" .) "key" "mysql-root-password" "length" 10 "providedValues" (list "auth.rootPassword") "context" $) | trimAll "\"" | b64dec }} diff --git a/charts/bitnami/mysql/templates/serviceaccount.yaml b/charts/bitnami/mysql/templates/serviceaccount.yaml index 5044961f7..4c6282966 100644 --- a/charts/bitnami/mysql/templates/serviceaccount.yaml +++ b/charts/bitnami/mysql/templates/serviceaccount.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount diff --git a/charts/bitnami/mysql/templates/servicemonitor.yaml b/charts/bitnami/mysql/templates/servicemonitor.yaml index 47a9dad5d..706212064 100644 --- a/charts/bitnami/mysql/templates/servicemonitor.yaml +++ b/charts/bitnami/mysql/templates/servicemonitor.yaml @@ -1,3 +1,8 @@ +{{- /* +Copyright VMware, Inc. +SPDX-License-Identifier: APACHE-2.0 +*/}} + {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/bitnami/mysql/values.yaml b/charts/bitnami/mysql/values.yaml index 69097e93e..7ab54e6fa 100644 --- a/charts/bitnami/mysql/values.yaml +++ b/charts/bitnami/mysql/values.yaml @@ -1,3 +1,6 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value @@ -82,7 +85,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.33-debian-11-r17 + tag: 8.0.33-debian-11-r28 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1006,7 +1009,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r123 + tag: 11-debian-11-r132 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1040,7 +1043,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r125 + tag: 0.14.0-debian-11-r135 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/postgresql/Chart.lock b/charts/bitnami/postgresql/Chart.lock index b50365147..5d53e0002 100644 --- a/charts/bitnami/postgresql/Chart.lock +++ b/charts/bitnami/postgresql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.5.0 -digest: sha256:79f3252b369ae10fe4c84a50441c7d2e014130b3a4b9b99b299611b02db3d58e -generated: "2023-06-30T16:15:11.613863+02:00" + version: 2.6.0 +digest: sha256:6ce7c85dcb43ad1fc5ff600850f28820ddc2f1a7c8cb25c5ff542fe1f852165a +generated: "2023-07-06T11:00:24.484042+02:00" diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 672ec8940..d6720f2cc 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -30,5 +30,5 @@ maintainers: url: https://github.com/bitnami/charts name: postgresql sources: -- https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 12.6.2 +- https://github.com/bitnami/charts/tree/main/bitnami/post +version: 12.6.4 diff --git a/charts/bitnami/postgresql/charts/common/Chart.yaml b/charts/bitnami/postgresql/charts/common/Chart.yaml index 6e688d983..191699db1 100644 --- a/charts/bitnami/postgresql/charts/common/Chart.yaml +++ b/charts/bitnami/postgresql/charts/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.5.0 +appVersion: 2.6.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts type: library -version: 2.5.0 +version: 2.6.0 diff --git a/charts/bitnami/postgresql/charts/common/templates/_tplvalues.tpl b/charts/bitnami/postgresql/charts/common/templates/_tplvalues.tpl index 0bf0e6a27..dc15f7fdc 100644 --- a/charts/bitnami/postgresql/charts/common/templates/_tplvalues.tpl +++ b/charts/bitnami/postgresql/charts/common/templates/_tplvalues.tpl @@ -5,14 +5,23 @@ SPDX-License-Identifier: APACHE-2.0 {{/* vim: set filetype=mustache: */}} {{/* -Renders a value that contains template. +Renders a value that contains template perhaps with scope if the scope is present. Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} */}} {{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} +{{- if .scope }} + {{- if typeIs "string" .value }} + {{- tpl (cat "{{- with $.RelativeScope -}}" .value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl (cat "{{- with $.RelativeScope -}}" (.value | toYaml) "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- end }} +{{- else }} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{- end -}} diff --git a/charts/bitnami/postgresql/templates/_helpers.tpl b/charts/bitnami/postgresql/templates/_helpers.tpl index ab382fc12..fdce3b943 100644 --- a/charts/bitnami/postgresql/templates/_helpers.tpl +++ b/charts/bitnami/postgresql/templates/_helpers.tpl @@ -160,7 +160,7 @@ Return true if a secret object should be created */}} {{- define "postgresql.createSecret" -}} {{- $customUser := include "postgresql.username" . -}} -{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary .Values.auth.postgresPassword .Values.auth.password (eq $customUser "postgres")) "context" $) -}} +{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "common.names.fullname" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (coalesce .Values.global.postgresql.auth.password .Values.auth.password) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) -}} {{- if and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres")) (eq .Values.architecture "replication") (and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw))) -}} {{- true -}} diff --git a/charts/bitnami/postgresql/templates/primary/svc.yaml b/charts/bitnami/postgresql/templates/primary/svc.yaml index ced05d527..6d42aa85f 100644 --- a/charts/bitnami/postgresql/templates/primary/svc.yaml +++ b/charts/bitnami/postgresql/templates/primary/svc.yaml @@ -28,7 +28,7 @@ spec: externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} {{- end }} {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges | toJson}} {{- end }} {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }} loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} diff --git a/charts/bitnami/postgresql/templates/secrets.yaml b/charts/bitnami/postgresql/templates/secrets.yaml index b65d323ba..ed2c50ffb 100644 --- a/charts/bitnami/postgresql/templates/secrets.yaml +++ b/charts/bitnami/postgresql/templates/secrets.yaml @@ -6,13 +6,13 @@ SPDX-License-Identifier: APACHE-2.0 {{- $host := include "postgresql.primary.fullname" . }} {{- $port := include "postgresql.service.port" . }} {{- $customUser := include "postgresql.username" . }} -{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary .Values.auth.postgresPassword .Values.auth.password (eq $customUser "postgres")) "context" $) | trimAll "\"" | b64dec }} +{{- $postgresPassword := include "common.secrets.lookup" (dict "secret" (include "postgresql.secretName" .) "key" .Values.auth.secretKeys.adminPasswordKey "defaultValue" (ternary (coalesce .Values.global.postgresql.auth.postgresPassword .Values.auth.postgresPassword) (coalesce .Values.global.postgresql.auth.password .Values.auth.password) (or (empty $customUser) (eq $customUser "postgres"))) "context" $) | trimAll "\"" | b64dec }} {{- if and (not $postgresPassword) .Values.auth.enablePostgresUser }} {{- $postgresPassword = randAlphaNum 10 }} {{- end }} {{- $replicationPassword := "" }} {{- if eq .Values.architecture "replication" }} -{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.replicationPasswordKey "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }} +{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" .Values.auth.secretKeys.replicationPasswordKey "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }} {{- end }} {{- $ldapPassword := "" }} {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} @@ -20,7 +20,7 @@ SPDX-License-Identifier: APACHE-2.0 {{- end }} {{- $password := "" }} {{- if and (not (empty $customUser)) (ne $customUser "postgres") }} -{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }} +{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" .Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }} {{- end }} {{- $database := include "postgresql.database" . }} {{- if (include "postgresql.createSecret" .) }} diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 3f874f50a..26ec59ba6 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 16.1.23 +version: 16.1.25 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index 4a00b4acc..a989b9254 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r25` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r27` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r132` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r133` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r11` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r12` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 99c211dd6..f03e2840c 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.2.2-debian-11-r25 + tag: 6.2.2-debian-11-r27 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -766,7 +766,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r132 + tag: 11-debian-11-r133 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -860,7 +860,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.13.4-debian-11-r11 + tag: 0.13.4-debian-11-r12 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/clastix/kamaji/Chart.yaml b/charts/clastix/kamaji/Chart.yaml index f347fea6d..b79a85f5c 100644 --- a/charts/clastix/kamaji/Chart.yaml +++ b/charts/clastix/kamaji/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: kamaji apiVersion: v2 -appVersion: v0.3.0 +appVersion: v0.3.1 description: Kamaji deploys and operates Kubernetes at scale with a fraction of the operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster” to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is special @@ -25,4 +25,4 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 0.12.1 +version: 0.12.2 diff --git a/charts/clastix/kamaji/README.md b/charts/clastix/kamaji/README.md index 36e8e78d5..03f664bca 100644 --- a/charts/clastix/kamaji/README.md +++ b/charts/clastix/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 0.12.1](https://img.shields.io/badge/Version-0.12.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.0](https://img.shields.io/badge/AppVersion-v0.3.0-informational?style=flat-square) +![Version: 0.12.2](https://img.shields.io/badge/Version-0.12.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.1](https://img.shields.io/badge/AppVersion-v0.3.1-informational?style=flat-square) Kamaji deploys and operates Kubernetes at scale with a fraction of the operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster” to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is special because the Control Plane components are running in a single pod instead of dedicated machines. This solution makes running multiple Control Planes cheaper and easier to deploy and operate. diff --git a/charts/cockroach-labs/cockroachdb/Chart.yaml b/charts/cockroach-labs/cockroachdb/Chart.yaml index 0a75d091b..f82fddf8c 100644 --- a/charts/cockroach-labs/cockroachdb/Chart.yaml +++ b/charts/cockroach-labs/cockroachdb/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.8-0' catalog.cattle.io/release-name: cockroachdb apiVersion: v1 -appVersion: 23.1.4 +appVersion: 23.1.5 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. home: https://www.cockroachlabs.com icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png @@ -14,4 +14,4 @@ maintainers: name: cockroachdb sources: - https://github.com/cockroachdb/cockroach -version: 11.0.3 +version: 11.0.4 diff --git a/charts/cockroach-labs/cockroachdb/README.md b/charts/cockroach-labs/cockroachdb/README.md index 1852a788f..8dc2daa67 100644 --- a/charts/cockroach-labs/cockroachdb/README.md +++ b/charts/cockroach-labs/cockroachdb/README.md @@ -229,10 +229,10 @@ kubectl get pods \ ``` ``` -my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.4 -my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.4 -my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.4 -my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.4 +my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.5 +my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.5 +my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.5 +my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.5 ``` Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: @@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file. | `conf.store.size` | CockroachDB storage size | `""` | | `conf.store.attrs` | CockroachDB storage attributes | `""` | | `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v23.1.4` | +| `image.tag` | Container image tag | `v23.1.5` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | | `statefulset.replicas` | StatefulSet replicas number | `3` | diff --git a/charts/cockroach-labs/cockroachdb/values.yaml b/charts/cockroach-labs/cockroachdb/values.yaml index a4c9ab49c..2d8b5b8b2 100644 --- a/charts/cockroach-labs/cockroachdb/values.yaml +++ b/charts/cockroach-labs/cockroachdb/values.yaml @@ -1,7 +1,7 @@ # Generated file, DO NOT EDIT. Source: build/templates/values.yaml image: repository: cockroachdb/cockroach - tag: v23.1.4 + tag: v23.1.5 pullPolicy: IfNotPresent credentials: {} # registry: docker.io diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock index e5912a198..89eff1701 100644 --- a/charts/crate/crate-operator/Chart.lock +++ b/charts/crate/crate-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: crate-operator-crds repository: file://../crate-operator-crds - version: 2.29.0 -digest: sha256:1c8dbfe1f82cd4423cbf52c9160810973e7d90ce7a7be7ff3e7e77809d21e324 -generated: "2023-06-07T09:26:56.453741789Z" + version: 2.30.1 +digest: sha256:4b03b4e1aeac6bfe810e859306af8b07f6093af0cce29ac1b92415917318ecff +generated: "2023-07-06T10:31:25.043287027Z" diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml index 88fe1d291..5bef0b76f 100644 --- a/charts/crate/crate-operator/Chart.yaml +++ b/charts/crate/crate-operator/Chart.yaml @@ -3,16 +3,16 @@ annotations: catalog.cattle.io/display-name: CrateDB Operator catalog.cattle.io/release-name: crate-operator apiVersion: v2 -appVersion: 2.29.0 +appVersion: 2.30.1 dependencies: - condition: crate-operator-crds.enabled name: crate-operator-crds repository: file://./charts/crate-operator-crds - version: 2.29.0 + version: 2.30.1 description: Crate Operator - Helm chart for installing and upgrading Crate Operator. icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg maintainers: - name: Crate.io name: crate-operator type: application -version: 2.29.0 +version: 2.30.1 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml index 801a14ab6..0dea51f12 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 2.29.0 +appVersion: 2.30.1 description: Crate Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Crate Operator. maintainers: - name: Crate.io name: crate-operator-crds type: application -version: 2.29.0 +version: 2.30.1 diff --git a/charts/datadog/datadog-operator/CHANGELOG.md b/charts/datadog/datadog-operator/CHANGELOG.md index 6d41f9059..a5e45ee9d 100644 --- a/charts/datadog/datadog-operator/CHANGELOG.md +++ b/charts/datadog/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.0.6 + +* Fix conversionWebhook.enabled parameter to correctly set user-configured value when enabling the conversion webhook. + ## 1.0.5 * Add AP1 Site Comment in `values.yaml`. diff --git a/charts/datadog/datadog-operator/Chart.yaml b/charts/datadog/datadog-operator/Chart.yaml index e653ff37b..6dd7679e3 100644 --- a/charts/datadog/datadog-operator/Chart.yaml +++ b/charts/datadog/datadog-operator/Chart.yaml @@ -26,4 +26,4 @@ name: datadog-operator sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 1.0.5 +version: 1.0.6 diff --git a/charts/datadog/datadog-operator/README.md b/charts/datadog/datadog-operator/README.md index b072cfd86..bed64062c 100644 --- a/charts/datadog/datadog-operator/README.md +++ b/charts/datadog/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.0.5](https://img.shields.io/badge/Version-1.0.5-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) +![Version: 1.0.6](https://img.shields.io/badge/Version-1.0.6-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) ## Values diff --git a/charts/datadog/datadog-operator/templates/deployment.yaml b/charts/datadog/datadog-operator/templates/deployment.yaml index ad8632ce2..f696b57c8 100644 --- a/charts/datadog/datadog-operator/templates/deployment.yaml +++ b/charts/datadog/datadog-operator/templates/deployment.yaml @@ -93,7 +93,9 @@ spec: - "-logEncoder=json" - "-metrics-addr=:{{ .Values.metricsPort }}" - "-loglevel={{ .Values.logLevel }}" - {{- if and (not .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled) (semverCompare ">=1.0.0-0" .Values.image.tag ) }} + {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) }} + - "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}" + {{- else }} - "-webhookEnabled=false" {{- end }} {{- if .Values.secretBackend.command }} diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index c057deb0d..d34ee026e 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,13 @@ # Datadog changelog +# 3.33.0 + +* Default `Agent` and `Cluster-Agent` to `7.46.0` version. + +## 3.32.8 + +* Always set the Remote Configuration environment variable + ## 3.32.7 * Update the cluster agent network policy to allow telemetry submission. @@ -27,7 +35,7 @@ ## 3.32.1 * Add AP1 Site Comment at `value.yaml`. -* Fix CVE in the FIPS compliant side car container +* Fix CVE in the FIPS compliant side car container ## 3.32.0 diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index ebed06f3b..e2caa5a4e 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.32.7 +version: 3.33.0 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index ad7c0b7e3..307ef07d3 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.32.7](https://img.shields.io/badge/Version-3.32.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.33.0](https://img.shields.io/badge/Version-3.33.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -449,7 +449,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.45.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.46.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -511,7 +511,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.45.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.46.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -561,7 +561,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.45.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.46.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/datadog/templates/_containers-common-env.yaml b/charts/datadog/datadog/templates/_containers-common-env.yaml index e8a60d05f..09a1ca1ed 100644 --- a/charts/datadog/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/datadog/templates/_containers-common-env.yaml @@ -9,10 +9,8 @@ secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key -{{- if eq (include "datadog-remoteConfiguration-enabled" .) "true" }} - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" -{{- end }} + value: {{ include "datadog-remoteConfiguration-enabled" . | quote }} {{- if (not .Values.providers.gke.autopilot) }} - name: DD_AUTH_TOKEN_FILE_PATH value: {{ template "datadog.confPath" . }}/auth/token diff --git a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml index 2b21f5e5b..17c82c428 100644 --- a/charts/datadog/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/datadog/templates/cluster-agent-deployment.yaml @@ -217,9 +217,9 @@ spec: {{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" {{- end }} + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index ab7c1cc80..1076b45b6 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -816,7 +816,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.45.0 + tag: 7.46.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1210,7 +1210,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.45.0 + tag: 7.46.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1676,7 +1676,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.45.0 + tag: 7.46.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index afa2f94df..7324487ec 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.9.0 +appVersion: v0.9.1 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.9.0 +version: 0.9.1 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index b43910697..f7dc03de9 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.1](https://img.shields.io/badge/Version-0.9.1-informational?style=flat-square) External secret management for Kubernetes @@ -76,10 +76,6 @@ The command removes all the Kubernetes components associated with the chart and | certController.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | certController.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. | | certController.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | -| certController.serviceMonitor.additionalLabels | object | `{}` | Additional labels | -| certController.serviceMonitor.enabled | bool | `false` | Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics | -| certController.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics | -| certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | certController.tolerations | list | `[]` | | | certController.topologySpreadConstraints | list | `[]` | | | commonLabels | object | `{}` | Additional labels added to all helm chart resources. | @@ -204,9 +200,5 @@ The command removes all the Kubernetes components associated with the chart and | webhook.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | webhook.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. | | webhook.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | -| webhook.serviceMonitor.additionalLabels | object | `{}` | Additional labels | -| webhook.serviceMonitor.enabled | bool | `false` | Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics | -| webhook.serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics | -| webhook.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | webhook.tolerations | list | `[]` | | | webhook.topologySpreadConstraints | list | `[]` | | diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml index 62c4e1561..234549820 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml @@ -25,15 +25,12 @@ spec: scope: Cluster versions: - additionalPrinterColumns: - - jsonPath: .spec.secretStoreRef.name + - jsonPath: .spec.externalSecretSpec.secretStoreRef.name name: Store type: string - - jsonPath: .spec.refreshInterval + - jsonPath: .spec.refreshTime name: Refresh Interval type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].reason - name: Status - type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index 9fbb676d7..54fa96f63 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -1651,6 +1651,63 @@ spec: - auth - url type: object + delinea: + description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current + properties: + clientId: + description: ClientID is the non-secret part of the credential. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientSecret: + description: ClientSecret is the secret part of the credential. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + tenant: + description: Tenant is the chosen hostname / site name. + type: string + tld: + description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com". + type: string + urlTemplate: + description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". + type: string + required: + - clientId + - clientSecret + - tenant + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index b3ef58d59..6badb83ef 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -1651,6 +1651,63 @@ spec: - auth - url type: object + delinea: + description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current + properties: + clientId: + description: ClientID is the non-secret part of the credential. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientSecret: + description: ClientSecret is the secret part of the credential. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + tenant: + description: Tenant is the chosen hostname / site name. + type: string + tld: + description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com". + type: string + urlTemplate: + description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". + type: string + required: + - clientId + - clientSecret + - tenant + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 5fc2e6f32..9ea3eaf7a 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.0 - helm.sh/chart: external-secrets-0.9.0 + app.kubernetes.io/version: v0.9.1 + helm.sh/chart: external-secrets-0.9.1 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -33,7 +33,7 @@ should match snapshot of default values: - --service-namespace=NAMESPACE - --secret-name=RELEASE-NAME-external-secrets-webhook - --secret-namespace=NAMESPACE - image: ghcr.io/external-secrets/external-secrets:v0.9.0 + image: ghcr.io/external-secrets/external-secrets:v0.9.1 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 6617a5e0b..b6dceba39 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.0 - helm.sh/chart: external-secrets-0.9.0 + app.kubernetes.io/version: v0.9.1 + helm.sh/chart: external-secrets-0.9.1 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -28,7 +28,7 @@ should match snapshot of default values: containers: - args: - --concurrent=1 - image: ghcr.io/external-secrets/external-secrets:v0.9.0 + image: ghcr.io/external-secrets/external-secrets:v0.9.1 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 0d821c648..1699ced70 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -1656,6 +1656,63 @@ should match snapshot of default values: - auth - url type: object + delinea: + description: Delinea DevOps Secrets Vault https://docs.delinea.com/online-help/products/devops-secrets-vault/current + properties: + clientId: + description: ClientID is the non-secret part of the credential. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientSecret: + description: ClientSecret is the secret part of the credential. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + tenant: + description: Tenant is the chosen hostname / site name. + type: string + tld: + description: TLD is based on the server location that was chosen during provisioning. If unset, defaults to "com". + type: string + urlTemplate: + description: URLTemplate If unset, defaults to "https://%s.secretsvaultcloud.%s/v1/%s%s". + type: string + required: + - clientId + - clientSecret + - tenant + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 388bc4475..eb87e93bb 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.0 - helm.sh/chart: external-secrets-0.9.0 + app.kubernetes.io/version: v0.9.1 + helm.sh/chart: external-secrets-0.9.1 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -34,7 +34,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.0 + image: ghcr.io/external-secrets/external-secrets:v0.9.1 imagePullPolicy: IfNotPresent name: webhook ports: @@ -78,8 +78,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.0 + app.kubernetes.io/version: v0.9.1 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.0 + helm.sh/chart: external-secrets-0.9.1 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml index 5d99475b3..f8178c63f 100644 --- a/charts/external-secrets/external-secrets/values.yaml +++ b/charts/external-secrets/external-secrets/values.yaml @@ -303,19 +303,6 @@ webhook: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead port: 8080 - serviceMonitor: - # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics - enabled: false - - # -- Additional labels - additionalLabels: {} - - # -- Interval to scrape metrics - interval: 30s - - # -- Timeout if metrics can't be retrieved in given time interval - scrapeTimeout: 25s - metrics: service: # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics @@ -435,19 +422,6 @@ certController: # -- deprecated. will be removed with 0.7.0, use serviceMonitor instead port: 8080 - serviceMonitor: - # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics - enabled: false - - # -- Additional labels - additionalLabels: {} - - # -- Interval to scrape metrics - interval: 30s - - # -- Timeout if metrics can't be retrieved in given time interval - scrapeTimeout: 25s - metrics: service: # -- Enable if you use another monitoring tool than Prometheus to scrape the metrics diff --git a/charts/jaeger/jaeger-operator/Chart.yaml b/charts/jaeger/jaeger-operator/Chart.yaml index f34b341ef..e7929fb3b 100644 --- a/charts/jaeger/jaeger-operator/Chart.yaml +++ b/charts/jaeger/jaeger-operator/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: jaeger-operator sources: - https://github.com/jaegertracing/jaeger-operator -version: 2.46.0 +version: 2.46.1 diff --git a/charts/jaeger/jaeger-operator/templates/deployment.yaml b/charts/jaeger/jaeger-operator/templates/deployment.yaml index 825bd51f0..3186217f8 100644 --- a/charts/jaeger/jaeger-operator/templates/deployment.yaml +++ b/charts/jaeger/jaeger-operator/templates/deployment.yaml @@ -50,12 +50,15 @@ spec: name: metrics - containerPort: {{ .Values.webhooks.port }} name: webhook-server - protocol: TCP + protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - args: ["start"] + args: + - start + - {{ printf "--metrics-port=%v" .Values.metricsPort }} + - {{ printf "--webhook-bind-port=%v" .Values.webhooks.port }} env: - name: WATCH_NAMESPACE {{- if .Values.rbac.clusterRole }} diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index d90ed1827..2f9f82ed7 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.59.11] - May 31, 2023 +## [107.59.12] - May 31, 2023 * Fixed reference of `terminationGracePeriodSeconds` * **Breaking change** * Updated the defaults of replicaCount (Values.artifactory.primary.replicaCount and Values.artifactory.node.replicaCount) to support Cloud-Native High Availability. Refer [Cloud-Native High Availability](https://jfrog.com/help/r/jfrog-installation-setup-documentation/cloud-native-high-availability) diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index 5fc315acc..2c614e9af 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.59.11 +appVersion: 7.59.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.59.11 +version: 107.59.12 diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md index a3ad7ef5c..fa579963d 100644 --- a/charts/jfrog/artifactory-jcr/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.59.11] - Aug 25, 2022 +## [107.59.12] - Aug 25, 2022 * Included event service as mandatory and remove the flag from values.yaml ## [107.41.0] - Jul 22, 2022 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index d8a7d6090..dd54d4f79 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -4,11 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.59.11 +appVersion: 7.59.12 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.59.11 + version: 107.59.12 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.59.11 +version: 107.59.12 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index 91e7df7d3..c0ba6f878 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.59.11] - May 31, 2023 +## [107.59.12] - May 31, 2023 * Fixed reference of `terminationGracePeriodSeconds` * Added Support for Cold Artifact Storage as part of the systemYaml configuration (disabled by default) * Added new binary provider `s3-storage-v3-archive` diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index 3087044e3..4f5adc8c2 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.59.11 +appVersion: 7.59.12 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.59.11 +version: 107.59.12 diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index cd3fccc07..906fdb933 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -1,5 +1,31 @@ # Changelog +## 2.24.0 + +### Improvements + +* Running `tpl` against user-supplied labels and annotations used in Deployment + [#814](https://github.com/Kong/charts/pull/814) + + Example: + ```yaml + podLabels: + version: "{{ .Values.image.tag }}" # Will render dynamically when overridden downstream + ``` + +* Fail to render templates when PodSecurityPolicy was requested but cluster doesn't + serve its API. + [#823](https://github.com/Kong/charts/pull/823) +* Add support for multiple hosts and tls configurations for Kong proxy `Ingress`. + [#813](https://github.com/Kong/charts/pull/813) +* Bump postgres default tag to `13.11.0-debian-11-r20` which includes arm64 images. + [#834](https://github.com/Kong/charts/pull/834) + +### Fixed + +* Fix Ingress and HPA API versions during capabilities checking + [#827](https://github.com/Kong/charts/pull/827) + ## 2.23.0 ### Improvements @@ -38,7 +64,7 @@ ## 2.20.2 -### Fixed +### Fixed * Automatic license provisioning for Gateways managed by Ingress Controllers in Konnect mode is disabled by default. diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index 36df55275..7348f456b 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.23.0 +version: 2.24.0 diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md index b26f8a909..f033a4d2d 100644 --- a/charts/kong/kong/README.md +++ b/charts/kong/kong/README.md @@ -679,10 +679,11 @@ or `ingress` sections, as it is used only for stream listens. | SVC.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | | | SVC.ingress.enabled | Enable ingress resource creation (works with SVC.type=ClusterIP) | `false` | | SVC.ingress.ingressClassName | Set the ingressClassName to associate this Ingress with an IngressClass | | -| SVC.ingress.tls | Name of secret resource, containing TLS secret | | | SVC.ingress.hostname | Ingress hostname | `""` | | SVC.ingress.path | Ingress path. | `/` | | SVC.ingress.pathType | Ingress pathType. One of `ImplementationSpecific`, `Exact` or `Prefix` | `ImplementationSpecific` | +| SVC.ingress.hosts | Slice of hosts configurations, including `hostname`, `path` and `pathType` keys | `[]` | +| SVC.ingress.tls | Name of secret resource or slice of `secretName` and `hosts` keys | | | SVC.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | | SVC.ingress.labels | Ingress labels. Additional custom labels to add to the ingress. | `{}` | | SVC.annotations | Service annotations | `{}` | diff --git a/charts/kong/kong/ci/admin-api-service-clusterip.yaml b/charts/kong/kong/ci/admin-api-service-clusterip.yaml new file mode 100644 index 000000000..18e5fa38d --- /dev/null +++ b/charts/kong/kong/ci/admin-api-service-clusterip.yaml @@ -0,0 +1,6 @@ +admin: + enabled: true + type: ClusterIP + +ingressController: + enabled: false diff --git a/charts/kong/kong/ci/kong-ingress-1-values.yaml b/charts/kong/kong/ci/kong-ingress-1-values.yaml new file mode 100644 index 000000000..ac314826f --- /dev/null +++ b/charts/kong/kong/ci/kong-ingress-1-values.yaml @@ -0,0 +1,16 @@ +# CI test for empty hostname including tls secret using string +proxy: + type: NodePort + ingress: + enabled: true + tls: "kong.proxy.example.secret" + +extraObjects: +- apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret + type: kubernetes.io/tls diff --git a/charts/kong/kong/ci/kong-ingress-2-values.yaml b/charts/kong/kong/ci/kong-ingress-2-values.yaml new file mode 100644 index 000000000..4f7239dfb --- /dev/null +++ b/charts/kong/kong/ci/kong-ingress-2-values.yaml @@ -0,0 +1,17 @@ +# CI test for hostname including tls secret using string +proxy: + type: NodePort + ingress: + enabled: true + hostname: "proxy.kong.example" + tls: "kong.proxy.example.secret" + +extraObjects: +- apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret + type: kubernetes.io/tls diff --git a/charts/kong/kong/ci/kong-ingress-3-values.yaml b/charts/kong/kong/ci/kong-ingress-3-values.yaml new file mode 100644 index 000000000..1afcd3ebb --- /dev/null +++ b/charts/kong/kong/ci/kong-ingress-3-values.yaml @@ -0,0 +1,10 @@ +# CI test for using ingress hosts configuration +proxy: + type: NodePort + ingress: + enabled: true + hosts: + - host: proxy.kong.example + paths: + - path: / + pathType: ImplementationSpecific diff --git a/charts/kong/kong/ci/kong-ingress-4-values.yaml b/charts/kong/kong/ci/kong-ingress-4-values.yaml new file mode 100644 index 000000000..5c84b2404 --- /dev/null +++ b/charts/kong/kong/ci/kong-ingress-4-values.yaml @@ -0,0 +1,43 @@ +# CI test for testing combined ingress hostname and hosts configuration including tls configuraion using slice +proxy: + type: NodePort + ingress: + enabled: true + hostname: "proxy.kong.example" + hosts: + - host: "proxy2.kong.example" + paths: + - path: /foo + pathType: Prefix + - path: /bar + pathType: Prefix + - host: "proxy3.kong.example" + paths: + - path: /baz + pathType: Prefix + tls: + - hosts: + - "proxy.kong.example" + secretName: "proxy.kong.example.secret" + - hosts: + - "proxy2.kong.example" + - "proxy3.kong.example" + secretName: "proxy.kong.example.secret2" + +extraObjects: +- apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret + type: kubernetes.io/tls +- apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret2 + type: kubernetes.io/tls diff --git a/charts/kong/kong/ci/test1-values.yaml b/charts/kong/kong/ci/test1-values.yaml index 4d171b5ba..b0a9c857c 100644 --- a/charts/kong/kong/ci/test1-values.yaml +++ b/charts/kong/kong/ci/test1-values.yaml @@ -28,9 +28,6 @@ ingressController: podLabels: app: kong environment: test -# - podSecurityPolicies are enabled -podSecurityPolicy: - enabled: true # - ingress resources are created with hosts admin: type: NodePort diff --git a/charts/kong/kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml b/charts/kong/kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml index 3ea7e1e75..e4c4bf2da 100644 --- a/charts/kong/kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml +++ b/charts/kong/kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml @@ -278,8 +278,4 @@ status: tls: containerPort: 8543 enabled: false -updateStrategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 100% - type: RollingUpdate + diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index 4e808345b..0de6721f8 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -32,7 +32,7 @@ app.kubernetes.io/instance: "{{ .Release.Name }}" app.kubernetes.io/managed-by: "{{ .Release.Service }}" app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- range $key, $value := .Values.extraLabels }} -{{ $key }}: {{ $value | quote }} +{{ $key }}: {{ include "kong.renderTpl" (dict "value" $value "context" $) | quote }} {{- end }} {{- end -}} @@ -78,7 +78,7 @@ Create Ingress resource for a Kong service {{- $path := .ingress.path -}} {{- $hostname := .ingress.hostname -}} {{- $pathType := .ingress.pathType -}} -apiVersion: {{ .ingressVersion }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ .fullName }}-{{ .serviceName }} @@ -95,33 +95,74 @@ metadata: {{- end }} {{- end }} spec: -{{- if (and (not (eq .ingressVersion "extensions/v1beta1")) .ingress.ingressClassName) }} +{{- if .ingress.ingressClassName }} ingressClassName: {{ .ingress.ingressClassName }} {{- end }} rules: - - host: {{ $hostname | quote }} - http: + {{- if ( not (or $hostname .ingress.hosts)) }} + - http: paths: - backend: - {{- if (not (eq .ingressVersion "networking.k8s.io/v1")) }} - serviceName: {{ .fullName }}-{{ .serviceName }} - servicePort: {{ $servicePort }} - {{- else }} service: name: {{ .fullName }}-{{ .serviceName }} port: number: {{ $servicePort }} - {{- end }} path: {{ $path }} - {{- if (not (eq .ingressVersion "extensions/v1beta1")) }} pathType: {{ $pathType }} + {{- else if $hostname }} + - host: {{ $hostname | quote }} + http: + paths: + - backend: + service: + name: {{ .fullName }}-{{ .serviceName }} + port: + number: {{ $servicePort }} + path: {{ $path }} + pathType: {{ $pathType }} + {{- end }} + {{- range .ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - backend: + {{- if .backend -}} + {{ .backend | toYaml | nindent 12 }} + {{- else }} + service: + name: {{ $.fullName }}-{{ $.serviceName }} + port: + number: {{ $servicePort }} {{- end }} + {{- if (and $hostname (and (eq $path .path))) }} + {{- fail "duplication of specified ingress path" }} + {{- end }} + path: {{ .path }} + pathType: {{ .pathType }} + {{- end }} + {{- end }} {{- if (hasKey .ingress "tls") }} tls: - - hosts: - - {{ $hostname | quote }} - secretName: {{ .ingress.tls }} - {{- end -}} + {{- if (kindIs "string" .ingress.tls) }} + - hosts: + {{- range .ingress.hosts }} + - {{ .host | quote }} + {{- end }} + {{- if $hostname }} + - {{ $hostname | quote }} + {{- end }} + secretName: {{ .ingress.tls }} + {{- else if (kindIs "slice" .ingress.tls) }} + {{- range .ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + {{- end }} {{- end -}} {{/* @@ -1515,22 +1556,38 @@ Kubernetes Cluster-scoped resources it uses to build Kong configuration. - watch {{- end -}} -{{- define "kong.ingressVersion" -}} -{{- if (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") -}} -networking.k8s.io/v1 -{{- else if (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress") -}} -networking.k8s.io/v1beta1 -{{- else -}} -extensions/v1beta1 -{{- end -}} -{{- end -}} - {{- define "kong.autoscalingVersion" -}} -{{- if (.Capabilities.APIVersions.Has "autoscaling/v2/HorizontalPodAutoscaler") -}} +{{- if (.Capabilities.APIVersions.Has "autoscaling/v2") -}} autoscaling/v2 -{{- else if (.Capabilities.APIVersions.Has "autoscaling/v2beta2/HorizontalPodAutoscaler") -}} +{{- else if (.Capabilities.APIVersions.Has "autoscaling/v2beta2") -}} autoscaling/v2beta2 {{- else -}} autoscaling/v1 {{- end -}} {{- end -}} + +{{- define "kong.policyVersion" -}} +{{- if (.Capabilities.APIVersions.Has "policy/v1beta1" ) -}} +policy/v1beta1 +{{- else -}} +{{- fail (printf "Cluster doesn't have policy/v1beta1 API." ) }} +{{- end -}} +{{- end -}} + +{{- define "kong.renderTpl" -}} + {{- if typeIs "string" .value }} +{{- tpl .value .context }} + {{- else }} +{{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{- define "kong.ingressVersion" -}} +{{- if (.Capabilities.APIVersions.Has "networking.k8s.io/v1") -}} +networking.k8s.io/v1 +{{- else if (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1") -}} +networking.k8s.io/v1beta1 +{{- else -}} +extensions/v1beta1 +{{- end -}} +{{- end -}} diff --git a/charts/kong/kong/templates/deployment.yaml b/charts/kong/kong/templates/deployment.yaml index 81174655c..24823b9e5 100644 --- a/charts/kong/kong/templates/deployment.yaml +++ b/charts/kong/kong/templates/deployment.yaml @@ -14,7 +14,7 @@ metadata: {{- if .Values.deploymentAnnotations }} annotations: {{- range $key, $value := .Values.deploymentAnnotations }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ include "kong.renderTpl" (dict "value" $value "context" $) | quote }} {{- end }} {{- end }} spec: @@ -51,7 +51,7 @@ spec: {{- end }} {{- if .Values.podAnnotations }} {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} + {{ $key }}: {{ include "kong.renderTpl" (dict "value" $value "context" $) | quote }} {{- end }} {{- end }} labels: @@ -60,7 +60,7 @@ spec: app: {{ template "kong.fullname" . }} version: {{ .Chart.AppVersion | quote }} {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 8 }} + {{ include "kong.renderTpl" (dict "value" .Values.podLabels "context" $) | nindent 8 }} {{- end }} spec: {{- if .Values.deployment.hostNetwork }} diff --git a/charts/kong/kong/templates/ingress-class.yaml b/charts/kong/kong/templates/ingress-class.yaml index a5ba15f85..d2ac47d69 100644 --- a/charts/kong/kong/templates/ingress-class.yaml +++ b/charts/kong/kong/templates/ingress-class.yaml @@ -1,6 +1,6 @@ {{/* Default to not managing if unsupported or created outside this chart */}} {{- $includeIngressClass := false -}} -{{- if (and .Values.ingressController.enabled (not (eq (include "kong.ingressVersion" .) "extensions/v1beta1"))) -}} +{{- if .Values.ingressController.enabled -}} {{- if (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") -}} {{- with (lookup "networking.k8s.io/v1" "IngressClass" "" .Values.ingressController.ingressClass) -}} {{- if (hasKey .metadata "annotations") -}} diff --git a/charts/kong/kong/templates/psp.yaml b/charts/kong/kong/templates/psp.yaml index eb5626ae3..bc9844798 100644 --- a/charts/kong/kong/templates/psp.yaml +++ b/charts/kong/kong/templates/psp.yaml @@ -1,5 +1,5 @@ -{{- if and (.Values.podSecurityPolicy.enabled) (.Capabilities.APIVersions.Has "policy/v1beta1") }} -apiVersion: policy/v1beta1 +{{- if and (.Values.podSecurityPolicy.enabled) }} +apiVersion: {{ include "kong.policyVersion" . }} kind: PodSecurityPolicy metadata: name: {{ template "kong.serviceAccountName" . }}-psp diff --git a/charts/kong/kong/templates/service-kong-proxy.yaml b/charts/kong/kong/templates/service-kong-proxy.yaml index a592ddcce..58a255ea2 100644 --- a/charts/kong/kong/templates/service-kong-proxy.yaml +++ b/charts/kong/kong/templates/service-kong-proxy.yaml @@ -2,7 +2,6 @@ {{- if and .Values.proxy.enabled (or .Values.proxy.http.enabled .Values.proxy.tls.enabled) -}} {{- $serviceConfig := dict -}} {{- $serviceConfig := merge $serviceConfig .Values.proxy -}} -{{- $_ := set $serviceConfig "ingressVersion" (include "kong.ingressVersion" .) -}} {{- $_ := set $serviceConfig "fullName" (include "kong.fullname" .) -}} {{- $_ := set $serviceConfig "namespace" (include "kong.namespace" .) -}} {{- $_ := set $serviceConfig "metaLabels" (include "kong.metaLabels" .) -}} diff --git a/charts/kong/kong/values.yaml b/charts/kong/kong/values.yaml index c4e453d09..52eee0c03 100644 --- a/charts/kong/kong/values.yaml +++ b/charts/kong/kong/values.yaml @@ -334,18 +334,46 @@ proxy: # Enable/disable exposure using ingress. enabled: false ingressClassName: - # Ingress hostname - # TLS secret name. - # tls: kong-proxy.example.com-tls - hostname: # To specify annotations or labels for the ingress, add them to the respective # "annotations" or "labels" dictionaries below. annotations: {} labels: {} - # Ingress path. + # Ingress hostname + hostname: + # Ingress path (when used with hostname above). path: / - # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + # Each path in an Ingress is required to have a corresponding path type (when used with hostname above). (ImplementationSpecific/Exact/Prefix) pathType: ImplementationSpecific + # Ingress hosts. Use this instead of or in combination with hostname to specify multiple ingress host configurations + hosts: [] + # - host: kong-proxy.example.com + # paths: + # # Ingress path. + # - path: /* + # # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + # pathType: ImplementationSpecific + # - host: kong-proxy-other.example.com + # paths: + # # Ingress path. + # - path: /other + # # Each path in an Ingress is required to have a corresponding path type. (ImplementationSpecific/Exact/Prefix) + # pathType: ImplementationSpecific + # backend: + # service: + # name: kong-other-proxy + # port: + # number: 80 + # + # TLS secret(s) + # tls: kong-proxy.example.com-tls + # Or if multiple hosts/secrets needs to be configured: + # tls: + # - secretName: kong-proxy.example.com-tls + # hosts: + # - kong-proxy.example.com + # - secretName: kong-proxy-other.example.com-tls + # hosts: + # - kong-proxy-other.example.com # Optionally specify a static load balancer IP. # loadBalancerIP: @@ -663,7 +691,7 @@ postgresql: image: # use postgres < 14 until is https://github.com/Kong/kong/issues/8533 resolved and released # enterprise (kong-gateway) supports postgres 14 - tag: 13.6.0-debian-10-r52 + tag: 13.11.0-debian-11-r20 service: ports: postgresql: "5432" diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 020aadcea..d60e319ad 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.redpanda.com version: 0.6.6 digest: sha256:af20a82c5cb646895892b783bdcfc50ca41f3f67ec14606c40236969c6a166e4 -generated: "2023-06-30T18:29:00.323730526Z" +generated: "2023-07-07T18:33:19.713747022Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index c5dd33642..b90b736b0 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/images: | - name: redpanda - image: docker.redpanda.com/redpandadata/redpanda:v23.1.10 + image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 - name: busybox image: busybox:latest - name: mintel/docker-alpine-bash-curl-jq @@ -33,4 +33,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.51 +version: 4.0.52 diff --git a/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml b/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml index bf567c29f..647bf41ae 100644 --- a/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-internal-external-tls-secrets.yaml @@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and (include "tls-enabled" . | fromJson).bool ( eq .Values.external.types "NodePort" ) }} +{{- if and (include "tls-enabled" . | fromJson).bool ( eq .Values.external.type "NodePort" ) }} {{- $values := .Values }} {{- $root := deepCopy . }} apiVersion: v1 diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index ac4a473a3..6dd62cd9b 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.3.145 +appVersion: 1.3.161 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.3.18 +version: 1.3.19 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 2e77134cb..67dc7bcdb 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.18 +### Upgrade to 1.3.19 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.18/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.19/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 2e77134cb..67dc7bcdb 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.3.18 +### Upgrade to 1.3.19 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.18/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.3.19/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index cf37063da..d674f405a 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.3.145 + tag: v1.3.161 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/triggermesh/triggermesh/Chart.lock b/charts/triggermesh/triggermesh/Chart.lock index 29fda0c4f..540f0760e 100644 --- a/charts/triggermesh/triggermesh/Chart.lock +++ b/charts/triggermesh/triggermesh/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: triggermesh-core repository: https://storage.googleapis.com/triggermesh-charts - version: 1.2.1 -digest: sha256:11544a42549f7092647d99af4be8dbda9ec94acfde7bb474035b3f693ca3faf4 -generated: "2023-05-18T15:00:40.136286+05:30" + version: 1.2.2 +digest: sha256:c78d8146cbd7f4f7e824c4f59f07d71160e691703e4d6f23d280f3d097fb351e +generated: "2023-07-06T09:52:27.381256+05:30" diff --git a/charts/triggermesh/triggermesh/Chart.yaml b/charts/triggermesh/triggermesh/Chart.yaml index e669c8c23..8b7d44c5a 100644 --- a/charts/triggermesh/triggermesh/Chart.yaml +++ b/charts/triggermesh/triggermesh/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.20-0' catalog.cattle.io/release-name: triggermesh apiVersion: v2 -appVersion: v1.25.0 +appVersion: v1.26.0 dependencies: - condition: triggermesh-core.enabled name: triggermesh-core @@ -18,4 +18,4 @@ description: A Helm chart deploying TriggerMesh Open Source Components icon: https://partner-charts.rancher.io/assets/logos/triggermesh.svg name: triggermesh type: application -version: 0.8.2 +version: 0.8.3 diff --git a/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml b/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml index 1f925f0d6..ae8996cff 100644 --- a/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml +++ b/charts/triggermesh/triggermesh/charts/triggermesh-core/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: v1.3.0 +appVersion: v1.4.0 description: A Helm chart deploying TriggerMesh Core Open Source Components name: triggermesh-core type: application -version: 1.2.1 +version: 1.2.2 diff --git a/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/triggermesh-core-crds.yaml b/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/triggermesh-core-crds.yaml index c807d3ac3..9811bcedd 100644 --- a/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/triggermesh-core-crds.yaml +++ b/charts/triggermesh/triggermesh/charts/triggermesh-core/crds/triggermesh-core-crds.yaml @@ -451,7 +451,7 @@ spec: uri: description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string - oneOf: + anyOf: - required: [ref] - required: [uri] delivery: @@ -491,6 +491,30 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + bounds: + description: Bounds set the policy for the event offsets we are interested in receiving. + type: object + properties: + byId: + description: Set offsets policy by backing broker ID. + type: object + properties: + start: + description: Starting offset. + type: string + end: + description: Ending offset. + type: string + byDate: + description: Set offsets policy by backing broker ID. + type: object + properties: + start: + description: Starting offset. + type: string + end: + description: Ending offset. + type: string status: description: Status represents the current state of the Trigger. This data may be out of date. type: object diff --git a/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml b/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml index 99a8fb6d0..aefcbdb63 100644 --- a/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml +++ b/charts/triggermesh/triggermesh/crds/triggermesh-crds.yaml @@ -114,6 +114,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -124,12 +146,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events generated from Amazon CloudWatch Logs. type: object @@ -457,6 +502,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -467,12 +534,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events generated from Amazon CloudWatch metrics. type: object @@ -756,6 +846,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -766,12 +878,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from Amazon CodeCommit. type: object @@ -1042,6 +1177,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -1052,12 +1209,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from the Amazon Cognito Identity Pool. type: object @@ -1326,6 +1506,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -1336,12 +1538,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from the Amazon Cognito User Pool. type: object @@ -1610,6 +1835,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -1620,12 +1867,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from Amazon DynamoDB. type: object @@ -1907,6 +2177,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -1917,21 +2209,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: |- - (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For - more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide - at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html - - Beware that this IAM role only applies to the receive adapter, for retrieving EventBridge events - from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM - permissions for interacting with the Amazon EventBridge and (optionally) Amazon SQS management APIs. These - can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that - is located inside the 'triggermesh' namespace. + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from Amazon EventBridge. type: object @@ -2209,6 +2515,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -2219,12 +2547,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from Amazon Kinesis. type: object @@ -2501,6 +2852,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -2511,12 +2884,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events generated by Amazon Performance Insights. type: object @@ -2858,6 +3254,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -2868,21 +3286,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: |- - (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For - more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide - at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html - - Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications - from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM - permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These - can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that - is located inside the 'triggermesh' namespace. + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] sink: description: The destination of events sourced from Amazon S3. type: object @@ -3474,6 +3906,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -3484,12 +3938,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] endpoint: description: Customizations of the AWS REST API endpoint. type: object @@ -6232,6 +6709,9 @@ spec: webSocketsEnable: description: Boolean to indicate to use WebSockets. type: boolean + maxConcurrent: + description: maximum number of goroutines that will be used to process messages. default 10. + type: integer sink: description: The destination of events sourced from the Azure Service Bus. type: object @@ -8178,7 +8658,11 @@ metadata: annotations: registry.knative.dev/eventTypes: | [ - { "type": "com.google.cloud.storage.notification" } + { "type": "com.google.cloud.storage.notification" }, + { "type": "com.google.cloud.storage.objectfinalize" }, + { "type": "com.google.cloud.storage.objectmetadataupdate" }, + { "type": "com.google.cloud.storage.objectdelete" }, + { "type": "com.google.cloud.storage.objectarchive" } ] spec: group: sources.triggermesh.io @@ -11728,6 +12212,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -11738,12 +12244,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] region: description: Code of the AWS region to use for the Comprehend API. Available region codes are documented in the AWS General Reference at https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints. type: string @@ -11982,6 +12511,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -11992,12 +12543,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: description: ARN of the DynamoDB table to post events to. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazondynamodb.html type: string @@ -12233,6 +12807,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -12243,12 +12839,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: description: ARN of the Event Bus that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoneventbridge.html type: string @@ -12486,6 +13105,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -12496,12 +13137,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: description: ARN of the Kinesis stream that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonkinesis.html type: string @@ -12740,6 +13404,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -12750,12 +13436,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: description: ARN of the Lambda function that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html type: string @@ -12995,6 +13704,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -13005,12 +13736,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: type: string description: ARN of the S3 bucket that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html @@ -13265,6 +14019,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -13275,12 +14051,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: description: ARN of the SNS queue that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonsns.html type: string @@ -13516,6 +14315,28 @@ spec: oneOf: - required: [value] - required: [valueFromSecret] + sessionToken: + description: The AWS session token for temporary credentials. + type: object + properties: + value: + description: Literal value of the session token. + type: string + format: password + valueFromSecret: + description: A reference to a Kubernetes Secret object containing the session token. + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - key + oneOf: + - required: [value] + - required: [valueFromSecret] assumeIamRole: description: |- The ARN of an IAM role for cross-account or remote EKS cluster authorization. @@ -13526,12 +14347,35 @@ spec: - accessKeyID - secretAccessKey iamRole: - description: (Amazon EKS only) The ARN of an IAM role which can be impersonated to obtain AWS permissions. For more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + description: Deprecated, please use "iam" object instead. type: string pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + iam: + description: The IAM role authentication parameters. For Amazon EKS only. + type: object + properties: + roleArn: + description: |- + The ARN of an IAM role which can be impersonated to obtain AWS permissions. For + more information about IAM roles for service accounts, please refer to the Amazon EKS User Guide + at https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html + + Beware that this IAM role only applies to the receive adapter, for retrieving S3 notifications + from the intermediate Amazon SQS queue. The TriggerMesh controller requires its own set of IAM + permissions for interacting with the Amazon S3 and (optionally) Amazon SQS management APIs. These + can be granted via a separate IAM role, through the 'triggermesh-controller' serviceAccount that + is located inside the 'triggermesh' namespace. + type: string + pattern: ^arn:aws(-cn|-us-gov)?:iam::\d{12}:role\/.+$ + serviceAccount: + description: |- + The name of the service account to be assigned on the receive adapter. Can be created externally and + shared between multiple components. + type: string oneOf: - required: [credentials] - required: [iamRole] + - required: [iam] arn: description: ARN of the SQS queue that will receive events. The expected format is documented at https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslambda.html type: string @@ -14797,6 +15641,9 @@ spec: type: string format: url pattern: ^https?:\/\/.+$ + path: + description: Path at the remote endpoint under which requests are accepted. + type: string credentials: description: Optional credentials specification for remote CloudEvents endpoint. type: object @@ -15026,6 +15873,9 @@ spec: type: string name: type: string + site: + type: string + description: Controls the site of the Datadog intake API eventOptions: description: 'When should this target generate a response event for processing: always, on error, or never.' type: object @@ -17990,10 +18840,6 @@ spec: logsListenerURL: type: string description: Logz listener host to stream events to. - properties: - payloadPolicy: - type: string - enum: [always, error, never] adapterOverrides: description: Kubernetes object parameters to apply on top of default adapter values. type: object diff --git a/charts/triggermesh/triggermesh/values.yaml b/charts/triggermesh/triggermesh/values.yaml index d7b8e8c36..f8cc6caa2 100644 --- a/charts/triggermesh/triggermesh/values.yaml +++ b/charts/triggermesh/triggermesh/values.yaml @@ -13,7 +13,7 @@ image: klr: image: - tag: "v1.24.3" + tag: "v1.26.0" imagePullSecrets: [] diff --git a/index.yaml b/index.yaml index 8d5b1b88d..b4bcb8524 100644 --- a/index.yaml +++ b/index.yaml @@ -1228,8 +1228,8 @@ entries: argo-cd: - annotations: artifacthub.io/changes: | - - kind: added - description: add applicationSet deployment cmd-params checksum + - kind: changed + description: Upgrade dexidp from v2.36.0 to v2.37.0 artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -1239,8 +1239,8 @@ entries: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 - appVersion: v2.7.6 - created: "2023-07-06T06:52:32.757641925-06:00" + appVersion: v2.7.7 + created: "2023-07-10T08:00:50.068873617-06:00" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -1248,7 +1248,46 @@ entries: version: 4.23.0 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: bfc3c1e2fcb648a5d17f26de079689d3ed3921c386bb04d0702ebcb018d8f857 + digest: b436859c21f7e4a96cea3ca2460f6b9a8456191a2a7994c33ad78d2668390d3a + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.38.0.tgz + version: 5.38.0 + - annotations: + artifacthub.io/changes: | + - kind: added + description: add applicationSet deployment cmd-params checksum + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.7.6 + created: "2023-07-10T08:00:29.722144931-06:00" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 176b3c78c524201f59d4c6f2a1280d1d590d61a93441305d15529be7391911cd home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -3500,6 +3539,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.59.12 + created: "2023-07-10T08:00:53.222867166-06:00" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: 74c4f656040a702466a7b59b2bdec16c1c9a1fbfcd00a8fd6802518649931e56 + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.59.12.tgz + version: 107.59.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -4385,6 +4457,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.59.12 + created: "2023-07-10T08:00:53.427004605-06:00" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.59.12 + description: JFrog Container Registry + digest: 9cf52769e26ad7d0fd918155391eed5ca9e48a987117edcfddbec737fe871f5b + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.59.12.tgz + version: 107.59.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -5267,6 +5373,71 @@ entries: - assets/jfrog/artifactory-jcr-2.5.100.tgz version: 2.5.100 asserts: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Asserts + catalog.cattle.io/kube-version: '>=1.17-0' + catalog.cattle.io/release-name: asserts + apiVersion: v2 + created: "2023-07-10T08:00:50.434755132-06:00" + dependencies: + - condition: knowledge-sensor.enabled + name: knowledge-sensor + repository: file://./charts/knowledge-sensor + version: 1.1.0 + - alias: tsdb + condition: tsdb.enabled + name: victoria-metrics-single + repository: file://./charts/victoria-metrics-single + version: 1.1.0 + - condition: alertmanager.enabled + name: alertmanager + repository: file://./charts/alertmanager + version: 1.0.0 + - alias: promxyruler + condition: promxyruler.enabled + name: promxy + repository: file://./charts/promxy + version: 0.8.0 + - alias: promxyuser + condition: promxyuser.enabled + name: promxy + repository: file://./charts/promxy + version: 0.8.0 + - alias: ebpfProbe + condition: ebpfProbe.enabled + name: ebpf-probe + repository: file://./charts/ebpf-probe + version: 0.7.0 + - name: common + repository: file://./charts/common + version: 1.x.x + - alias: redisgraph + condition: redisgraph.enabled + name: redis + repository: file://./charts/redis + version: 16.13.2 + - alias: redisearch + condition: redisearch.enabled + name: redis + repository: file://./charts/redis + version: 16.13.2 + - alias: postgres + condition: postgres.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: Asserts Helm Chart to configure entire asserts stack + digest: 5f48547eb1dee239cd25ba3d4690df912345d3d9b4e9b8e528c9d55c5d89fc99 + icon: https://www.asserts.ai/favicon.png + maintainers: + - name: Asserts + url: https://github.com/asserts + name: asserts + type: application + urls: + - assets/asserts/asserts-1.44.0.tgz + version: 1.44.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Asserts @@ -9255,6 +9426,27 @@ entries: - assets/cloudcasa/cloudcasa-0.1.000.tgz version: 0.1.000 cockroachdb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CockroachDB + catalog.cattle.io/kube-version: '>=1.8-0' + catalog.cattle.io/release-name: cockroachdb + apiVersion: v1 + appVersion: 23.1.5 + created: "2023-07-10T08:00:52.132709374-06:00" + description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. + digest: 9fda966ce072067814eb1976a0ed0752d0a4327c570e650c42c00148b7ba8698 + home: https://www.cockroachlabs.com + icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png + maintainers: + - email: helm-charts@cockroachlabs.com + name: cockroachlabs + name: cockroachdb + sources: + - https://github.com/cockroachdb/cockroach + urls: + - assets/cockroach-labs/cockroachdb-11.0.4.tgz + version: 11.0.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CockroachDB @@ -11067,6 +11259,28 @@ entries: - assets/kubecost/cost-analyzer-1.70.000.tgz version: 1.70.000 crate-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrateDB Operator + catalog.cattle.io/release-name: crate-operator + apiVersion: v2 + appVersion: 2.30.1 + created: "2023-07-10T08:00:52.201780574-06:00" + dependencies: + - condition: crate-operator-crds.enabled + name: crate-operator-crds + repository: file://./charts/crate-operator-crds + version: 2.30.1 + description: Crate Operator - Helm chart for installing and upgrading Crate Operator. + digest: 47c7e8ff13c96a38a4fa6ac122dc0d536a0581edfd5eaa7f6f3b7b481015f598 + icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg + maintainers: + - name: Crate.io + name: crate-operator + type: application + urls: + - assets/crate/crate-operator-2.30.1.tgz + version: 2.30.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrateDB Operator @@ -12107,6 +12321,43 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-07-10T08:00:52.455732611-06:00" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: 1a9a7e92d6d973aec3ed47be75ddaf1a0103fef81edbca0066ad207f15552435 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.33.0.tgz + version: 3.33.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -13867,6 +14118,39 @@ entries: - assets/datadog/datadog-2.4.200.tgz version: 2.4.200 datadog-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog Operator + catalog.cattle.io/release-name: datadog-operator + apiVersion: v2 + appVersion: 1.0.3 + created: "2023-07-10T08:00:52.534668729-06:00" + dependencies: + - alias: datadogCRDs + condition: installCRDs + name: datadog-crds + repository: file://./charts/datadog-crds + tags: + - install-crds + version: =1.0.1 + description: Datadog Operator + digest: bbfd9e4bbfa3c3680b25ba391be2ce5f934596cb39e6cc5a1073bf2fe6183b06 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog-operator + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-operator-1.0.6.tgz + version: 1.0.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog Operator @@ -14859,6 +15143,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.9.1 + created: "2023-07-10T08:00:52.621888257-06:00" + description: External secret management for Kubernetes + digest: 3ea72b6b9b39fa034d883089efa83f8f2efac12d286f2ecbc2691795fc081939 + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.9.1.tgz + version: 0.9.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -19072,6 +19380,28 @@ entries: - assets/tetrate-istio/istiod-tid-1.12.600.tgz version: 1.12.600 jaeger-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jaeger Operator + catalog.cattle.io/release-name: jaeger-operator + apiVersion: v1 + appVersion: 1.46.0 + created: "2023-07-10T08:00:52.957605567-06:00" + description: jaeger-operator Helm chart for Kubernetes + digest: c0cfec20ce0c180937ed0ce042d44c53dd2a626e961865b09c57f23183693cfa + home: https://www.jaegertracing.io/ + icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg + maintainers: + - email: ctadeu@gmail.com + name: cpanato + - email: batazor111@gmail.com + name: batazor + name: jaeger-operator + sources: + - https://github.com/jaegertracing/jaeger-operator + urls: + - assets/jaeger/jaeger-operator-2.46.1.tgz + version: 2.46.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Jaeger Operator @@ -22139,6 +22469,47 @@ entries: - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.5.0 + created: "2023-07-10T08:00:51.017648202-06:00" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: 05493de18d58388ef2668c02ce41ead72103e508275546e0f6470c58058461ab + home: https://bitnami.com + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/kafka + urls: + - assets/bitnami/kafka-23.0.2.tgz + version: 23.0.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -23511,6 +23882,38 @@ entries: - assets/bitnami/kafka-19.0.1.tgz version: 19.0.1 kamaji: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kamaji + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: kamaji + apiVersion: v2 + appVersion: v0.3.1 + created: "2023-07-10T08:00:52.102091223-06:00" + description: Kamaji deploys and operates Kubernetes at scale with a fraction of + the operational burden. Kamaji turns any Kubernetes cluster into an “admin cluster” + to orchestrate other Kubernetes clusters called “tenant clusters”. Kamaji is + special because the Control Plane components are running in a single pod instead + of dedicated machines. This solution makes running multiple Control Planes cheaper + and easier to deploy and operate. + digest: be828892617e595859fa6ea78f928f67de86830e6e0daf4eafb23d55792d2b1d + home: https://github.com/clastix/kamaji + icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: dario@tranchitella.eu + name: Dario Tranchitella + - email: me@maxgio.it + name: Massimiliano Giovagnoli + - email: me@bsctl.io + name: Adriano Pezzuto + name: kamaji + sources: + - https://github.com/clastix/kamaji + type: application + urls: + - assets/clastix/kamaji-0.12.2.tgz + version: 0.12.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kamaji @@ -23878,6 +24281,33 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.3" + created: "2023-07-10T08:00:53.889941843-06:00" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: a0286c3fa933ee1c29d146949fa7375e8715c4ff09ed3c027d8f3a0f7aea51c4 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.24.0.tgz + version: 2.24.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -25323,7 +25753,7 @@ entries: type: application urls: - assets/linkerd/linkerd-control-plane-1.12.5.tgz - version: 1.12.5 + version: 1.12.5 loft: - annotations: catalog.cattle.io/certified: partner @@ -25649,6 +26079,43 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.11.4 + created: "2023-07-10T08:00:51.089409614-06:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 242ae63687d3baeb0cc170b59f652600949dcbdd5dbcd6878aca3a33e7504294 + home: https://bitnami.com + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mariadb + urls: + - assets/bitnami/mariadb-12.2.7.tgz + version: 12.2.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -26967,6 +27434,43 @@ entries: - assets/minio/minio-operator-4.4.1700.tgz version: 4.4.1700 mysql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MySQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mysql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 8.0.33 + created: "2023-07-10T08:00:51.099011082-06:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + digest: f021d04c976882eadf6a65e431dd18312b423064b7120dd964e4f454e17680a1 + home: https://bitnami.com + icon: https://www.mysql.com/common/logos/logo-mysql-170x115.png + keywords: + - mysql + - database + - sql + - cluster + - high availability + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: mysql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/mysql + urls: + - assets/bitnami/mysql-9.10.5.tgz + version: 9.10.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MySQL @@ -32228,6 +32732,44 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.3.0 + created: "2023-07-10T08:00:51.26271284-06:00" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: aa4bc6ec6d7c017adb69841f213c75b8dc980db544a7b90acb18dec0b0879bd1 + home: https://bitnami.com + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/post + urls: + - assets/bitnami/postgresql-12.6.4.tgz + version: 12.6.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -35348,6 +35890,46 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.1.13 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.13 + created: "2023-07-10T08:00:54.853883794-06:00" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: e10ec33bff6b38e403d86cc0fcc2660f7bef7302a96b0b26f51df316f85ab55a + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.52.tgz + version: 4.0.52 - annotations: artifacthub.io/images: | - name: redpanda @@ -37446,6 +38028,48 @@ entries: - assets/redpanda/redpanda-2.1.7.tgz version: 2.1.7 s3gw: + - annotations: + app.aquarist-labs.io/name: s3gw + artifacthub.io/category: storage + artifacthub.io/links: | + - name: homepage + url: https://s3gw.io/ + - name: support + url: https://github.com/aquarist-labs/s3gw/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: S3 Gateway + catalog.cattle.io/experimental: "true" + catalog.cattle.io/kube-version: '>=1.14' + catalog.cattle.io/namespace: s3gw + catalog.cattle.io/release-name: s3gw + apiVersion: v2 + appVersion: latest + created: "2023-07-10T08:00:29.229956366-06:00" + description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s + Kubernetes. ' + digest: 86abd47b27ecda912793b0a4960e25a6c2659d418b274b45b7a9498d30ad36af + home: https://github.com/aquarist-labs/s3gw + icon: https://s3gw.io/img/logo-xl.png + keywords: + - storage + - s3 + kubeVersion: '>=1.14' + maintainers: + - email: s3gw@suse.com + name: s3gw maintainers + url: https://github.com/orgs/aquarist-labs/projects/5 + name: s3gw + sources: + - https://github.com/aquarist-labs/s3gw-charts + - https://github.com/aquarist-labs/s3gw + - https://github.com/aquarist-labs/ceph + - https://github.com/aquarist-labs/s3gw-ui + - https://github.com/aquarist-labs/s3gw-cosi-driver + - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar + type: application + urls: + - assets/aquarist-labs/s3gw-0.18.0.tgz + version: 0.18.0 - annotations: app.aquarist-labs.io/name: s3gw artifacthub.io/category: storage @@ -39046,6 +39670,37 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.3.161 + created: "2023-07-10T08:00:54.916798846-06:00" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: fa7363c86862877f1d58dfaa1447f6701f56f8dfd1e21da2d2a8a863c4c9b2ce + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.3.19.tgz + version: 1.3.19 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -43362,6 +44017,31 @@ entries: - assets/traefik/traefik-10.6.0.tgz version: 10.6.0 triggermesh: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TriggerMesh + catalog.cattle.io/kube-version: '>=1.20-0' + catalog.cattle.io/release-name: triggermesh + apiVersion: v2 + appVersion: v1.26.0 + created: "2023-07-10T08:00:55.197815548-06:00" + dependencies: + - condition: triggermesh-core.enabled + name: triggermesh-core + repository: file://./charts/triggermesh-core + tags: + - triggermesh + - triggermesh-core + - brokers + version: 1.2.x + description: A Helm chart deploying TriggerMesh Open Source Components + digest: f912b1689d78e50c43d0ff4c28b19fb5448a6d242ad678625898abcae6ad7e0e + icon: https://partner-charts.rancher.io/assets/logos/triggermesh.svg + name: triggermesh + type: application + urls: + - assets/triggermesh/triggermesh-0.8.3.tgz + version: 0.8.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: TriggerMesh @@ -44501,6 +45181,53 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.2 + created: "2023-07-10T08:00:51.937477317-06:00" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 14dfa56aa1acc5d61fe2b320cb82c93a618db8be4d5bc0bbc65889e2f0998468 + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-16.1.25.tgz + version: 16.1.25 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress