Merge pull request from nflondo/main-source

Charts CI
pull/730/head
alex-isv 2023-04-20 13:31:06 -06:00 committed by GitHub
commit f1b3d057c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
137 changed files with 1866 additions and 1124 deletions
charts
jaeger/jaeger-operator

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -35,4 +35,4 @@ name: kafka
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
- https://kafka.apache.org/
version: 21.4.4
version: 21.4.6

View File

@ -108,12 +108,17 @@ spec:
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.type {{ upper .Values.provisioning.auth.tls.type | quote }}
! is_empty_value "$KAFKA_CLIENT_KEY_PASSWORD" && kafka_common_conf_set "$CLIENT_CONF" ssl.key.password "$KAFKA_CLIENT_KEY_PASSWORD"
{{- if eq (upper .Values.provisioning.auth.tls.type) "PEM" }}
{{- if .Values.provisioning.auth.tls.caCert }}
file_to_multiline_property() {
awk 'NR > 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}"
}
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.key "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.key }}")"
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")"
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")"
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")"
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")"
{{- else }}
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"
{{- end }}
{{- else if eq (upper .Values.provisioning.auth.tls.type) "JKS" }}
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"

View File

@ -1568,7 +1568,10 @@ provisioning:
type: jks
## @param provisioning.auth.tls.certificatesSecret Existing secret containing the TLS certificates for the Kafka provisioning Job.
## When using 'jks' format for certificates, the secret should contain a truststore and a keystore.
## When using 'pem' format for certificates, the secret should contain a public CA certificate, a public certificate and one private key.
## When using 'pem' format for certificates, the secret should contain one of the following:
## 1. A public CA certificate, a public certificate and one private key.
## 2. A truststore and a keystore in PEM format
## If caCert is set, option 1 will be taken, otherwise option 2.
##
certificatesSecret: ""
## @param provisioning.auth.tls.cert The secret key from the certificatesSecret if 'cert' key different from the default (tls.crt)

View File

@ -6,7 +6,7 @@ annotations:
category: Database
licenses: Apache-2.0
apiVersion: v2
appVersion: 8.0.32
appVersion: 8.0.33
dependencies:
- name: common
repository: file://./charts/common
@ -30,4 +30,4 @@ name: mysql
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/mysql
- https://mysql.com
version: 9.7.1
version: 9.7.2

View File

@ -79,28 +79,28 @@ The command removes all the Kubernetes components associated with the chart and
### MySQL common parameters
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MySQL image registry | `docker.io` |
| `image.repository` | MySQL image repository | `bitnami/mysql` |
| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.32-debian-11-r21` |
| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` |
| `auth.createDatabase` | Whether to create the .Values.auth.database or not | `true` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MySQL replication user | `replicator` |
| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
| Name | Description | Value |
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | MySQL image registry | `docker.io` |
| `image.repository` | MySQL image repository | `bitnami/mysql` |
| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r0` |
| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug logs should be enabled | `false` |
| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` |
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` |
| `auth.createDatabase` | Whether to create the .Values.auth.database or not | `true` |
| `auth.database` | Name for a custom database to create | `my_database` |
| `auth.username` | Name for a custom user to create | `""` |
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
| `auth.replicationUser` | MySQL replication user | `replicator` |
| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` |
| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` |
| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` |
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
### MySQL Primary parameters
@ -307,7 +307,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -320,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
| `metrics.image.registry` | Exporter image registry | `docker.io` |
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r103` |
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r109` |
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

View File

@ -82,7 +82,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/mysql
tag: 8.0.32-debian-11-r21
tag: 8.0.33-debian-11-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -1008,7 +1008,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r102
tag: 11-debian-11-r108
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -1042,7 +1042,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mysqld-exporter
tag: 0.14.0-debian-11-r103
tag: 0.14.0-debian-11-r109
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -28,4 +28,4 @@ name: spark
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/spark
- https://spark.apache.org/
version: 6.4.2
version: 6.4.4

View File

@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
| ------------------- | ----------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | Spark image registry | `docker.io` |
| `image.repository` | Spark image repository | `bitnami/spark` |
| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r12` |
| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r13` |
| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |

View File

@ -178,7 +178,7 @@ spec:
volumeMounts:
{{- if .Values.master.existingConfigmap }}
- name: config
mountPath: /bitnami/spark/conf/
mountPath: /opt/bitnami/spark/conf/
{{- end }}
{{- if .Values.security.ssl.enabled }}
- name: shared-certs

View File

@ -182,7 +182,7 @@ spec:
volumeMounts:
{{- if .Values.worker.existingConfigmap }}
- name: config
mountPath: '/bitnami/spark/conf/'
mountPath: '/opt/bitnami/spark/conf/'
{{- end }}
{{- if .Values.security.ssl.enabled }}
- name: shared-certs

View File

@ -92,7 +92,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/spark
tag: 3.3.2-debian-11-r12
tag: 3.3.2-debian-11-r13
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

View File

@ -3,4 +3,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
version: 2.2.4
digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
generated: "2023-03-13T11:48:45.478522499Z"
generated: "2023-04-20T13:24:56.61515144Z"

View File

@ -6,7 +6,7 @@ annotations:
category: ApplicationServer
licenses: Apache-2.0
apiVersion: v2
appVersion: 10.1.7
appVersion: 10.1.8
dependencies:
- name: common
repository: file://./charts/common
@ -32,4 +32,4 @@ name: tomcat
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
- http://tomcat.apache.org
version: 10.6.3
version: 10.7.1

View File

@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/tomcat
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
```
## Introduction
@ -35,8 +34,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
```console
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/tomcat
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
```
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@ -81,7 +79,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | --------------------- |
| `image.registry` | Tomcat image registry | `docker.io` |
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.7-debian-11-r5` |
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.8-debian-11-r1` |
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -203,7 +201,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r102` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r108` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -218,7 +216,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r6` |
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r12` |
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -250,7 +248,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set tomcatUsername=manager,tomcatPassword=password my-repo/tomcat
--set tomcatUsername=manager,tomcatPassword=password oci://registry-1.docker.io/bitnamicharts/tomcat
```
The above command sets the Tomcat management username and password to `manager` and `password` respectively.
@ -260,7 +258,7 @@ The above command sets the Tomcat management username and password to `manager`
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml my-repo/tomcat
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/tomcat
```
> **Tip**: You can use the default [values.yaml](values.yaml)
@ -346,7 +344,7 @@ Consequences:
```console
export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d)
kubectl delete deployments.apps tomcat
helm upgrade tomcat my-repo/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
helm upgrade tomcat oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
```
### To 7.0.0
@ -364,13 +362,13 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
```console
helm upgrade my-release my-repo/tomcat
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat
```
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
```console
helm upgrade my-release my-repo/tomcat --set securityContext.enabled=false,image.tag=XXX
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat --set securityContext.enabled=false,image.tag=XXX
```
### To 1.0.0

View File

@ -58,7 +58,7 @@ extraDeploy: []
image:
registry: docker.io
repository: bitnami/tomcat
tag: 10.1.7-debian-11-r10
tag: 10.1.8-debian-11-r1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -582,7 +582,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r107
tag: 11-debian-11-r108
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -642,7 +642,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/jmx-exporter
tag: 0.18.0-debian-11-r11
tag: 0.18.0-debian-11-r12
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

View File

@ -41,4 +41,4 @@ name: wordpress
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
- https://wordpress.org/
version: 15.4.0
version: 15.4.1

View File

@ -78,15 +78,15 @@ The command removes all the Kubernetes components associated with the chart and
### WordPress Image parameters
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.0-debian-11-r8` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
| Name | Description | Value |
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
| `image.registry` | WordPress image registry | `docker.io` |
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.0-debian-11-r11` |
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
### WordPress Configuration parameters
@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r106` |
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r107` |
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
@ -280,7 +280,7 @@ The command removes all the Kubernetes components associated with the chart and
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.1-debian-11-r5` |
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.1-debian-11-r7` |
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |

View File

@ -73,7 +73,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/wordpress
tag: 6.2.0-debian-11-r8
tag: 6.2.0-debian-11-r11
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -761,7 +761,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r106
tag: 11-debian-11-r107
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@ -855,7 +855,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/apache-exporter
tag: 0.13.1-debian-11-r5
tag: 0.13.1-debian-11-r7
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -3,4 +3,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
version: 2.2.4
digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
generated: "2023-03-19T02:06:13.108650823Z"
generated: "2023-04-20T13:54:08.945266062Z"

View File

@ -26,4 +26,4 @@ name: zookeeper
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
- https://zookeeper.apache.org/
version: 11.1.6
version: 11.2.1

View File

@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
## TL;DR
```console
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/zookeeper
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
```
## Introduction
@ -32,8 +31,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
To install the chart with the release name `my-release`:
```console
helm repo add my-repo https://charts.bitnami.com/bitnami
helm install my-release my-repo/zookeeper
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
```
These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
@ -82,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r18` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r25` |
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
@ -248,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
@ -319,7 +317,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
```console
helm install my-release \
--set auth.clientUser=newUser \
my-repo/zookeeper
oci://registry-1.docker.io/bitnamicharts/zookeeper
```
The above command sets the ZooKeeper user to `newUser`.
@ -329,7 +327,7 @@ The above command sets the ZooKeeper user to `newUser`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml my-repo/zookeeper
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper
```
> **Tip**: You can use the default [values.yaml](values.yaml)

View File

@ -76,7 +76,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
tag: 3.8.1-debian-11-r18
tag: 3.8.1-debian-11-r25
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@ -660,7 +660,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 11-debian-11-r102
tag: 11-debian-11-r108
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.

View File

@ -1,5 +1,14 @@
# Changelog
## 1.0.2
* Use `.Release.Name` for reference to conversion webhook certificate in datadog-operator deployment.yaml
## 1.0.1
* Use `.Release.Name` for conversion webhook certificate / issuer name to align with the certificate name generated in datadog-crds sub-chart
## 1.0.0
* Default image is now `1.0.0`

View File

@ -26,4 +26,4 @@ name: datadog-operator
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 1.0.0
version: 1.0.2

View File

@ -1,6 +1,6 @@
# Datadog Operator
![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
## Values

View File

@ -5,7 +5,7 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ include "datadog-operator.name" . }}-selfsigned-issuer
name: {{ .Release.Name }}-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
@ -13,7 +13,7 @@ spec:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "datadog-operator.name" . }}-serving-cert
name: {{ .Release.Name }}-serving-cert
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
@ -21,6 +21,6 @@ spec:
- {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }}.{{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: {{ include "datadog-operator.name" . }}-selfsigned-issuer
secretName: {{ include "datadog-operator.name" . }}-webhook-server-cert
name: {{ .Release.Name }}-selfsigned-issuer
secretName: {{ .Release.Name }}-webhook-server-cert
{{- end }}

View File

@ -152,5 +152,5 @@ spec:
- name: cert
secret:
defaultMode: 420
secretName: {{ include "datadog-operator.name" . }}-webhook-server-cert
secretName: {{ .Release.Name }}-webhook-server-cert
{{- end }}

View File

@ -1,14 +1,14 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dynatrace Operator
catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/kube-version: '>=1.19.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
appVersion: 0.10.4
appVersion: 0.11.0
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
kubeVersion: '>=1.21.0-0'
kubeVersion: '>=1.19.0-0'
maintainers:
- email: marcell.sevcsik@dynatrace.com
name: 0sewa0
@ -20,4 +20,4 @@ name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
version: 0.10.4
version: 0.11.0

View File

@ -16,7 +16,7 @@ Install the Dynatrace Operator via Helm by running the following commands.
Add `dynatrace` helm repository:
```
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
```
Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace:

View File

@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.10.0
controller-gen.kubebuilder.io/version: v0.11.1
name: dynakubes.dynatrace.com
spec:
conversion:
@ -225,6 +225,28 @@ spec:
description: 'Optional: define resources requests and limits for
single pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -474,6 +496,28 @@ spec:
description: 'Optional: define resources requests and limits for
single ActiveGate pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -734,6 +778,28 @@ spec:
description: 'Optional: define resources requests and limits for
single ActiveGate pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -986,9 +1052,6 @@ spec:
- jsonPath: .spec.apiUrl
name: ApiUrl
type: string
- jsonPath: .status.tokens
name: Tokens
type: string
- jsonPath: .status.phase
name: Status
type: string
@ -1192,6 +1255,28 @@ spec:
description: 'Optional: define resources requests and limits for
single ActiveGate pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -1386,7 +1471,7 @@ spec:
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes
are included in the calculations. \n If this value is
nil, the behavior is equivalent to the Honor policy. This
is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
nodeTaintsPolicy:
@ -1396,8 +1481,8 @@ spec:
tainted nodes for which the incoming pod has a toleration,
are included. - Ignore: node taints are ignored. All nodes
are included. \n If this value is nil, the behavior is
equivalent to the Ignore policy. This is a alpha-level
feature enabled by the NodeInclusionPolicyInPodTopologySpread
equivalent to the Ignore policy. This is a beta-level
feature default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
topologyKey:
@ -1609,6 +1694,28 @@ spec:
description: 'Optional: define resources requests and limits for
single ActiveGate pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -1797,7 +1904,7 @@ spec:
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes
are included in the calculations. \n If this value is
nil, the behavior is equivalent to the Honor policy. This
is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
nodeTaintsPolicy:
@ -1807,8 +1914,8 @@ spec:
tainted nodes for which the incoming pod has a toleration,
are included. - Ignore: node taints are ignored. All nodes
are included. \n If this value is nil, the behavior is
equivalent to the Ignore policy. This is a alpha-level
feature enabled by the NodeInclusionPolicyInPodTopologySpread
equivalent to the Ignore policy. This is a beta-level
feature default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
topologyKey:
@ -1918,6 +2025,28 @@ spec:
description: 'Optional: define resources requests and limits
for the initContainer'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -2118,6 +2247,28 @@ spec:
description: 'Optional: define resources requests and limits
for single pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -2353,6 +2504,28 @@ spec:
description: 'Optional: define resources requests and limits
for the initContainer'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -2393,6 +2566,28 @@ spec:
description: 'Optional: define resources requests and limits
for single pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -2636,6 +2831,28 @@ spec:
description: 'Optional: define resources requests and limits
for single pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate. \n This field
is immutable. It can only be set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry
in pod.spec.resourceClaims of the Pod where this
field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -2883,6 +3100,28 @@ spec:
description: 'Optional: define resources requests and limits for
single ActiveGate pods'
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@ -3071,7 +3310,7 @@ spec:
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes
are included in the calculations. \n If this value is
nil, the behavior is equivalent to the Honor policy. This
is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
nodeTaintsPolicy:
@ -3081,8 +3320,8 @@ spec:
tainted nodes for which the incoming pod has a toleration,
are included. - Ignore: node taints are ignored. All nodes
are included. \n If this value is nil, the behavior is
equivalent to the Ignore policy. This is a alpha-level
feature enabled by the NodeInclusionPolicyInPodTopologySpread
equivalent to the Ignore policy. This is a beta-level
feature default enabled by the NodeInclusionPolicyInPodTopologySpread
feature flag."
type: string
topologyKey:
@ -3144,28 +3383,26 @@ spec:
properties:
activeGate:
properties:
imageHash:
description: ImageHash contains the last image hash seen.
imageID:
type: string
lastUpdateProbeTimestamp:
description: LastUpdateProbeTimestamp defines the last timestamp
when the querying for updates have been done
lastProbeTimestamp:
format: date-time
type: string
source:
type: string
version:
description: Version contains the version to be deployed.
type: string
type: object
communicationHostForClient:
description: CommunicationHostForClient caches a communication host
specific to the api url.
codeModules:
properties:
host:
imageID:
type: string
port:
format: int32
type: integer
protocol:
lastProbeTimestamp:
format: date-time
type: string
source:
type: string
version:
type: string
type: object
conditions:
@ -3238,80 +3475,31 @@ spec:
- type
type: object
type: array
connectionInfo:
description: ConnectionInfo caches information about the tenant and
its communication hosts
dynatraceApi:
properties:
communicationHosts:
items:
properties:
host:
type: string
port:
format: int32
type: integer
protocol:
type: string
type: object
type: array
formattedCommunicationEndpoints:
type: string
tenantUUID:
type: string
type: object
eec:
properties:
imageHash:
description: ImageHash contains the last image hash seen.
type: string
lastUpdateProbeTimestamp:
description: LastUpdateProbeTimestamp defines the last timestamp
when the querying for updates have been done
lastActiveGateConnectionInfoRequest:
format: date-time
type: string
version:
description: Version contains the version to be deployed.
lastOneAgentConnectionInfoRequest:
format: date-time
type: string
lastTokenScopeRequest:
format: date-time
type: string
type: object
kubeSystemUUID:
description: KubeSystemUUID contains the UUID of the current Kubernetes
cluster
type: string
lastAPITokenProbeTimestamp:
description: LastAPITokenProbeTimestamp tracks when the last request
for the API token validity was sent
lastTokenProbeTimestamp:
description: 'Deprecated: use DynatraceApiStatus.LastTokenScopeRequest
instead LastTokenProbeTimestamp tracks when the last request for
the API token validity was sent'
format: date-time
type: string
lastClusterVersionProbeTimestamp:
description: LastClusterVersionProbeTimestamp indicates when the cluster's
version was last checked
format: date-time
type: string
lastDataIngestTokenProbeTimestamp:
description: Deprecated, use LastAPITokenProbeTimestamp instead LastDataIngestTokenProbeTimestamp
tracks when the last request for the DataIngest token validity was
sent
format: date-time
type: string
lastPaaSTokenProbeTimestamp:
description: Deprecated, use LastAPITokenProbeTimestamp instead LastPaaSTokenProbeTimestamp
tracks when the last request for the PaaS token validity was sent
format: date-time
type: string
latestAgentVersionUnixDefault:
description: LatestAgentVersionUnixDefault caches the current agent
version for unix and the default installer which is configured for
the environment
type: string
latestAgentVersionUnixPaas:
description: LatestAgentVersionUnixDefault caches the current agent
version for unix and the PaaS installer which is configured for
the environment
type: string
oneAgent:
properties:
imageHash:
description: ImageHash contains the last image hash seen.
imageID:
type: string
instances:
additionalProperties:
@ -3322,41 +3510,33 @@ spec:
type: string
type: object
type: object
lastHostsRequestTimestamp:
description: LastHostsRequestTimestamp indicates the last timestamp
the Operator queried for hosts
lastInstanceStatusUpdate:
format: date-time
type: string
lastUpdateProbeTimestamp:
description: LastUpdateProbeTimestamp defines the last timestamp
when the querying for updates have been done
lastProbeTimestamp:
format: date-time
type: string
source:
type: string
version:
description: Version contains the version to be deployed.
type: string
type: object
phase:
description: Defines the current state (Running, Updating, Error,
...)
type: string
statsd:
synthetic:
properties:
imageHash:
description: ImageHash contains the last image hash seen.
imageID:
type: string
lastUpdateProbeTimestamp:
description: LastUpdateProbeTimestamp defines the last timestamp
when the querying for updates have been done
lastProbeTimestamp:
format: date-time
type: string
source:
type: string
version:
description: Version contains the version to be deployed.
type: string
type: object
tokens:
description: Credentials used to connect back to Dynatrace.
type: string
updatedTimestamp:
description: UpdatedTimestamp indicates when the instance was last
updated

View File

@ -34,7 +34,7 @@ spec:
dynatrace.com/inject: "false"
kubectl.kubernetes.io/default-container: provisioner
cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false"
{{- if and (eq (default false .Values.apparmor) true) (ne .Values.platform "openshift") }}
{{- if and (eq (default false .Values.apparmor) true) (ne (include "dynatrace-operator.platform" .) "openshift") }}
container.apparmor.security.beta.kubernetes.io/driver: runtime/default
container.apparmor.security.beta.kubernetes.io/registrar: runtime/default
container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default
@ -182,17 +182,6 @@ spec:
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
command:
- csi-node-driver-registrar
livenessProbe:
exec:
command:
- csi-node-driver-registrar
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 15
resources:
{{- if .Values.csidriver.registrar.resources }}
{{- toYaml .Values.csidriver.registrar.resources | nindent 10 }}
@ -246,7 +235,7 @@ spec:
securityContext: {}
serviceAccountName: dynatrace-oneagent-csi-driver
terminationGracePeriodSeconds: 30
priorityClassName: dynatrace-high-priority
priorityClassName: {{ include "dynatrace-operator.CSIPriorityClassName" . }}
volumes:
# This volume is where the registrar registers the plugin with kubelet
- name: registration-dir

View File

@ -1,5 +1,5 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
{{ if (eq (include "dynatrace-operator.needPriorityClass" .) "true") }}
# Copyright 2021 Dynatrace LLC

View File

@ -21,9 +21,4 @@ metadata:
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
automountServiceAccountToken: false
{{- if eq .Values.platform "openshift"}}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{- end }}
{{ end }}

View File

@ -21,9 +21,4 @@ metadata:
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
automountServiceAccountToken: false
{{- if eq .Values.platform "openshift"}}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{- end }}
{{ end }}

View File

@ -55,6 +55,7 @@ rules:
- get
- update
- delete
- list
- apiGroups:
- ""
resources:

View File

@ -106,7 +106,7 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
{{- if ne .Values.platform "gke-autopilot"}}
{{- if ne (include "dynatrace-operator.platform" .) "gke-autopilot" }}
- key: kubernetes.io/arch
operator: In
values:

View File

@ -78,7 +78,7 @@ rules:
- update
- apiGroups:
- "" # "" indicates the core API group
- ""
resources:
- configmaps
verbs:
@ -89,7 +89,7 @@ rules:
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
- ""
resources:
- pods
verbs:
@ -99,7 +99,7 @@ rules:
- delete
- create
- apiGroups:
- "" # "" indicates the core API group
- ""
resources:
- secrets
verbs:
@ -127,6 +127,12 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- apiGroups:
- monitoring.coreos.com

View File

@ -20,10 +20,4 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
{{ if eq .Values.platform "openshift" }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{ end }}
{{ end }}

View File

@ -74,7 +74,7 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
{{- if ne .Values.platform "gke-autopilot"}}
{{- if ne (include "dynatrace-operator.platform" .) "gke-autopilot"}}
- key: kubernetes.io/arch
operator: In
values:

View File

@ -1,6 +1,7 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if and (.Values.webhook).highAvailability (eq (include "dynatrace-operator.partial" .) "false") }}
apiVersion: policy/v1
# v1 version supported since k8s 1.21
apiVersion: {{ .Capabilities.APIVersions.Has "policy/v1" | ternary "policy/v1" "policy/v1beta1" }}
kind: PodDisruptionBudget
metadata:
name: dynatrace-webhook

View File

@ -20,10 +20,5 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
{{- if eq .Values.platform "openshift" }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{- end }}
{{ end }}

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
@ -21,15 +20,12 @@ allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
{{- if (.Values.activeGate).readOnlyFs }}
readOnlyRootFilesystem: true
{{ else }}
readOnlyRootFilesystem: false
{{ end }}
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAsNonRoot
type: MustRunAs
uid: 1001
seLinuxContext:
type: RunAsAny
seccompProfiles:

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -21,6 +21,22 @@ Check if we need the csi driver.
{{- end -}}
{{- end -}}
{{/*
CSI PriorityClassName
*/}}
{{- define "dynatrace-operator.CSIPriorityClassName" -}}
{{- default "dynatrace-high-priority" .Values.csidriver.existingPriorityClassName -}}
{{- end -}}
{{/*
Check if we need the csi default priority class
*/}}
{{- define "dynatrace-operator.needPriorityClass" -}}
{{- if and (eq (include "dynatrace-operator.needCSI" .) "true") (not .Values.csidriver.existingPriorityClassName) -}}
{{- printf "true" -}}
{{- end -}}
{{- end -}}
{{/*
CSI plugin-dir path
*/}}

View File

@ -27,8 +27,8 @@ Check if default image is used
{{- if .Values.image -}}
{{- printf "%s" .Values.image -}}
{{- else -}}
{{- if eq .Values.platform "google-marketplace" -}}
{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" "{{ .Chart.AppVersion }}" }}
{{- if eq (include "dynatrace-operator.platform" .) "google-marketplace" -}}
{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" .Chart.AppVersion }}
{{- else -}}
{{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }}
{{- end -}}
@ -45,29 +45,3 @@ Check if we are generating only a part of the yamls
{{- printf "false" -}}
{{- end -}}
{{- end -}}
{{/*
Check if platform is set
*/}}
{{- define "dynatrace-operator.platformSet" -}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google-marketplace") (eq .Values.platform "gke-autopilot") -}}
{{ default "set" }}
{{- end -}}
{{- end -}}
{{/*
Exclude Kubernetes manifest not running on OLM
*/}}
{{- define "dynatrace-operator.openshiftOrOlm" -}}
{{- if and (or (eq .Values.platform "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
{{ default "true" }}
{{- end -}}
{{- end -}}
{{/*
Check if the platform is set
*/}}
{{- define "dynatrace-operator.platformRequired" -}}
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformSet" .))}}
{{- end -}}

View File

@ -0,0 +1,54 @@
// Copyright 2020 Dynatrace LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
{{/*
Auto-detect the platform (if not set), according to the available APIVersions
*/}}
{{- define "dynatrace-operator.platform" -}}
{{- if .Values.platform}}
{{- printf .Values.platform -}}
{{- else if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
{{- printf "openshift" -}}
{{- else if .Capabilities.APIVersions.Has "auto.gke.io/v1" }}
{{- printf "gke-autopilot" -}}
{{- else }}
{{- printf "kubernetes" -}}
{{- end -}}
{{- end }}
{{/*
Exclude Kubernetes manifest not running on OLM
*/}}
{{- define "dynatrace-operator.openshiftOrOlm" -}}
{{- if and (or (eq (include "dynatrace-operator.platform" .) "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
{{ default "true" }}
{{- end -}}
{{- end -}}
{{/*
Check if platform is set to a valid one
*/}}
{{- define "dynatrace-operator.platformIsValid" -}}
{{- $validPlatforms := list "kubernetes" "openshift" "google-marketplace" "gke-autopilot" -}}
{{- if has (include "dynatrace-operator.platform" .) $validPlatforms -}}
{{ default "set" }}
{{- end -}}
{{- end -}}
{{/*
Enforces that platform is set to a valid one
*/}}
{{- define "dynatrace-operator.platformRequired" -}}
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformIsValid" .))}}
{{- end -}}

View File

@ -1,5 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if eq .Values.platform "google-marketplace" }}
{{- if eq (include "dynatrace-operator.platform" .) "google-marketplace" }}
# Copyright 2020 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");

View File

@ -13,7 +13,7 @@
# limitations under the License.
# may be set to "kubernetes", "openshift", or "gke-autopilot"
platform: "kubernetes"
platform: ""
image: ""
customPullSecret: ""
@ -51,8 +51,9 @@ csidriver:
enabled: false
nodeSelector: {}
kubeletPath: "/var/lib/kubelet"
existingPriorityClassName: "" # if defined, use this priorityclass instead of creating a new one
priorityClassValue: "1000000"
maxUnmountedVolumeAge: "" # defined in days, must be a plain number, default is "14"
maxUnmountedVolumeAge: "" # defined in days, must be a plain number
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master

View File

@ -1,7 +1,6 @@
annotations:
artifacthub.io/changes: |
- Add support for gateway-controller-name (#185)
- Use Ingress Controller 1.10.1 version for base image
- Allow strategy override for Daemonset deployments (#186)
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/kube-version: '>=1.22.0-0'
@ -22,4 +21,4 @@ name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
version: 1.30.1
version: 1.30.3

View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
kubernetesGateway:
enabled: true
gatewayControllerName: haproxy.org/gateway-controller

View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1

View File

@ -0,0 +1,4 @@
controller:
kubernetesGateway:
enabled: true
gatewayControllerName: haproxy.org/gateway-controller

View File

@ -0,0 +1,6 @@
controller:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1

View File

@ -87,4 +87,25 @@ rules:
- list
- watch
- update
{{- if .Values.controller.kubernetesGateway.enabled }}
- apiGroups:
- "gateway.networking.k8s.io"
resources:
- referencegrants
- gateways
- gatewayclasses
- tcproutes
verbs:
- get
- list
- watch
- apiGroups:
- "gateway.networking.k8s.io"
resources:
- gatewayclasses/status
- gateways/status
- tcproutes/status
verbs:
- update
{{- end }}
{{- end -}}

View File

@ -34,10 +34,10 @@ metadata:
{{- end }}
spec:
minReadySeconds: {{ .Values.controller.minReadySeconds }}
{{- with .Values.controller.strategy }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
@ -103,8 +103,8 @@ spec:
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.gatewayControllerName }}
- --gateway-controller-name={{ .Values.controller.gatewayControllerName }}
{{- if and .Values.controller.kubernetesGateway.enabled .Values.controller.kubernetesGateway.gatewayControllerName }}
- --gateway-controller-name={{ .Values.controller.kubernetesGateway.gatewayControllerName }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}

View File

@ -104,8 +104,8 @@ spec:
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.gatewayControllerName }}
- --gateway-controller-name={{ .Values.controller.gatewayControllerName }}
{{- if and .Values.controller.kubernetesGateway.enabled .Values.controller.kubernetesGateway.gatewayControllerName }}
- --gateway-controller-name={{ .Values.controller.kubernetesGateway.gatewayControllerName }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}

View File

@ -160,9 +160,12 @@ controller:
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
ingressClass: haproxy # typically "haproxy" or null to receive all events
# Gateway API controller, not available in k8s as default, but can be installed
# Gateway API controller, not available in K8s as default but can be installed
# ref: https://gateway-api.sigs.k8s.io/
# gatewayControllerName: haproxy.org/gateway-controller
# ref: https://gateway-api.sigs.k8s.io/guides/#installing-a-gateway-controller
kubernetesGateway:
enabled: false
gatewayControllerName: haproxy.org/gateway-controller
## Additional labels to add to the deployment or daemonset metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
@ -437,11 +440,11 @@ controller:
## Controller deployment strategy definition
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
strategy: {}
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# type: RollingUpdate
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
## Controller Pod PriorityClass
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass

View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.20-0'
catalog.cattle.io/release-name: harbor
apiVersion: v1
appVersion: 2.7.1
appVersion: 2.8.0
description: An open source trusted cloud native registry that stores, signs, and
scans content
home: https://goharbor.io
@ -24,4 +24,4 @@ name: harbor
sources:
- https://github.com/goharbor/harbor
- https://github.com/goharbor/harbor-helm
version: 1.11.1
version: 1.12.0

View File

@ -113,7 +113,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `expose.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} |
| `expose.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] |
| **Internal TLS** | | |
| `internalTLS.enabled` | Enable TLS for the components (chartmuseum, core, jobservice, portal, registry, trivy) | `false` |
| `internalTLS.enabled` | Enable TLS for the components (core, jobservice, portal, registry, trivy) | `false` |
| `internalTLS.certSource` | Method to provide TLS for the components, options are `auto`, `manual`, `secret`. | `auto` |
| `internalTLS.trustCa` | The content of trust CA, only available when `certSource` is `manual`. **Note**: all the internal certificates of the components must be issued by this CA | |
| `internalTLS.core.secretName` | The secret name for core component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
@ -128,9 +128,6 @@ The following table lists the configurable parameters of the Harbor chart and th
| `internalTLS.portal.secretName` | The secret name for portal component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
| `internalTLS.portal.crt` | Content of portal's TLS cert file, only available when `certSource` is `manual` | |
| `internalTLS.portal.key` | Content of portal's TLS key file, only available when `certSource` is `manual` | |
| `internalTLS.chartmuseum.secretName` | The secret name for chartmuseum component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
| `internalTLS.chartmuseum.crt` | Content of chartmuseum's TLS cert file, only available when `certSource` is `manual` | |
| `internalTLS.chartmuseum.key` | Content of chartmuseum's TLS key file, only available when `certSource` is `manual` | |
| `internalTLS.trivy.secretName` | The secret name for trivy component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
| `internalTLS.trivy.crt` | Content of trivy's TLS cert file, only available when `certSource` is `manual` | |
| `internalTLS.trivy.key` | Content of trivy's TLS key file, only available when `certSource` is `manual` | |
@ -146,12 +143,6 @@ The following table lists the configurable parameters of the Harbor chart and th
| `persistence.persistentVolumeClaim.registry.accessMode` | The access mode of the volume | `ReadWriteOnce` |
| `persistence.persistentVolumeClaim.registry.size` | The size of the volume | `5Gi` |
| `persistence.persistentVolumeClaim.registry.annotations` | The annotations of the volume | |
| `persistence.persistentVolumeClaim.chartmuseum.existingClaim` | Use the existing PVC which must be created manually before bound, and specify the `subPath` if the PVC is shared with other components | |
| `persistence.persistentVolumeClaim.chartmuseum.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used (the default). Set it to `-` to disable dynamic provisioning | |
| `persistence.persistentVolumeClaim.chartmuseum.subPath` | The sub path used in the volume | |
| `persistence.persistentVolumeClaim.chartmuseum.accessMode` | The access mode of the volume | `ReadWriteOnce` |
| `persistence.persistentVolumeClaim.chartmuseum.size` | The size of the volume | `5Gi` |
| `persistence.persistentVolumeClaim.chartmuseum.annotations` | The annotations of the volume | |
|`persistence.persistentVolumeClaim.jobservice.jobLog.existingClaim` | Use the existing PVC which must be created manually before bound, and specify the `subPath` if the PVC is shared with other components. | |
| `persistence.persistentVolumeClaim.jobservice.jobLog.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used (the default). Set it to `-` to disable dynamic provisioning | |
| `persistence.persistentVolumeClaim.jobservice.jobLog.subPath` | The sub path used in the volume | |
@ -177,19 +168,21 @@ The following table lists the configurable parameters of the Harbor chart and th
| `persistence.persistentVolumeClaim.trivy.size` | The size of the volume | `1Gi` |
| `persistence.persistentVolumeClaim.trivy.annotations` | The annotations of the volume | |
| `persistence.imageChartStorage.disableredirect` | The configuration for managing redirects from content backends. For backends which not supported it (such as using minio for `s3` storage type), please set it to `true` to disable redirects. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect) for more details | `false` |
| `persistence.imageChartStorage.caBundleSecretName` | Specify the `caBundleSecretName` if the storage service uses a self-signed certificate. The secret must contain keys named `ca.crt` which will be injected into the trust store of registry's and chartmuseum's containers. | |
| `persistence.imageChartStorage.type` | The type of storage for images and charts: `filesystem`, `azure`, `gcs`, `s3`, `swift` or `oss`. The type must be `filesystem` if you want to use persistent volumes for registry and chartmuseum. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) for more details | `filesystem` |
| `persistence.imageChartStorage.caBundleSecretName` | Specify the `caBundleSecretName` if the storage service uses a self-signed certificate. The secret must contain keys named `ca.crt` which will be injected into the trust store of registry's and containers. | |
| `persistence.imageChartStorage.type` | The type of storage for images and charts: `filesystem`, `azure`, `gcs`, `s3`, `swift` or `oss`. The type must be `filesystem` if you want to use persistent volumes for registry. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) for more details | `filesystem` |
| `persistence.imageChartStorage.gcs.existingSecret` | An existing secret containing the gcs service account json key. The key must be gcs-key.json. | `""` |
| `persistence.imageChartStorage.gcs.useWorkloadIdentity` | A boolean to allow the use of workloadidentity in a GKE cluster. To use it, create a kubernetes service account and set the name in the key `serviceAccountName` of each component, then allow automounting the service account. | `false` |
| **General** | | |
| `externalURL` | The external URL for Harbor core service | `https://core.harbor.domain` |
| `caBundleSecretName` | The custom CA bundle secret name, the secret must contain key named "ca.crt" which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components. | |
| `caBundleSecretName` | The custom CA bundle secret name, the secret must contain key named "ca.crt" which will be injected into the trust store for core, jobservice, registry, trivy components. | |
| `uaaSecretName` | If using external UAA auth which has a self signed cert, you can provide a pre-created secret containing it under the key `ca.crt`. | |
| `imagePullPolicy` | The image pull policy | |
| `imagePullSecrets` | The imagePullSecrets names for all deployments | |
| `updateStrategy.type` | The update strategy for deployments with persistent volumes(jobservice, registry and chartmuseum): `RollingUpdate` or `Recreate`. Set it as `Recreate` when `RWM` for volumes isn't supported | `RollingUpdate` |
| `updateStrategy.type` | The update strategy for deployments with persistent volumes(jobservice, registry): `RollingUpdate` or `Recreate`. Set it as `Recreate` when `RWM` for volumes isn't supported | `RollingUpdate` |
| `logLevel` | The log level: `debug`, `info`, `warning`, `error` or `fatal` | `info` |
| `harborAdminPassword` | The initial password of Harbor admin. Change it from portal after launching Harbor | `Harbor12345` |
| `existingSecretAdminPassword` | The name of secret where admin password can be found. | |
| `existingSecretAdminPasswordKey` | The name of the key in the secret where to find harbor admin password Harbor | `HARBOR_ADMIN_PASSWORD` |
| `caSecretName` | The name of the secret which contains key named `ca.crt`. Setting this enables the download link on portal to download the CA certificate when the certificate isn't generated automatically | |
| `secretKey` | The key used for encryption. Must be a string of 16 chars | `not-a-secure-key` |
| `existingSecretSecretKey` | An existing secret containing the encoding secretKey | `""` |
@ -251,6 +244,10 @@ The following table lists the configurable parameters of the Harbor chart and th
| `jobservice.maxJobWorkers` | The max job workers | `10` |
| `jobservice.jobLoggers` | The loggers for jobs: `file`, `database` or `stdout` | `[file]` |
| `jobservice.loggerSweeperDuration` | The jobLogger sweeper duration in days (ignored if `jobLoggers` is set to `stdout`) | `14` |
| `jobservice.notification.webhook_job_max_retry` | The maximum retry of webhook sending notifications | `3` |
| `jobservice.notification.webhook_job_http_client_timeout` | The http client timeout value of webhook sending notifications | `3` |
| `jobservice.reaper.max_update_hours` | the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 | `24` |
| `jobservice.reaper.max_dangling_hours` | the max time for execution in running state without new task created | `168` |
| `jobservice.resources` | The [resources] to allocate for container | undefined |
| `jobservice.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `jobservice.nodeSelector` | Node labels for pod assignment | `{}` |
@ -278,27 +275,13 @@ The following table lists the configurable parameters of the Harbor chart and th
| `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| `registry.credentials.username` | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
| `registry.credentials.password` | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_CREDENTIAL_PASSWORD` | `""` |
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_PASSWD` | `""` |
| `registry.credentials.htpasswdString` | Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. | undefined |
| `registry.relativeurls` | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | `false` |
| `registry.upload_purging.enabled` | If true, enable purge _upload directories | `true` |
| `registry.upload_purging.age` | Remove files in _upload directories which exist for a period of time, default is one week. | `168h` |
| `registry.upload_purging.interval` | The interval of the purge operations | `24h` |
| `registry.upload_purging.dryrun` | If true, enable dryrun for purging _upload, default false | `false` |
| **Chartmuseum** | | |
| `chartmuseum.enabled` | Enable chartmusuem to store chart | `true` |
| `chartmuseum.absoluteUrl` | If true, ChartMuseum will return absolute URLs. The default behavior is to return relative URLs | `false` |
| `chartmuseum.image.repository` | Repository for chartmuseum image | `goharbor/chartmuseum-photon` |
| `chartmuseum.image.tag` | Tag for chartmuseum image | `dev` |
| `chartmuseum.replicas` | The replica count | `1` |
| `chartmuseum.revisionHistoryLimit` | The revision history limit | `10` |
| `chartmuseum.resources` | The [resources] to allocate for container | undefined |
| `chartmuseum.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
| `chartmuseum.nodeSelector` | Node labels for pod assignment | `{}` |
| `chartmuseum.tolerations` | Tolerations for pod assignment | `[]` |
| `chartmuseum.affinity` | Node/Pod affinities | `{}` |
| `chartmuseum.podAnnotations` | Annotations to add to the chart museum pod | `{}` |
| `chartmuseum.priorityClassName` | The priority class to run the pod as | |
| **[Trivy][trivy]** | | |
| `trivy.enabled` | The flag to enable Trivy scanner | `true` |
| `trivy.image.repository` | Repository for Trivy adapter image | `goharbor/trivy-adapter-photon` |
@ -336,7 +319,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `notary.affinity` | Node/Pod affinities | `{}` |
| `notary.podAnnotations` | Annotations to add to the notary pod | `{}` |
| `notary.serviceAnnotations` | Annotations to add to the notary service | `{}` |
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `tls.ca`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `ca.crt`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
| **Database** | | |
| `database.type` | If external database is used, set it to `external` | `internal` |
| `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` |
@ -380,8 +363,8 @@ The following table lists the configurable parameters of the Harbor chart and th
| `redis.external.coreDatabaseIndex` | The database index for core | `0` |
| `redis.external.jobserviceDatabaseIndex` | The database index for jobservice | `1` |
| `redis.external.registryDatabaseIndex` | The database index for registry | `2` |
| `redis.external.chartmuseumDatabaseIndex` | The database index for chartmuseum | `3` |
| `redis.external.trivyAdapterIndex` | The database index for trivy adapter | `5` |
| `redis.external.username` | The username of external Redis | |
| `redis.external.password` | The password of external Redis | |
| `redis.external.existingSecret` | Use an existing secret to connect to redis. The key must be `REDIS_PASSWORD`. | `""` |
| `redis.podAnnotations` | Annotations to add to the redis pod | `{}` |

View File

@ -172,7 +172,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- define "harbor.redis.url" -}}
{{- with .Values.redis }}
{{- $path := ternary "" (printf "/%s" (include "harbor.redis.masterSet" $)) (not (include "harbor.redis.masterSet" $)) }}
{{- $cred := ternary (printf ":%s@" (.external.password | urlquery)) "" (and (eq .type "external" ) (not (not .external.password))) }}
{{- $cred := ternary (printf "%s:%s@" (.external.username | urlquery) (.external.password | urlquery)) "" (and (eq .type "external" ) (not (not .external.password))) }}
{{- printf "%s://%s%s%s" (include "harbor.redis.scheme" $) $cred (include "harbor.redis.addr" $) $path -}}
{{- end }}
{{- end -}}
@ -215,12 +215,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- end }}
{{- end -}}
{{- define "harbor.redis.dbForChartmuseum" -}}
{{- with .Values.redis }}
{{- ternary "3" .external.chartmuseumDatabaseIndex (eq .type "internal") }}
{{- end }}
{{- end -}}
{{- define "harbor.portal" -}}
{{- printf "%s-portal" (include "harbor.fullname" .) -}}
{{- end -}}
@ -245,10 +239,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- printf "%s-registryctl" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.chartmuseum" -}}
{{- printf "%s-chartmuseum" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.database" -}}
{{- printf "%s-database" (include "harbor.fullname" .) -}}
{{- end -}}
@ -282,7 +272,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- end -}}
{{- define "harbor.noProxy" -}}
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.chartmuseum" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
{{- end -}}
{{- define "harbor.caBundleVolume" -}}
@ -306,24 +296,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- end -}}
{{- end -}}
{{/* chartmuseum component container port */}}
{{- define "harbor.chartmuseum.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "9443" -}}
{{- else -}}
{{- printf "9999" -}}
{{- end -}}
{{- end -}}
{{/* chartmuseum component service port */}}
{{- define "harbor.chartmuseum.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "443" -}}
{{- else -}}
{{- printf "80" -}}
{{- end -}}
{{- end -}}
{{/* core component container port */}}
{{- define "harbor.core.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
@ -468,14 +440,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.trivy" .) (include "harbor.trivy.servicePort" .) -}}
{{- end -}}
{{- define "harbor.internalTLS.chartmuseum.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.chartmuseum.secretName -}}
{{- else -}}
{{- printf "%s-chartmuseum-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.core.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.core.secretName -}}

View File

@ -1,118 +0,0 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
PORT: "{{ template "harbor.chartmuseum.containerPort" . }}"
{{- if .Values.internalTLS.enabled }}
TLS_CERT: "/etc/harbor/ssl/chartmuseum/tls.crt"
TLS_KEY: "/etc/harbor/ssl/chartmuseum/tls.key"
{{- end }}
{{- if eq "redis" (include "harbor.redis.scheme" .) }}
CACHE: "redis"
{{- else }}
CACHE: "redis_sentinel"
CACHE_REDIS_MASTERNAME: "{{ template "harbor.redis.masterSet" . }}"
{{- end }}
CACHE_REDIS_ADDR: "{{ template "harbor.redis.addr" . }}"
CACHE_REDIS_DB: "{{ template "harbor.redis.dbForChartmuseum" . }}"
BASIC_AUTH_USER: "chart_controller"
{{- if .Values.chartmuseum.absoluteUrl }}
CHART_URL: {{ .Values.externalURL }}/chartrepo
{{- end }}
DEPTH: "1"
{{- if eq .Values.logLevel "debug" }}
DEBUG: "true"
{{- else }}
DEBUG: "false"
{{- end }}
LOG_JSON: "true"
DISABLE_METRICS: "false"
DISABLE_API: "false"
DISABLE_STATEFILES: "false"
ALLOW_OVERWRITE: "true"
AUTH_ANONYMOUS_GET: "false"
CONTEXT_PATH: ""
INDEX_LIMIT: {{ .Values.chartmuseum.indexLimit | quote}}
MAX_STORAGE_OBJECTS: "0"
MAX_UPLOAD_SIZE: "20971520"
CHART_POST_FORM_FIELD_NAME: "chart"
PROV_POST_FORM_FIELD_NAME: "prov"
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $storageType := $storage.type }}
{{- if eq $storageType "filesystem" }}
STORAGE: "local"
STORAGE_LOCAL_ROOTDIR: "/chart_storage"
{{- else if eq $storageType "azure" }}
STORAGE: "microsoft"
STORAGE_MICROSOFT_CONTAINER: {{ $storage.azure.container }}
AZURE_STORAGE_ACCOUNT: {{ $storage.azure.accountname }}
AZURE_BASE_URL: {{ $storage.azure.realm }}
STORAGE_MICROSOFT_PREFIX: "/azure/harbor/charts"
{{- else if eq $storageType "gcs" }}
STORAGE: "google"
STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }}
{{- if not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity }}
GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json
{{- end }}
{{- if $storage.gcs.rootdirectory }}
STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }}
{{- end }}
{{- else if eq $storageType "s3" }}
STORAGE: "amazon"
STORAGE_AMAZON_BUCKET: {{ $storage.s3.bucket }}
{{- if $storage.s3.rootdirectory }}
STORAGE_AMAZON_PREFIX: {{ $storage.s3.rootdirectory }}
{{- end }}
STORAGE_AMAZON_REGION: {{ $storage.s3.region }}
{{- if $storage.s3.regionendpoint }}
STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }}
{{- end }}
{{- if $storage.s3.skipverify }}
AWS_INSECURE_SKIP_VERIFY: "true"
{{- end }}
{{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }}
AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }}
{{- end }}
{{- if $storage.s3.keyid }}
STORAGE_AMAZON_SSE: aws:kms
{{- end }}
{{- else if eq $storageType "swift" }}
STORAGE: "openstack"
STORAGE_OPENSTACK_CONTAINER: {{ $storage.swift.container }}
{{- if $storage.swift.prefix }}
STORAGE_OPENSTACK_PREFIX: {{ $storage.swift.prefix }}
{{- end }}
{{- if $storage.swift.region }}
STORAGE_OPENSTACK_REGION: {{ $storage.swift.region }}
{{- end }}
OS_AUTH_URL: {{ $storage.swift.authurl }}
OS_USERNAME: {{ $storage.swift.username }}
{{- if $storage.swift.tenantid }}
OS_PROJECT_ID: {{ $storage.swift.tenantid }}
{{- end }}
{{- if $storage.swift.tenant }}
OS_PROJECT_NAME: {{ $storage.swift.tenant }}
{{- end }}
{{- if $storage.swift.domainid }}
OS_DOMAIN_ID: {{ $storage.swift.domainid }}
{{- end }}
{{- if $storage.swift.domain }}
OS_DOMAIN_NAME: {{ $storage.swift.domain }}
{{- end }}
{{- else if eq $storageType "oss" }}
STORAGE: "alibaba"
STORAGE_ALIBABA_BUCKET: {{ $storage.oss.bucket }}
{{- if $storage.oss.rootdirectory }}
STORAGE_ALIBABA_PREFIX: {{ $storage.oss.rootdirectory }}
{{- end }}
{{- if $storage.oss.endpoint }}
STORAGE_ALIBABA_ENDPOINT: {{ $storage.oss.endpoint }}
{{- end }}
ALIBABA_CLOUD_ACCESS_KEY_ID: {{ $storage.oss.accesskeyid }}
{{- end }}
STORAGE_TIMESTAMP_TOLERANCE: 1s
{{- end }}

View File

@ -1,192 +0,0 @@
{{- if .Values.chartmuseum.enabled }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $type := $storage.type }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
component: chartmuseum
spec:
replicas: {{ .Values.chartmuseum.replicas }}
revisionHistoryLimit: {{ .Values.chartmuseum.revisionHistoryLimit }}
strategy:
type: {{ .Values.updateStrategy.type }}
{{- if eq .Values.updateStrategy.type "Recreate" }}
rollingUpdate: null
{{- end }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: chartmuseum
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: chartmuseum
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
checksum/tls: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-tls.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.chartmuseum.podAnnotations }}
{{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
runAsUser: 10000
fsGroup: 10000
{{- if .Values.chartmuseum.serviceAccountName }}
serviceAccountName: {{ .Values.chartmuseum.serviceAccountName }}
{{- end -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
automountServiceAccountToken: {{ .Values.chartmuseum.automountServiceAccountToken | default false }}
containers:
- name: chartmuseum
image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /health
scheme: {{ include "harbor.component.scheme" . | upper }}
port: {{ template "harbor.chartmuseum.containerPort" . }}
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
scheme: {{ include "harbor.component.scheme" . | upper }}
port: {{ template "harbor.chartmuseum.containerPort" . }}
initialDelaySeconds: 1
periodSeconds: 10
{{- if .Values.chartmuseum.resources }}
resources:
{{ toYaml .Values.chartmuseum.resources | indent 10 }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "harbor.chartmuseum" . }}"
- secretRef:
name: "{{ template "harbor.chartmuseum" . }}"
{{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
- secretRef:
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
{{- end }}
{{- if .Values.persistence.imageChartStorage.azure.existingSecret }}
- secretRef:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
{{- end }}
env:
{{- if has "chartmuseum" .Values.proxy.components }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
- name: HTTPS_PROXY
value: "{{ .Values.proxy.httpsProxy }}"
- name: NO_PROXY
value: "{{ template "harbor.noProxy" . }}"
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
- name: INTERNAL_TLS_KEY_PATH
value: /etc/harbor/ssl/chartmuseum/tls.key
- name: INTERNAL_TLS_CERT_PATH
value: /etc/harbor/ssl/chartmuseum/tls.crt
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /etc/harbor/ssl/chartmuseum/ca.crt
{{- end }}
- name: BASIC_AUTH_PASS
valueFrom:
secretKeyRef:
name: {{ template "harbor.core" . }}
key: secret
- # Needed to make AWS' client connect correctly (see https://github.com/helm/chartmuseum/issues/280)
name: AWS_SDK_LOAD_CONFIG
value: "1"
{{- if .Values.redis.external.existingSecret }}
- name: CACHE_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.redis.external.existingSecret }}
key: REDIS_PASSWORD
{{- end }}
ports:
- containerPort: {{ template "harbor.chartmuseum.containerPort" . }}
volumeMounts:
- name: chartmuseum-data
mountPath: /chart_storage
subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }}
{{- if .Values.internalTLS.enabled }}
- name: chart-internal-certs
mountPath: /etc/harbor/ssl/chartmuseum
{{- end }}
{{- if and (and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs")) (not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity ) }}
- name: gcs-key
mountPath: /etc/chartmuseum/gcs-key.json
subPath: gcs-key.json
{{- end }}
{{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
- name: storage-service-ca
mountPath: /harbor_cust_cert/custom-ca-bundle.crt
subPath: ca.crt
{{- end }}
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
{{- end }}
volumes:
- name: chartmuseum-data
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: chart-internal-certs
secret:
secretName: {{ template "harbor.internalTLS.chartmuseum.secretName" . }}
{{- end }}
{{- if and (and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs")) (not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity ) }}
- name: gcs-key
secret:
{{- if and (eq $type "gcs") $storage.gcs.existingSecret }}
secretName: {{ $storage.gcs.existingSecret }}
{{- else }}
secretName: {{ template "harbor.registry" . }}
{{- end }}
items:
- key: GCS_KEY_DATA
path: gcs-key.json
{{- end }}
{{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
- name: storage-service-ca
secret:
secretName: {{ .Values.persistence.imageChartStorage.caBundleSecretName }}
{{- end }}
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolume" . | indent 6 }}
{{- end }}
{{- with .Values.chartmuseum.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.chartmuseum.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.chartmuseum.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.chartmuseum.priorityClassName }}
priorityClassName: {{ .Values.chartmuseum.priorityClassName }}
{{- end }}
{{- end }}

View File

@ -1,35 +0,0 @@
{{- if .Values.chartmuseum.enabled }}
{{- $persistence := .Values.persistence -}}
{{- if $persistence.enabled }}
{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.chartmuseum" . }}
annotations:
{{- range $key, $value := $chartmuseum.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if eq .Values.persistence.resourcePolicy "keep" }}
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: chartmuseum
spec:
accessModes:
- {{ $chartmuseum.accessMode }}
resources:
requests:
storage: {{ $chartmuseum.size }}
{{- if $chartmuseum.storageClass }}
{{- if eq "-" $chartmuseum.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $chartmuseum.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,28 +0,0 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
{{- if not .Values.redis.external.existingSecret }}
CACHE_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }}
{{- end }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $storageType := $storage.type }}
{{- if and (eq $storageType "azure") (not $storage.azure.existingSecret) }}
AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }}
{{- else if eq $storageType "gcs" }}
# TODO support the keyfile of gcs
{{- else if eq $storageType "s3" }}
{{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }}
AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }}
{{- end }}
{{- else if eq $storageType "swift" }}
OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }}
{{- else if eq $storageType "oss" }}
ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }}
{{- end }}
{{- end }}

View File

@ -1,15 +0,0 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- port: {{ template "harbor.chartmuseum.servicePort" . }}
targetPort: {{ template "harbor.chartmuseum.containerPort" . }}
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: chartmuseum
{{- end }}

View File

@ -1,15 +0,0 @@
{{- if and .Values.chartmuseum.enabled .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
tls.ca: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.chartmuseum.crt\" is required!" .Values.internalTLS.chartmuseum.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.chartmuseum.key\" is required!" .Values.internalTLS.chartmuseum.key) | b64enc | quote }}
{{- end }}
{{- end }}

View File

@ -32,8 +32,6 @@ data:
WITH_TRIVY: {{ .Values.trivy.enabled | quote }}
TRIVY_ADAPTER_URL: "{{ template "harbor.trivyAdapterURL" . }}"
REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.persistence.imageChartStorage.type }}"
WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
CHART_REPOSITORY_URL: "{{ template "harbor.component.scheme" . }}://{{ template "harbor.chartmuseum" . }}"
LOG_LEVEL: "{{ .Values.logLevel }}"
CONFIG_PATH: "/etc/core/app.conf"
CHART_CACHE_DRIVER: "redis"

View File

@ -86,7 +86,14 @@ spec:
secretKeyRef:
name: "{{ template "harbor.jobservice" . }}"
key: JOBSERVICE_SECRET
{{- if .Values.internalTLS.enabled }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.existingSecretAdminPassword }}
key: {{ .Values.existingSecretAdminPasswordKey }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
- name: INTERNAL_TLS_KEY_PATH
@ -95,21 +102,21 @@ spec:
value: /etc/harbor/ssl/core/tls.crt
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /etc/harbor/ssl/core/ca.crt
{{- end }}
{{- if .Values.database.external.existingSecret }}
{{- end }}
{{- if .Values.database.external.existingSecret }}
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if .Values.registry.credentials.existingSecret }}
{{- end }}
{{- if .Values.registry.credentials.existingSecret }}
- name: REGISTRY_CREDENTIAL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- end }}
ports:
- containerPort: {{ template "harbor.core.containerPort" . }}
volumeMounts:

View File

@ -15,7 +15,9 @@ data:
tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }}
tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }}
{{- end }}
{{- if not .Values.existingSecretAdminPassword }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
{{- end }}
{{- if not .Values.database.external.existingSecret }}
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}

View File

@ -64,6 +64,13 @@ spec:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.existingSecretAdminPassword }}
key: {{ .Values.existingSecretAdminPasswordKey }}
{{- end }}
{{- if .Values.exporter.resources }}
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}

View File

@ -7,7 +7,9 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
{{- if not .Values.existingSecretAdminPassword }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
{{- end }}
{{- if not .Values.database.external.existingSecret }}
HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}

View File

@ -61,23 +61,6 @@ data:
tls.crt: {{ $portalCrt.Cert | b64enc | quote }}
tls.key: {{ $portalCrt.Key | b64enc | quote }}
{{- if .Values.chartmuseum.enabled }}
---
{{- $chartCN := (include "harbor.chartmuseum" .) }}
{{- $chartCrt := genSignedCert $chartCN nil (list $chartCN) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
tls.crt: {{ $chartCrt.Cert | b64enc | quote }}
tls.key: {{ $chartCrt.Key | b64enc | quote }}
{{- end }}
{{- if and .Values.trivy.enabled}}
---
{{- $trivyCN := (include "harbor.trivy" .) }}

View File

@ -10,6 +10,10 @@ data:
REGISTRY_URL: "{{ template "harbor.registryURL" . }}"
REGISTRY_CONTROLLER_URL: "{{ template "harbor.registryControllerURL" . }}"
REGISTRY_CREDENTIAL_USERNAME: "{{ .Values.registry.credentials.username }}"
JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}"
JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}"
{{- if has "jobservice" .Values.proxy.components }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"

View File

@ -49,4 +49,9 @@ data:
#Loggers for the job service
loggers:
- name: "STD_OUTPUT"
level: {{ .Values.logLevel | upper }}
level: {{ .Values.logLevel | upper }}
reaper:
# the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24
max_update_hours: {{ .Values.jobservice.reaper.max_update_hours }}
# the max time for execution in running state without new task created
max_dangling_hours: {{ .Values.jobservice.reaper.max_dangling_hours }}

View File

@ -127,6 +127,8 @@ data:
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_buffering off;
proxy_request_buffering off;
proxy_send_timeout 900;
proxy_read_timeout 900;
}
location /service/ {

View File

@ -88,6 +88,9 @@ data:
proxy_buffering off;
proxy_request_buffering off;
proxy_send_timeout 900;
proxy_read_timeout 900;
}
}
{{- end }}

View File

@ -23,6 +23,7 @@ spec:
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
checksum/tls: {{ include (print $.Template.BasePath "/portal/tls.yaml") . | sha256sum }}
{{- end }}
checksum/configmap: {{ include (print $.Template.BasePath "/portal/configmap.yaml") . | sha256sum }}
{{- if .Values.portal.podAnnotations }}
{{ toYaml .Values.portal.podAnnotations | indent 8 }}
{{- end }}

View File

@ -170,14 +170,6 @@ internalTLS:
crt: ""
# Content of portal's TLS key file, only available when `certSource` is "manual"
key: ""
# chartmuseum related cert configuration
chartmuseum:
# secret name for chartmuseum's tls certs
secretName: ""
# Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
crt: ""
# Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
key: ""
# trivy related cert configuration
trivy:
# secret name for trivy's tls certs
@ -222,13 +214,6 @@ persistence:
accessMode: ReadWriteOnce
size: 5Gi
annotations: {}
chartmuseum:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
annotations: {}
jobservice:
jobLog:
existingClaim: ""
@ -262,7 +247,7 @@ persistence:
accessMode: ReadWriteOnce
size: 5Gi
annotations: {}
# Define which storage backend is used for registry and chartmuseum to store
# Define which storage backend is used for registry to store
# images and charts. Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
# for the detail.
@ -276,13 +261,12 @@ persistence:
disableredirect: false
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
# The secret must contain keys named "ca.crt" which will be injected into the trust store
# of registry's and chartmuseum's containers.
# of registry's containers.
# caBundleSecretName:
# Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
# "oss" and fill the information needed in the corresponding section. The type
# must be "filesystem" if you want to use persistent volumes for registry
# and chartmuseum
type: filesystem
filesystem:
rootdirectory: /storage
@ -305,7 +289,6 @@ persistence:
useWorkloadIdentity: false
s3:
# Set an existing secret for S3 accesskey and secretkey
# keys in the secret should be AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for chartmuseum
# keys in the secret should be REGISTRY_STORAGE_S3_ACCESSKEY and REGISTRY_STORAGE_S3_SECRETKEY for registry
#existingSecret: ""
region: us-west-1
@ -363,8 +346,7 @@ imagePullSecrets:
# - name: docker-registry-secret
# - name: internal-registry-secret
# The update strategy for deployments with persistent volumes(jobservice, registry
# and chartmuseum): "RollingUpdate" or "Recreate"
# The update strategy for deployments with persistent volumes(jobservice, registry): "RollingUpdate" or "Recreate"
# Set it as "Recreate" when "RWM" for volumes isn't supported
updateStrategy:
type: RollingUpdate
@ -373,6 +355,10 @@ updateStrategy:
logLevel: info
# The initial password of Harbor admin. Change it from portal after launching Harbor
# or give an existing secret for it
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
# existingSecretAdminPassword:
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
harborAdminPassword: "Harbor12345"
# The name of the secret which contains key named "ca.crt". Setting this enables the
@ -382,7 +368,7 @@ caSecretName: ""
# The secret key used for encryption. Must be a string of 16 chars.
secretKey: "not-a-secure-key"
# If using existingSecretSecretKey, the key must be sercretKey
# If using existingSecretSecretKey, the key must be secretKey
existingSecretSecretKey: ""
# The proxy settings for updating trivy vulnerabilities from the Internet and replicating
@ -400,7 +386,7 @@ proxy:
enableMigrateHelmHook: false
# The custom ca bundle secret, the secret must contain key named "ca.crt"
# which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components
# which will be injected into the trust store for core, jobservice, registry, trivy components
# caBundleSecretName: ""
## UAA Authentication Options
@ -414,7 +400,7 @@ enableMigrateHelmHook: false
nginx:
image:
repository: goharbor/nginx-photon
tag: v2.7.1
tag: v2.8.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -436,7 +422,7 @@ nginx:
portal:
image:
repository: goharbor/harbor-portal
tag: v2.7.1
tag: v2.8.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -458,7 +444,7 @@ portal:
core:
image:
repository: goharbor/harbor-core
tag: v2.7.1
tag: v2.8.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -511,7 +497,7 @@ core:
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v2.7.1
tag: v2.8.0
replicas: 1
revisionHistoryLimit: 10
# set the service account to be used, default if left empty
@ -526,6 +512,14 @@ jobservice:
# - stdout
# The jobLogger sweeper duration (ignored if `jobLogger` is `stdout`)
loggerSweeperDuration: 14 #days
notification:
webhook_job_max_retry: 3
webhook_job_http_client_timeout: 3 # in seconds
reaper:
# the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24
max_update_hours: 24
# the max time for execution in running state without new task created
max_dangling_hours: 168
# resources:
# requests:
@ -551,7 +545,7 @@ registry:
registry:
image:
repository: goharbor/registry-photon
tag: v2.7.1
tag: v2.8.0
# resources:
# requests:
# memory: 256Mi
@ -559,7 +553,7 @@ registry:
controller:
image:
repository: goharbor/harbor-registryctl
tag: v2.7.1
tag: v2.8.0
# resources:
# requests:
@ -609,33 +603,6 @@ registry:
interval: 24h
dryrun: false
chartmuseum:
enabled: true
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
# Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
absoluteUrl: false
image:
repository: goharbor/chartmuseum-photon
tag: v2.7.1
replicas: 1
revisionHistoryLimit: 10
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## The priority class to run the pod as
priorityClassName:
## limit the number of parallel indexers
indexLimit: 0
trivy:
# enabled the flag to enable Trivy scanner
enabled: true
@ -643,7 +610,7 @@ trivy:
# repository the repository for Trivy adapter image
repository: goharbor/trivy-adapter-photon
# tag the tag for Trivy adapter image
tag: v2.7.1
tag: v2.8.0
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
@ -718,7 +685,7 @@ notary:
automountServiceAccountToken: false
image:
repository: goharbor/notary-server-photon
tag: v2.7.1
tag: v2.8.0
replicas: 1
# resources:
# requests:
@ -740,7 +707,7 @@ notary:
automountServiceAccountToken: false
image:
repository: goharbor/notary-signer-photon
tag: v2.7.1
tag: v2.8.0
replicas: 1
# resources:
# requests:
@ -763,7 +730,7 @@ notary:
database:
# if external database is used, set "type" to "external"
# and fill the connection informations in "external" section
# and fill the connection information in "external" section
type: internal
internal:
# set the service account to be used, default if left empty
@ -772,7 +739,7 @@ database:
automountServiceAccountToken: false
image:
repository: goharbor/harbor-db
tag: v2.7.1
tag: v2.8.0
# The initial superuser password for internal database
password: "changeit"
# The size limit for Shared memory, pgSQL use it for shared_buffer
@ -835,7 +802,7 @@ database:
redis:
# if external Redis is used, set "type" to "external"
# and fill the connection informations in "external" section
# and fill the connection information in "external" section
type: internal
internal:
# set the service account to be used, default if left empty
@ -844,7 +811,7 @@ redis:
automountServiceAccountToken: false
image:
repository: goharbor/redis-photon
tag: v2.7.1
tag: v2.8.0
# resources:
# requests:
# memory: 256Mi
@ -866,8 +833,9 @@ redis:
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
chartmuseumDatabaseIndex: "3"
trivyAdapterIndex: "5"
# username field can be an empty string and it will be authenticated against the default user
username: ""
password: ""
# If using existingSecret, the key must be REDIS_PASSWORD
existingSecret: ""
@ -887,7 +855,7 @@ exporter:
automountServiceAccountToken: false
image:
repository: goharbor/harbor-exporter
tag: v2.7.1
tag: v2.8.0
nodeSelector: {}
tolerations: []
affinity: {}

View File

@ -15,4 +15,4 @@ maintainers:
name: jaeger-operator
sources:
- https://github.com/jaegertracing/jaeger-operator
version: 2.42.0
version: 2.43.0

View File

@ -53,27 +53,28 @@ The command removes all the Kubernetes components associated with the chart and
The following table lists the configurable parameters of the jaeger-operator chart and their default values.
| Parameter | Description | Default |
| :---------------------- | :---------------------------------------------------------------------------------------------------------- | :------------------------------ |
| `serviceExtraLabels` | Additional labels to jaeger-operator service | `{}`
| `extraLabels` | Additional labels to jaeger-operator deployment | `{}`
| `image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` |
| `image.tag` | Controller container image tag | `1.43.0` |
| `image.pullPolicy` | Controller container image pull policy | `IfNotPresent` |
| `jaeger.create` | Jaeger instance will be created | `false` |
| `jaeger.spec` | Jaeger instance specification | `{}` |
| `rbac.create` | All required roles and rolebindings will be created | `true` |
| `serviceAccount.create` | Service account to use | `true` |
| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` |
| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` |
| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` |
| `extraEnv` | Additional environment variables passed to the operator. For example: name: LOG-LEVEL value: debug | `[]` |
| `resources` | K8s pod resources | `None` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `securityContext` | Security context for pod | `{}` |
| `priorityClassName` | Priority class name for the pod | `None` |
| Parameter | Description | Default |
|-:--------------------------|-:-----------------------------------------------------------------------------------------------------------|-:-------------------------------|
| `serviceExtraLabels` | Additional labels to jaeger-operator service | `{}` |
| `extraLabels` | Additional labels to jaeger-operator deployment | `{}` |
| `image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` |
| `image.tag` | Controller container image tag | `1.43.0` |
| `image.pullPolicy` | Controller container image pull policy | `IfNotPresent` |
| `jaeger.create` | Jaeger instance will be created | `false` |
| `jaeger.spec` | Jaeger instance specification | `{}` |
| `rbac.create` | All required roles and rolebindings will be created | `true` |
| `serviceAccount.create` | Service account to use | `true` |
| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` |
| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` |
| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` |
| `extraEnv` | Additional environment variables passed to the operator. For example: name: LOG-LEVEL value: debug | `[]` |
| `resources` | K8s pod resources | `None` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `securityContext` | Security context for pod | `{}` |
| `containerSecurityContext` | Security context for the container | `{}` |
| `priorityClassName` | Priority class name for the pod | `None` |
Specify each parameter you'd like to override using a YAML file as described above in the [installation](#installing-the-chart) section.

Some files were not shown because too many files have changed in this diff Show More