commit
f1b3d057c8
assets
datadog
dynatrace
haproxy
harbor
redpanda
speedscale
charts
bitnami
kafka
wordpress
datadog/datadog-operator
dynatrace/dynatrace-operator
templates
Common
harbor/harbor
templates
internal
jobservice
portal
jaeger/jaeger-operator
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -35,4 +35,4 @@ name: kafka
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/kafka
|
||||
- https://kafka.apache.org/
|
||||
version: 21.4.4
|
||||
version: 21.4.6
|
||||
|
|
|
@ -108,12 +108,17 @@ spec:
|
|||
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.type {{ upper .Values.provisioning.auth.tls.type | quote }}
|
||||
! is_empty_value "$KAFKA_CLIENT_KEY_PASSWORD" && kafka_common_conf_set "$CLIENT_CONF" ssl.key.password "$KAFKA_CLIENT_KEY_PASSWORD"
|
||||
{{- if eq (upper .Values.provisioning.auth.tls.type) "PEM" }}
|
||||
{{- if .Values.provisioning.auth.tls.caCert }}
|
||||
file_to_multiline_property() {
|
||||
awk 'NR > 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}"
|
||||
}
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.key "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.key }}")"
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")"
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")"
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")"
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")"
|
||||
{{- else }}
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"
|
||||
{{- end }}
|
||||
{{- else if eq (upper .Values.provisioning.auth.tls.type) "JKS" }}
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
|
||||
kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"
|
||||
|
|
|
@ -1568,7 +1568,10 @@ provisioning:
|
|||
type: jks
|
||||
## @param provisioning.auth.tls.certificatesSecret Existing secret containing the TLS certificates for the Kafka provisioning Job.
|
||||
## When using 'jks' format for certificates, the secret should contain a truststore and a keystore.
|
||||
## When using 'pem' format for certificates, the secret should contain a public CA certificate, a public certificate and one private key.
|
||||
## When using 'pem' format for certificates, the secret should contain one of the following:
|
||||
## 1. A public CA certificate, a public certificate and one private key.
|
||||
## 2. A truststore and a keystore in PEM format
|
||||
## If caCert is set, option 1 will be taken, otherwise option 2.
|
||||
##
|
||||
certificatesSecret: ""
|
||||
## @param provisioning.auth.tls.cert The secret key from the certificatesSecret if 'cert' key different from the default (tls.crt)
|
||||
|
|
|
@ -6,7 +6,7 @@ annotations:
|
|||
category: Database
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 8.0.32
|
||||
appVersion: 8.0.33
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
@ -30,4 +30,4 @@ name: mysql
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/mysql
|
||||
- https://mysql.com
|
||||
version: 9.7.1
|
||||
version: 9.7.2
|
||||
|
|
|
@ -79,28 +79,28 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### MySQL common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
|
||||
| `image.registry` | MySQL image registry | `docker.io` |
|
||||
| `image.repository` | MySQL image repository | `bitnami/mysql` |
|
||||
| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.32-debian-11-r21` |
|
||||
| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.createDatabase` | Whether to create the .Values.auth.database or not | `true` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MySQL replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
| Name | Description | Value |
|
||||
| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | MySQL image registry | `docker.io` |
|
||||
| `image.repository` | MySQL image repository | `bitnami/mysql` |
|
||||
| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.33-debian-11-r0` |
|
||||
| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `image.debug` | Specify if debug logs should be enabled | `false` |
|
||||
| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` |
|
||||
| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.createDatabase` | Whether to create the .Values.auth.database or not | `true` |
|
||||
| `auth.database` | Name for a custom database to create | `my_database` |
|
||||
| `auth.username` | Name for a custom user to create | `""` |
|
||||
| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` |
|
||||
| `auth.replicationUser` | MySQL replication user | `replicator` |
|
||||
| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` |
|
||||
| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` |
|
||||
| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` |
|
||||
| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` |
|
||||
| `initdbScripts` | Dictionary of initdb scripts | `{}` |
|
||||
| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` |
|
||||
|
||||
### MySQL Primary parameters
|
||||
|
||||
|
@ -307,7 +307,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -320,7 +320,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
|
||||
| `metrics.image.registry` | Exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` |
|
||||
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r103` |
|
||||
| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r109` |
|
||||
| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
|
@ -82,7 +82,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/mysql
|
||||
tag: 8.0.32-debian-11-r21
|
||||
tag: 8.0.33-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1008,7 +1008,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r102
|
||||
tag: 11-debian-11-r108
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -1042,7 +1042,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/mysqld-exporter
|
||||
tag: 0.14.0-debian-11-r103
|
||||
tag: 0.14.0-debian-11-r109
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -28,4 +28,4 @@ name: spark
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/spark
|
||||
- https://spark.apache.org/
|
||||
version: 6.4.2
|
||||
version: 6.4.4
|
||||
|
|
|
@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ------------------- | ----------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | Spark image registry | `docker.io` |
|
||||
| `image.repository` | Spark image repository | `bitnami/spark` |
|
||||
| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r12` |
|
||||
| `image.tag` | Spark image tag (immutable tags are recommended) | `3.3.2-debian-11-r13` |
|
||||
| `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Spark image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
|
|
@ -178,7 +178,7 @@ spec:
|
|||
volumeMounts:
|
||||
{{- if .Values.master.existingConfigmap }}
|
||||
- name: config
|
||||
mountPath: /bitnami/spark/conf/
|
||||
mountPath: /opt/bitnami/spark/conf/
|
||||
{{- end }}
|
||||
{{- if .Values.security.ssl.enabled }}
|
||||
- name: shared-certs
|
||||
|
|
|
@ -182,7 +182,7 @@ spec:
|
|||
volumeMounts:
|
||||
{{- if .Values.worker.existingConfigmap }}
|
||||
- name: config
|
||||
mountPath: '/bitnami/spark/conf/'
|
||||
mountPath: '/opt/bitnami/spark/conf/'
|
||||
{{- end }}
|
||||
{{- if .Values.security.ssl.enabled }}
|
||||
- name: shared-certs
|
||||
|
|
|
@ -92,7 +92,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/spark
|
||||
tag: 3.3.2-debian-11-r12
|
||||
tag: 3.3.2-debian-11-r13
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -3,4 +3,4 @@ dependencies:
|
|||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.2.4
|
||||
digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
|
||||
generated: "2023-03-13T11:48:45.478522499Z"
|
||||
generated: "2023-04-20T13:24:56.61515144Z"
|
||||
|
|
|
@ -6,7 +6,7 @@ annotations:
|
|||
category: ApplicationServer
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 10.1.7
|
||||
appVersion: 10.1.8
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: file://./charts/common
|
||||
|
@ -32,4 +32,4 @@ name: tomcat
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/tomcat
|
||||
- http://tomcat.apache.org
|
||||
version: 10.6.3
|
||||
version: 10.7.1
|
||||
|
|
|
@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
|
|||
## TL;DR
|
||||
|
||||
```console
|
||||
helm repo add my-repo https://charts.bitnami.com/bitnami
|
||||
helm install my-release my-repo/tomcat
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
```
|
||||
|
||||
## Introduction
|
||||
|
@ -35,8 +34,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
|
|||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm repo add my-repo https://charts.bitnami.com/bitnami
|
||||
helm install my-release my-repo/tomcat
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
```
|
||||
|
||||
These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
@ -81,7 +79,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ----------------------------- | ------------------------------------------------------------------------------------------------------ | --------------------- |
|
||||
| `image.registry` | Tomcat image registry | `docker.io` |
|
||||
| `image.repository` | Tomcat image repository | `bitnami/tomcat` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.7-debian-11-r5` |
|
||||
| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.8-debian-11-r1` |
|
||||
| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -203,7 +201,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r102` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r108` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -218,7 +216,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` |
|
||||
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
|
||||
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r6` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.18.0-debian-11-r12` |
|
||||
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -250,7 +248,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
|
|||
|
||||
```console
|
||||
helm install my-release \
|
||||
--set tomcatUsername=manager,tomcatPassword=password my-repo/tomcat
|
||||
--set tomcatUsername=manager,tomcatPassword=password oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
```
|
||||
|
||||
The above command sets the Tomcat management username and password to `manager` and `password` respectively.
|
||||
|
@ -260,7 +258,7 @@ The above command sets the Tomcat management username and password to `manager`
|
|||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml my-repo/tomcat
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
```
|
||||
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
@ -346,7 +344,7 @@ Consequences:
|
|||
```console
|
||||
export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 -d)
|
||||
kubectl delete deployments.apps tomcat
|
||||
helm upgrade tomcat my-repo/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
|
||||
helm upgrade tomcat oci://registry-1.docker.io/bitnamicharts/tomcat --set tomcatPassword=$TOMCAT_PASSWORD
|
||||
```
|
||||
|
||||
### To 7.0.0
|
||||
|
@ -364,13 +362,13 @@ This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which
|
|||
Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below:
|
||||
|
||||
```console
|
||||
helm upgrade my-release my-repo/tomcat
|
||||
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat
|
||||
```
|
||||
|
||||
If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below:
|
||||
|
||||
```console
|
||||
helm upgrade my-release my-repo/tomcat --set securityContext.enabled=false,image.tag=XXX
|
||||
helm upgrade my-release oci://registry-1.docker.io/bitnamicharts/tomcat --set securityContext.enabled=false,image.tag=XXX
|
||||
```
|
||||
|
||||
### To 1.0.0
|
||||
|
|
|
@ -58,7 +58,7 @@ extraDeploy: []
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/tomcat
|
||||
tag: 10.1.7-debian-11-r10
|
||||
tag: 10.1.8-debian-11-r1
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -582,7 +582,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r107
|
||||
tag: 11-debian-11-r108
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -642,7 +642,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/jmx-exporter
|
||||
tag: 0.18.0-debian-11-r11
|
||||
tag: 0.18.0-debian-11-r12
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -41,4 +41,4 @@ name: wordpress
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/wordpress
|
||||
- https://wordpress.org/
|
||||
version: 15.4.0
|
||||
version: 15.4.1
|
||||
|
|
|
@ -78,15 +78,15 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
### WordPress Image parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- |
|
||||
| `image.registry` | WordPress image registry | `docker.io` |
|
||||
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.0-debian-11-r8` |
|
||||
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
| Name | Description | Value |
|
||||
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | WordPress image registry | `docker.io` |
|
||||
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.0-debian-11-r11` |
|
||||
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
|
||||
| `image.debug` | Specify if debug values should be set | `false` |
|
||||
|
||||
### WordPress Configuration parameters
|
||||
|
||||
|
@ -248,7 +248,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r106` |
|
||||
| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r107` |
|
||||
| `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
|
||||
|
@ -280,7 +280,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
|
||||
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
|
||||
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.1-debian-11-r5` |
|
||||
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.1-debian-11-r7` |
|
||||
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
|
||||
|
|
|
@ -73,7 +73,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/wordpress
|
||||
tag: 6.2.0-debian-11-r8
|
||||
tag: 6.2.0-debian-11-r11
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -761,7 +761,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r106
|
||||
tag: 11-debian-11-r107
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -855,7 +855,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/apache-exporter
|
||||
tag: 0.13.1-debian-11-r5
|
||||
tag: 0.13.1-debian-11-r7
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -3,4 +3,4 @@ dependencies:
|
|||
repository: https://charts.bitnami.com/bitnami
|
||||
version: 2.2.4
|
||||
digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b
|
||||
generated: "2023-03-19T02:06:13.108650823Z"
|
||||
generated: "2023-04-20T13:54:08.945266062Z"
|
||||
|
|
|
@ -26,4 +26,4 @@ name: zookeeper
|
|||
sources:
|
||||
- https://github.com/bitnami/containers/tree/main/bitnami/zookeeper
|
||||
- https://zookeeper.apache.org/
|
||||
version: 11.1.6
|
||||
version: 11.2.1
|
||||
|
|
|
@ -11,8 +11,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema
|
|||
## TL;DR
|
||||
|
||||
```console
|
||||
helm repo add my-repo https://charts.bitnami.com/bitnami
|
||||
helm install my-release my-repo/zookeeper
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
```
|
||||
|
||||
## Introduction
|
||||
|
@ -32,8 +31,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment
|
|||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm repo add my-repo https://charts.bitnami.com/bitnami
|
||||
helm install my-release my-repo/zookeeper
|
||||
helm install my-release oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
```
|
||||
|
||||
These commands deploy ZooKeeper on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
|
||||
|
@ -82,7 +80,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| `image.registry` | ZooKeeper image registry | `docker.io` |
|
||||
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r18` |
|
||||
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r25` |
|
||||
| `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -248,7 +246,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r102` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r108` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
|
@ -319,7 +317,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm
|
|||
```console
|
||||
helm install my-release \
|
||||
--set auth.clientUser=newUser \
|
||||
my-repo/zookeeper
|
||||
oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
```
|
||||
|
||||
The above command sets the ZooKeeper user to `newUser`.
|
||||
|
@ -329,7 +327,7 @@ The above command sets the ZooKeeper user to `newUser`.
|
|||
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install my-release -f values.yaml my-repo/zookeeper
|
||||
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/zookeeper
|
||||
```
|
||||
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
|
|
@ -76,7 +76,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/zookeeper
|
||||
tag: 3.8.1-debian-11-r18
|
||||
tag: 3.8.1-debian-11-r25
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -660,7 +660,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/bitnami-shell
|
||||
tag: 11-debian-11-r102
|
||||
tag: 11-debian-11-r108
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -1,5 +1,14 @@
|
|||
# Changelog
|
||||
|
||||
## 1.0.2
|
||||
|
||||
* Use `.Release.Name` for reference to conversion webhook certificate in datadog-operator deployment.yaml
|
||||
|
||||
|
||||
## 1.0.1
|
||||
|
||||
* Use `.Release.Name` for conversion webhook certificate / issuer name to align with the certificate name generated in datadog-crds sub-chart
|
||||
|
||||
## 1.0.0
|
||||
|
||||
* Default image is now `1.0.0`
|
||||
|
|
|
@ -26,4 +26,4 @@ name: datadog-operator
|
|||
sources:
|
||||
- https://app.datadoghq.com/account/settings#agent/kubernetes
|
||||
- https://github.com/DataDog/datadog-agent
|
||||
version: 1.0.0
|
||||
version: 1.0.2
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Datadog Operator
|
||||
|
||||
![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
|
||||
![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
|
||||
|
||||
## Values
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ include "datadog-operator.name" . }}-selfsigned-issuer
|
||||
name: {{ .Release.Name }}-selfsigned-issuer
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
|
@ -13,7 +13,7 @@ spec:
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ include "datadog-operator.name" . }}-serving-cert
|
||||
name: {{ .Release.Name }}-serving-cert
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
dnsNames:
|
||||
|
@ -21,6 +21,6 @@ spec:
|
|||
- {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }}.{{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }}.svc.cluster.local
|
||||
issuerRef:
|
||||
kind: Issuer
|
||||
name: {{ include "datadog-operator.name" . }}-selfsigned-issuer
|
||||
secretName: {{ include "datadog-operator.name" . }}-webhook-server-cert
|
||||
name: {{ .Release.Name }}-selfsigned-issuer
|
||||
secretName: {{ .Release.Name }}-webhook-server-cert
|
||||
{{- end }}
|
||||
|
|
|
@ -152,5 +152,5 @@ spec:
|
|||
- name: cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ include "datadog-operator.name" . }}-webhook-server-cert
|
||||
secretName: {{ .Release.Name }}-webhook-server-cert
|
||||
{{- end }}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: Dynatrace Operator
|
||||
catalog.cattle.io/kube-version: '>=1.21.0-0'
|
||||
catalog.cattle.io/kube-version: '>=1.19.0-0'
|
||||
catalog.cattle.io/release-name: dynatrace-operator
|
||||
apiVersion: v2
|
||||
appVersion: 0.10.4
|
||||
appVersion: 0.11.0
|
||||
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
|
||||
home: https://www.dynatrace.com/
|
||||
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
|
||||
kubeVersion: '>=1.21.0-0'
|
||||
kubeVersion: '>=1.19.0-0'
|
||||
maintainers:
|
||||
- email: marcell.sevcsik@dynatrace.com
|
||||
name: 0sewa0
|
||||
|
@ -20,4 +20,4 @@ name: dynatrace-operator
|
|||
sources:
|
||||
- https://github.com/Dynatrace/dynatrace-operator
|
||||
type: application
|
||||
version: 0.10.4
|
||||
version: 0.11.0
|
||||
|
|
|
@ -16,7 +16,7 @@ Install the Dynatrace Operator via Helm by running the following commands.
|
|||
|
||||
Add `dynatrace` helm repository:
|
||||
```
|
||||
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable
|
||||
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
|
||||
```
|
||||
|
||||
Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace:
|
||||
|
|
|
@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.10.0
|
||||
controller-gen.kubebuilder.io/version: v0.11.1
|
||||
name: dynakubes.dynatrace.com
|
||||
spec:
|
||||
conversion:
|
||||
|
@ -225,6 +225,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits for
|
||||
single pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
||||
feature gate. \n This field is immutable. It can only be
|
||||
set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry in
|
||||
pod.spec.resourceClaims of the Pod where this field
|
||||
is used. It makes that resource available inside a
|
||||
container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -474,6 +496,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits for
|
||||
single ActiveGate pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
||||
feature gate. \n This field is immutable. It can only be
|
||||
set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry in
|
||||
pod.spec.resourceClaims of the Pod where this field
|
||||
is used. It makes that resource available inside a
|
||||
container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -734,6 +778,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits for
|
||||
single ActiveGate pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
||||
feature gate. \n This field is immutable. It can only be
|
||||
set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry in
|
||||
pod.spec.resourceClaims of the Pod where this field
|
||||
is used. It makes that resource available inside a
|
||||
container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -986,9 +1052,6 @@ spec:
|
|||
- jsonPath: .spec.apiUrl
|
||||
name: ApiUrl
|
||||
type: string
|
||||
- jsonPath: .status.tokens
|
||||
name: Tokens
|
||||
type: string
|
||||
- jsonPath: .status.phase
|
||||
name: Status
|
||||
type: string
|
||||
|
@ -1192,6 +1255,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits for
|
||||
single ActiveGate pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
||||
feature gate. \n This field is immutable. It can only be
|
||||
set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry in
|
||||
pod.spec.resourceClaims of the Pod where this field
|
||||
is used. It makes that resource available inside a
|
||||
container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -1386,7 +1471,7 @@ spec:
|
|||
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes
|
||||
are included in the calculations. \n If this value is
|
||||
nil, the behavior is equivalent to the Honor policy. This
|
||||
is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
feature flag."
|
||||
type: string
|
||||
nodeTaintsPolicy:
|
||||
|
@ -1396,8 +1481,8 @@ spec:
|
|||
tainted nodes for which the incoming pod has a toleration,
|
||||
are included. - Ignore: node taints are ignored. All nodes
|
||||
are included. \n If this value is nil, the behavior is
|
||||
equivalent to the Ignore policy. This is a alpha-level
|
||||
feature enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
equivalent to the Ignore policy. This is a beta-level
|
||||
feature default enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
feature flag."
|
||||
type: string
|
||||
topologyKey:
|
||||
|
@ -1609,6 +1694,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits for
|
||||
single ActiveGate pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
||||
feature gate. \n This field is immutable. It can only be
|
||||
set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry in
|
||||
pod.spec.resourceClaims of the Pod where this field
|
||||
is used. It makes that resource available inside a
|
||||
container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -1797,7 +1904,7 @@ spec:
|
|||
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes
|
||||
are included in the calculations. \n If this value is
|
||||
nil, the behavior is equivalent to the Honor policy. This
|
||||
is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
feature flag."
|
||||
type: string
|
||||
nodeTaintsPolicy:
|
||||
|
@ -1807,8 +1914,8 @@ spec:
|
|||
tainted nodes for which the incoming pod has a toleration,
|
||||
are included. - Ignore: node taints are ignored. All nodes
|
||||
are included. \n If this value is nil, the behavior is
|
||||
equivalent to the Ignore policy. This is a alpha-level
|
||||
feature enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
equivalent to the Ignore policy. This is a beta-level
|
||||
feature default enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
feature flag."
|
||||
type: string
|
||||
topologyKey:
|
||||
|
@ -1918,6 +2025,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits
|
||||
for the initContainer'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the
|
||||
DynamicResourceAllocation feature gate. \n This field
|
||||
is immutable. It can only be set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry
|
||||
in pod.spec.resourceClaims of the Pod where this
|
||||
field is used. It makes that resource available
|
||||
inside a container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -2118,6 +2247,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits
|
||||
for single pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the
|
||||
DynamicResourceAllocation feature gate. \n This field
|
||||
is immutable. It can only be set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry
|
||||
in pod.spec.resourceClaims of the Pod where this
|
||||
field is used. It makes that resource available
|
||||
inside a container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -2353,6 +2504,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits
|
||||
for the initContainer'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the
|
||||
DynamicResourceAllocation feature gate. \n This field
|
||||
is immutable. It can only be set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry
|
||||
in pod.spec.resourceClaims of the Pod where this
|
||||
field is used. It makes that resource available
|
||||
inside a container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -2393,6 +2566,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits
|
||||
for single pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the
|
||||
DynamicResourceAllocation feature gate. \n This field
|
||||
is immutable. It can only be set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry
|
||||
in pod.spec.resourceClaims of the Pod where this
|
||||
field is used. It makes that resource available
|
||||
inside a container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -2636,6 +2831,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits
|
||||
for single pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the
|
||||
DynamicResourceAllocation feature gate. \n This field
|
||||
is immutable. It can only be set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry
|
||||
in pod.spec.resourceClaims of the Pod where this
|
||||
field is used. It makes that resource available
|
||||
inside a container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -2883,6 +3100,28 @@ spec:
|
|||
description: 'Optional: define resources requests and limits for
|
||||
single ActiveGate pods'
|
||||
properties:
|
||||
claims:
|
||||
description: "Claims lists the names of resources, defined
|
||||
in spec.resourceClaims, that are used by this container.
|
||||
\n This is an alpha field and requires enabling the DynamicResourceAllocation
|
||||
feature gate. \n This field is immutable. It can only be
|
||||
set for containers."
|
||||
items:
|
||||
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
|
||||
properties:
|
||||
name:
|
||||
description: Name must match the name of one entry in
|
||||
pod.spec.resourceClaims of the Pod where this field
|
||||
is used. It makes that resource available inside a
|
||||
container.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
x-kubernetes-list-map-keys:
|
||||
- name
|
||||
x-kubernetes-list-type: map
|
||||
limits:
|
||||
additionalProperties:
|
||||
anyOf:
|
||||
|
@ -3071,7 +3310,7 @@ spec:
|
|||
- Ignore: nodeAffinity/nodeSelector are ignored. All nodes
|
||||
are included in the calculations. \n If this value is
|
||||
nil, the behavior is equivalent to the Honor policy. This
|
||||
is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
feature flag."
|
||||
type: string
|
||||
nodeTaintsPolicy:
|
||||
|
@ -3081,8 +3320,8 @@ spec:
|
|||
tainted nodes for which the incoming pod has a toleration,
|
||||
are included. - Ignore: node taints are ignored. All nodes
|
||||
are included. \n If this value is nil, the behavior is
|
||||
equivalent to the Ignore policy. This is a alpha-level
|
||||
feature enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
equivalent to the Ignore policy. This is a beta-level
|
||||
feature default enabled by the NodeInclusionPolicyInPodTopologySpread
|
||||
feature flag."
|
||||
type: string
|
||||
topologyKey:
|
||||
|
@ -3144,28 +3383,26 @@ spec:
|
|||
properties:
|
||||
activeGate:
|
||||
properties:
|
||||
imageHash:
|
||||
description: ImageHash contains the last image hash seen.
|
||||
imageID:
|
||||
type: string
|
||||
lastUpdateProbeTimestamp:
|
||||
description: LastUpdateProbeTimestamp defines the last timestamp
|
||||
when the querying for updates have been done
|
||||
lastProbeTimestamp:
|
||||
format: date-time
|
||||
type: string
|
||||
source:
|
||||
type: string
|
||||
version:
|
||||
description: Version contains the version to be deployed.
|
||||
type: string
|
||||
type: object
|
||||
communicationHostForClient:
|
||||
description: CommunicationHostForClient caches a communication host
|
||||
specific to the api url.
|
||||
codeModules:
|
||||
properties:
|
||||
host:
|
||||
imageID:
|
||||
type: string
|
||||
port:
|
||||
format: int32
|
||||
type: integer
|
||||
protocol:
|
||||
lastProbeTimestamp:
|
||||
format: date-time
|
||||
type: string
|
||||
source:
|
||||
type: string
|
||||
version:
|
||||
type: string
|
||||
type: object
|
||||
conditions:
|
||||
|
@ -3238,80 +3475,31 @@ spec:
|
|||
- type
|
||||
type: object
|
||||
type: array
|
||||
connectionInfo:
|
||||
description: ConnectionInfo caches information about the tenant and
|
||||
its communication hosts
|
||||
dynatraceApi:
|
||||
properties:
|
||||
communicationHosts:
|
||||
items:
|
||||
properties:
|
||||
host:
|
||||
type: string
|
||||
port:
|
||||
format: int32
|
||||
type: integer
|
||||
protocol:
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
formattedCommunicationEndpoints:
|
||||
type: string
|
||||
tenantUUID:
|
||||
type: string
|
||||
type: object
|
||||
eec:
|
||||
properties:
|
||||
imageHash:
|
||||
description: ImageHash contains the last image hash seen.
|
||||
type: string
|
||||
lastUpdateProbeTimestamp:
|
||||
description: LastUpdateProbeTimestamp defines the last timestamp
|
||||
when the querying for updates have been done
|
||||
lastActiveGateConnectionInfoRequest:
|
||||
format: date-time
|
||||
type: string
|
||||
version:
|
||||
description: Version contains the version to be deployed.
|
||||
lastOneAgentConnectionInfoRequest:
|
||||
format: date-time
|
||||
type: string
|
||||
lastTokenScopeRequest:
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
kubeSystemUUID:
|
||||
description: KubeSystemUUID contains the UUID of the current Kubernetes
|
||||
cluster
|
||||
type: string
|
||||
lastAPITokenProbeTimestamp:
|
||||
description: LastAPITokenProbeTimestamp tracks when the last request
|
||||
for the API token validity was sent
|
||||
lastTokenProbeTimestamp:
|
||||
description: 'Deprecated: use DynatraceApiStatus.LastTokenScopeRequest
|
||||
instead LastTokenProbeTimestamp tracks when the last request for
|
||||
the API token validity was sent'
|
||||
format: date-time
|
||||
type: string
|
||||
lastClusterVersionProbeTimestamp:
|
||||
description: LastClusterVersionProbeTimestamp indicates when the cluster's
|
||||
version was last checked
|
||||
format: date-time
|
||||
type: string
|
||||
lastDataIngestTokenProbeTimestamp:
|
||||
description: Deprecated, use LastAPITokenProbeTimestamp instead LastDataIngestTokenProbeTimestamp
|
||||
tracks when the last request for the DataIngest token validity was
|
||||
sent
|
||||
format: date-time
|
||||
type: string
|
||||
lastPaaSTokenProbeTimestamp:
|
||||
description: Deprecated, use LastAPITokenProbeTimestamp instead LastPaaSTokenProbeTimestamp
|
||||
tracks when the last request for the PaaS token validity was sent
|
||||
format: date-time
|
||||
type: string
|
||||
latestAgentVersionUnixDefault:
|
||||
description: LatestAgentVersionUnixDefault caches the current agent
|
||||
version for unix and the default installer which is configured for
|
||||
the environment
|
||||
type: string
|
||||
latestAgentVersionUnixPaas:
|
||||
description: LatestAgentVersionUnixDefault caches the current agent
|
||||
version for unix and the PaaS installer which is configured for
|
||||
the environment
|
||||
type: string
|
||||
oneAgent:
|
||||
properties:
|
||||
imageHash:
|
||||
description: ImageHash contains the last image hash seen.
|
||||
imageID:
|
||||
type: string
|
||||
instances:
|
||||
additionalProperties:
|
||||
|
@ -3322,41 +3510,33 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
type: object
|
||||
lastHostsRequestTimestamp:
|
||||
description: LastHostsRequestTimestamp indicates the last timestamp
|
||||
the Operator queried for hosts
|
||||
lastInstanceStatusUpdate:
|
||||
format: date-time
|
||||
type: string
|
||||
lastUpdateProbeTimestamp:
|
||||
description: LastUpdateProbeTimestamp defines the last timestamp
|
||||
when the querying for updates have been done
|
||||
lastProbeTimestamp:
|
||||
format: date-time
|
||||
type: string
|
||||
source:
|
||||
type: string
|
||||
version:
|
||||
description: Version contains the version to be deployed.
|
||||
type: string
|
||||
type: object
|
||||
phase:
|
||||
description: Defines the current state (Running, Updating, Error,
|
||||
...)
|
||||
type: string
|
||||
statsd:
|
||||
synthetic:
|
||||
properties:
|
||||
imageHash:
|
||||
description: ImageHash contains the last image hash seen.
|
||||
imageID:
|
||||
type: string
|
||||
lastUpdateProbeTimestamp:
|
||||
description: LastUpdateProbeTimestamp defines the last timestamp
|
||||
when the querying for updates have been done
|
||||
lastProbeTimestamp:
|
||||
format: date-time
|
||||
type: string
|
||||
source:
|
||||
type: string
|
||||
version:
|
||||
description: Version contains the version to be deployed.
|
||||
type: string
|
||||
type: object
|
||||
tokens:
|
||||
description: Credentials used to connect back to Dynatrace.
|
||||
type: string
|
||||
updatedTimestamp:
|
||||
description: UpdatedTimestamp indicates when the instance was last
|
||||
updated
|
||||
|
|
|
@ -34,7 +34,7 @@ spec:
|
|||
dynatrace.com/inject: "false"
|
||||
kubectl.kubernetes.io/default-container: provisioner
|
||||
cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false"
|
||||
{{- if and (eq (default false .Values.apparmor) true) (ne .Values.platform "openshift") }}
|
||||
{{- if and (eq (default false .Values.apparmor) true) (ne (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
container.apparmor.security.beta.kubernetes.io/driver: runtime/default
|
||||
container.apparmor.security.beta.kubernetes.io/registrar: runtime/default
|
||||
container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default
|
||||
|
@ -182,17 +182,6 @@ spec:
|
|||
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
|
||||
command:
|
||||
- csi-node-driver-registrar
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- csi-node-driver-registrar
|
||||
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
|
||||
- --mode=kubelet-registration-probe
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 15
|
||||
resources:
|
||||
{{- if .Values.csidriver.registrar.resources }}
|
||||
{{- toYaml .Values.csidriver.registrar.resources | nindent 10 }}
|
||||
|
@ -246,7 +235,7 @@ spec:
|
|||
securityContext: {}
|
||||
serviceAccountName: dynatrace-oneagent-csi-driver
|
||||
terminationGracePeriodSeconds: 30
|
||||
priorityClassName: dynatrace-high-priority
|
||||
priorityClassName: {{ include "dynatrace-operator.CSIPriorityClassName" . }}
|
||||
volumes:
|
||||
# This volume is where the registrar registers the plugin with kubelet
|
||||
- name: registration-dir
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
{{ if (eq (include "dynatrace-operator.needPriorityClass" .) "true") }}
|
||||
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
|
|
|
@ -21,9 +21,4 @@ metadata:
|
|||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
automountServiceAccountToken: false
|
||||
{{- if eq .Values.platform "openshift"}}
|
||||
imagePullSecrets:
|
||||
- name: redhat-connect
|
||||
- name: redhat-connect-sso
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
|
|
@ -21,9 +21,4 @@ metadata:
|
|||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
automountServiceAccountToken: false
|
||||
{{- if eq .Values.platform "openshift"}}
|
||||
imagePullSecrets:
|
||||
- name: redhat-connect
|
||||
- name: redhat-connect-sso
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
|
|
@ -55,6 +55,7 @@ rules:
|
|||
- get
|
||||
- update
|
||||
- delete
|
||||
- list
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
|
|
|
@ -106,7 +106,7 @@ spec:
|
|||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
{{- if ne .Values.platform "gke-autopilot"}}
|
||||
{{- if ne (include "dynatrace-operator.platform" .) "gke-autopilot" }}
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
|
|
|
@ -78,7 +78,7 @@ rules:
|
|||
- update
|
||||
|
||||
- apiGroups:
|
||||
- "" # "" indicates the core API group
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
|
@ -89,7 +89,7 @@ rules:
|
|||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- "" # "" indicates the core API group
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
|
@ -99,7 +99,7 @@ rules:
|
|||
- delete
|
||||
- create
|
||||
- apiGroups:
|
||||
- "" # "" indicates the core API group
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
|
@ -127,6 +127,12 @@ rules:
|
|||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods/log
|
||||
verbs:
|
||||
- get
|
||||
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
|
|
|
@ -20,10 +20,4 @@ metadata:
|
|||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
|
||||
{{ if eq .Values.platform "openshift" }}
|
||||
imagePullSecrets:
|
||||
- name: redhat-connect
|
||||
- name: redhat-connect-sso
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
|
@ -74,7 +74,7 @@ spec:
|
|||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
{{- if ne .Values.platform "gke-autopilot"}}
|
||||
{{- if ne (include "dynatrace-operator.platform" .) "gke-autopilot"}}
|
||||
- key: kubernetes.io/arch
|
||||
operator: In
|
||||
values:
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{ if and (.Values.webhook).highAvailability (eq (include "dynatrace-operator.partial" .) "false") }}
|
||||
apiVersion: policy/v1
|
||||
# v1 version supported since k8s 1.21
|
||||
apiVersion: {{ .Capabilities.APIVersions.Has "policy/v1" | ternary "policy/v1" "policy/v1beta1" }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: dynatrace-webhook
|
||||
|
|
|
@ -20,10 +20,5 @@ metadata:
|
|||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
|
||||
{{- if eq .Values.platform "openshift" }}
|
||||
imagePullSecrets:
|
||||
- name: redhat-connect
|
||||
- name: redhat-connect-sso
|
||||
{{- end }}
|
||||
{{ end }}
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
@ -21,15 +20,12 @@ allowPrivilegedContainer: false
|
|||
fsGroup:
|
||||
type: RunAsAny
|
||||
priority: 1
|
||||
{{- if (.Values.activeGate).readOnlyFs }}
|
||||
readOnlyRootFilesystem: true
|
||||
{{ else }}
|
||||
readOnlyRootFilesystem: false
|
||||
{{ end }}
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
type: MustRunAsNonRoot
|
||||
type: MustRunAs
|
||||
uid: 1001
|
||||
seLinuxContext:
|
||||
type: RunAsAny
|
||||
seccompProfiles:
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
|
||||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
{{- if and (eq (include "dynatrace-operator.platform" .) "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -21,6 +21,22 @@ Check if we need the csi driver.
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
CSI PriorityClassName
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.CSIPriorityClassName" -}}
|
||||
{{- default "dynatrace-high-priority" .Values.csidriver.existingPriorityClassName -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Check if we need the csi default priority class
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.needPriorityClass" -}}
|
||||
{{- if and (eq (include "dynatrace-operator.needCSI" .) "true") (not .Values.csidriver.existingPriorityClassName) -}}
|
||||
{{- printf "true" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
CSI plugin-dir path
|
||||
*/}}
|
||||
|
|
|
@ -27,8 +27,8 @@ Check if default image is used
|
|||
{{- if .Values.image -}}
|
||||
{{- printf "%s" .Values.image -}}
|
||||
{{- else -}}
|
||||
{{- if eq .Values.platform "google-marketplace" -}}
|
||||
{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" "{{ .Chart.AppVersion }}" }}
|
||||
{{- if eq (include "dynatrace-operator.platform" .) "google-marketplace" -}}
|
||||
{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" .Chart.AppVersion }}
|
||||
{{- else -}}
|
||||
{{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }}
|
||||
{{- end -}}
|
||||
|
@ -45,29 +45,3 @@ Check if we are generating only a part of the yamls
|
|||
{{- printf "false" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Check if platform is set
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.platformSet" -}}
|
||||
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google-marketplace") (eq .Values.platform "gke-autopilot") -}}
|
||||
{{ default "set" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Exclude Kubernetes manifest not running on OLM
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.openshiftOrOlm" -}}
|
||||
{{- if and (or (eq .Values.platform "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
|
||||
{{ default "true" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Check if the platform is set
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.platformRequired" -}}
|
||||
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformSet" .))}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
// Copyright 2020 Dynatrace LLC
|
||||
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
{{/*
|
||||
Auto-detect the platform (if not set), according to the available APIVersions
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.platform" -}}
|
||||
{{- if .Values.platform}}
|
||||
{{- printf .Values.platform -}}
|
||||
{{- else if .Capabilities.APIVersions.Has "security.openshift.io/v1" }}
|
||||
{{- printf "openshift" -}}
|
||||
{{- else if .Capabilities.APIVersions.Has "auto.gke.io/v1" }}
|
||||
{{- printf "gke-autopilot" -}}
|
||||
{{- else }}
|
||||
{{- printf "kubernetes" -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Exclude Kubernetes manifest not running on OLM
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.openshiftOrOlm" -}}
|
||||
{{- if and (or (eq (include "dynatrace-operator.platform" .) "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
|
||||
{{ default "true" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Check if platform is set to a valid one
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.platformIsValid" -}}
|
||||
{{- $validPlatforms := list "kubernetes" "openshift" "google-marketplace" "gke-autopilot" -}}
|
||||
{{- if has (include "dynatrace-operator.platform" .) $validPlatforms -}}
|
||||
{{ default "set" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Enforces that platform is set to a valid one
|
||||
*/}}
|
||||
{{- define "dynatrace-operator.platformRequired" -}}
|
||||
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformIsValid" .))}}
|
||||
{{- end -}}
|
|
@ -1,5 +1,4 @@
|
|||
{{- include "dynatrace-operator.platformRequired" . }}
|
||||
{{- if eq .Values.platform "google-marketplace" }}
|
||||
{{- if eq (include "dynatrace-operator.platform" .) "google-marketplace" }}
|
||||
# Copyright 2020 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
# may be set to "kubernetes", "openshift", or "gke-autopilot"
|
||||
platform: "kubernetes"
|
||||
platform: ""
|
||||
|
||||
image: ""
|
||||
customPullSecret: ""
|
||||
|
@ -51,8 +51,9 @@ csidriver:
|
|||
enabled: false
|
||||
nodeSelector: {}
|
||||
kubeletPath: "/var/lib/kubelet"
|
||||
existingPriorityClassName: "" # if defined, use this priorityclass instead of creating a new one
|
||||
priorityClassValue: "1000000"
|
||||
maxUnmountedVolumeAge: "" # defined in days, must be a plain number, default is "14"
|
||||
maxUnmountedVolumeAge: "" # defined in days, must be a plain number
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- Add support for gateway-controller-name (#185)
|
||||
- Use Ingress Controller 1.10.1 version for base image
|
||||
- Allow strategy override for Daemonset deployments (#186)
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
|
||||
catalog.cattle.io/kube-version: '>=1.22.0-0'
|
||||
|
@ -22,4 +21,4 @@ name: haproxy
|
|||
sources:
|
||||
- https://github.com/haproxytech/kubernetes-ingress
|
||||
type: application
|
||||
version: 1.30.1
|
||||
version: 1.30.3
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
controller:
|
||||
kind: DaemonSet
|
||||
kubernetesGateway:
|
||||
enabled: true
|
||||
gatewayControllerName: haproxy.org/gateway-controller
|
|
@ -0,0 +1,7 @@
|
|||
controller:
|
||||
kind: DaemonSet
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 0
|
||||
maxSurge: 1
|
|
@ -0,0 +1,4 @@
|
|||
controller:
|
||||
kubernetesGateway:
|
||||
enabled: true
|
||||
gatewayControllerName: haproxy.org/gateway-controller
|
|
@ -0,0 +1,6 @@
|
|||
controller:
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 0
|
||||
maxSurge: 1
|
|
@ -87,4 +87,25 @@ rules:
|
|||
- list
|
||||
- watch
|
||||
- update
|
||||
{{- if .Values.controller.kubernetesGateway.enabled }}
|
||||
- apiGroups:
|
||||
- "gateway.networking.k8s.io"
|
||||
resources:
|
||||
- referencegrants
|
||||
- gateways
|
||||
- gatewayclasses
|
||||
- tcproutes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- "gateway.networking.k8s.io"
|
||||
resources:
|
||||
- gatewayclasses/status
|
||||
- gateways/status
|
||||
- tcproutes/status
|
||||
verbs:
|
||||
- update
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
|
@ -34,10 +34,10 @@ metadata:
|
|||
{{- end }}
|
||||
spec:
|
||||
minReadySeconds: {{ .Values.controller.minReadySeconds }}
|
||||
{{- with .Values.controller.strategy }}
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
|
||||
|
@ -103,8 +103,8 @@ spec:
|
|||
{{- if .Values.controller.ingressClass }}
|
||||
- --ingress.class={{ .Values.controller.ingressClass }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.gatewayControllerName }}
|
||||
- --gateway-controller-name={{ .Values.controller.gatewayControllerName }}
|
||||
{{- if and .Values.controller.kubernetesGateway.enabled .Values.controller.kubernetesGateway.gatewayControllerName }}
|
||||
- --gateway-controller-name={{ .Values.controller.kubernetesGateway.gatewayControllerName }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.publishService.enabled }}
|
||||
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
|
||||
|
|
|
@ -104,8 +104,8 @@ spec:
|
|||
{{- if .Values.controller.ingressClass }}
|
||||
- --ingress.class={{ .Values.controller.ingressClass }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.gatewayControllerName }}
|
||||
- --gateway-controller-name={{ .Values.controller.gatewayControllerName }}
|
||||
{{- if and .Values.controller.kubernetesGateway.enabled .Values.controller.kubernetesGateway.gatewayControllerName }}
|
||||
- --gateway-controller-name={{ .Values.controller.kubernetesGateway.gatewayControllerName }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.publishService.enabled }}
|
||||
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
|
||||
|
|
|
@ -160,9 +160,12 @@ controller:
|
|||
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
|
||||
ingressClass: haproxy # typically "haproxy" or null to receive all events
|
||||
|
||||
# Gateway API controller, not available in k8s as default, but can be installed
|
||||
# Gateway API controller, not available in K8s as default but can be installed
|
||||
# ref: https://gateway-api.sigs.k8s.io/
|
||||
# gatewayControllerName: haproxy.org/gateway-controller
|
||||
# ref: https://gateway-api.sigs.k8s.io/guides/#installing-a-gateway-controller
|
||||
kubernetesGateway:
|
||||
enabled: false
|
||||
gatewayControllerName: haproxy.org/gateway-controller
|
||||
|
||||
## Additional labels to add to the deployment or daemonset metadata
|
||||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
||||
|
@ -437,11 +440,11 @@ controller:
|
|||
|
||||
## Controller deployment strategy definition
|
||||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
||||
strategy: {}
|
||||
# rollingUpdate:
|
||||
# maxSurge: 25%
|
||||
# maxUnavailable: 25%
|
||||
# type: RollingUpdate
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 0
|
||||
maxSurge: 1
|
||||
|
||||
## Controller Pod PriorityClass
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.20-0'
|
||||
catalog.cattle.io/release-name: harbor
|
||||
apiVersion: v1
|
||||
appVersion: 2.7.1
|
||||
appVersion: 2.8.0
|
||||
description: An open source trusted cloud native registry that stores, signs, and
|
||||
scans content
|
||||
home: https://goharbor.io
|
||||
|
@ -24,4 +24,4 @@ name: harbor
|
|||
sources:
|
||||
- https://github.com/goharbor/harbor
|
||||
- https://github.com/goharbor/harbor-helm
|
||||
version: 1.11.1
|
||||
version: 1.12.0
|
||||
|
|
|
@ -113,7 +113,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `expose.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} |
|
||||
| `expose.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] |
|
||||
| **Internal TLS** | | |
|
||||
| `internalTLS.enabled` | Enable TLS for the components (chartmuseum, core, jobservice, portal, registry, trivy) | `false` |
|
||||
| `internalTLS.enabled` | Enable TLS for the components (core, jobservice, portal, registry, trivy) | `false` |
|
||||
| `internalTLS.certSource` | Method to provide TLS for the components, options are `auto`, `manual`, `secret`. | `auto` |
|
||||
| `internalTLS.trustCa` | The content of trust CA, only available when `certSource` is `manual`. **Note**: all the internal certificates of the components must be issued by this CA | |
|
||||
| `internalTLS.core.secretName` | The secret name for core component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
|
||||
|
@ -128,9 +128,6 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `internalTLS.portal.secretName` | The secret name for portal component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
|
||||
| `internalTLS.portal.crt` | Content of portal's TLS cert file, only available when `certSource` is `manual` | |
|
||||
| `internalTLS.portal.key` | Content of portal's TLS key file, only available when `certSource` is `manual` | |
|
||||
| `internalTLS.chartmuseum.secretName` | The secret name for chartmuseum component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
|
||||
| `internalTLS.chartmuseum.crt` | Content of chartmuseum's TLS cert file, only available when `certSource` is `manual` | |
|
||||
| `internalTLS.chartmuseum.key` | Content of chartmuseum's TLS key file, only available when `certSource` is `manual` | |
|
||||
| `internalTLS.trivy.secretName` | The secret name for trivy component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
|
||||
| `internalTLS.trivy.crt` | Content of trivy's TLS cert file, only available when `certSource` is `manual` | |
|
||||
| `internalTLS.trivy.key` | Content of trivy's TLS key file, only available when `certSource` is `manual` | |
|
||||
|
@ -146,12 +143,6 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `persistence.persistentVolumeClaim.registry.accessMode` | The access mode of the volume | `ReadWriteOnce` |
|
||||
| `persistence.persistentVolumeClaim.registry.size` | The size of the volume | `5Gi` |
|
||||
| `persistence.persistentVolumeClaim.registry.annotations` | The annotations of the volume | |
|
||||
| `persistence.persistentVolumeClaim.chartmuseum.existingClaim` | Use the existing PVC which must be created manually before bound, and specify the `subPath` if the PVC is shared with other components | |
|
||||
| `persistence.persistentVolumeClaim.chartmuseum.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used (the default). Set it to `-` to disable dynamic provisioning | |
|
||||
| `persistence.persistentVolumeClaim.chartmuseum.subPath` | The sub path used in the volume | |
|
||||
| `persistence.persistentVolumeClaim.chartmuseum.accessMode` | The access mode of the volume | `ReadWriteOnce` |
|
||||
| `persistence.persistentVolumeClaim.chartmuseum.size` | The size of the volume | `5Gi` |
|
||||
| `persistence.persistentVolumeClaim.chartmuseum.annotations` | The annotations of the volume | |
|
||||
|`persistence.persistentVolumeClaim.jobservice.jobLog.existingClaim` | Use the existing PVC which must be created manually before bound, and specify the `subPath` if the PVC is shared with other components. | |
|
||||
| `persistence.persistentVolumeClaim.jobservice.jobLog.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used (the default). Set it to `-` to disable dynamic provisioning | |
|
||||
| `persistence.persistentVolumeClaim.jobservice.jobLog.subPath` | The sub path used in the volume | |
|
||||
|
@ -177,19 +168,21 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `persistence.persistentVolumeClaim.trivy.size` | The size of the volume | `1Gi` |
|
||||
| `persistence.persistentVolumeClaim.trivy.annotations` | The annotations of the volume | |
|
||||
| `persistence.imageChartStorage.disableredirect` | The configuration for managing redirects from content backends. For backends which not supported it (such as using minio for `s3` storage type), please set it to `true` to disable redirects. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect) for more details | `false` |
|
||||
| `persistence.imageChartStorage.caBundleSecretName` | Specify the `caBundleSecretName` if the storage service uses a self-signed certificate. The secret must contain keys named `ca.crt` which will be injected into the trust store of registry's and chartmuseum's containers. | |
|
||||
| `persistence.imageChartStorage.type` | The type of storage for images and charts: `filesystem`, `azure`, `gcs`, `s3`, `swift` or `oss`. The type must be `filesystem` if you want to use persistent volumes for registry and chartmuseum. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) for more details | `filesystem` |
|
||||
| `persistence.imageChartStorage.caBundleSecretName` | Specify the `caBundleSecretName` if the storage service uses a self-signed certificate. The secret must contain keys named `ca.crt` which will be injected into the trust store of registry's and containers. | |
|
||||
| `persistence.imageChartStorage.type` | The type of storage for images and charts: `filesystem`, `azure`, `gcs`, `s3`, `swift` or `oss`. The type must be `filesystem` if you want to use persistent volumes for registry. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) for more details | `filesystem` |
|
||||
| `persistence.imageChartStorage.gcs.existingSecret` | An existing secret containing the gcs service account json key. The key must be gcs-key.json. | `""` |
|
||||
| `persistence.imageChartStorage.gcs.useWorkloadIdentity` | A boolean to allow the use of workloadidentity in a GKE cluster. To use it, create a kubernetes service account and set the name in the key `serviceAccountName` of each component, then allow automounting the service account. | `false` |
|
||||
| **General** | | |
|
||||
| `externalURL` | The external URL for Harbor core service | `https://core.harbor.domain` |
|
||||
| `caBundleSecretName` | The custom CA bundle secret name, the secret must contain key named "ca.crt" which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components. | |
|
||||
| `caBundleSecretName` | The custom CA bundle secret name, the secret must contain key named "ca.crt" which will be injected into the trust store for core, jobservice, registry, trivy components. | |
|
||||
| `uaaSecretName` | If using external UAA auth which has a self signed cert, you can provide a pre-created secret containing it under the key `ca.crt`. | |
|
||||
| `imagePullPolicy` | The image pull policy | |
|
||||
| `imagePullSecrets` | The imagePullSecrets names for all deployments | |
|
||||
| `updateStrategy.type` | The update strategy for deployments with persistent volumes(jobservice, registry and chartmuseum): `RollingUpdate` or `Recreate`. Set it as `Recreate` when `RWM` for volumes isn't supported | `RollingUpdate` |
|
||||
| `updateStrategy.type` | The update strategy for deployments with persistent volumes(jobservice, registry): `RollingUpdate` or `Recreate`. Set it as `Recreate` when `RWM` for volumes isn't supported | `RollingUpdate` |
|
||||
| `logLevel` | The log level: `debug`, `info`, `warning`, `error` or `fatal` | `info` |
|
||||
| `harborAdminPassword` | The initial password of Harbor admin. Change it from portal after launching Harbor | `Harbor12345` |
|
||||
| `existingSecretAdminPassword` | The name of secret where admin password can be found. | |
|
||||
| `existingSecretAdminPasswordKey` | The name of the key in the secret where to find harbor admin password Harbor | `HARBOR_ADMIN_PASSWORD` |
|
||||
| `caSecretName` | The name of the secret which contains key named `ca.crt`. Setting this enables the download link on portal to download the CA certificate when the certificate isn't generated automatically | |
|
||||
| `secretKey` | The key used for encryption. Must be a string of 16 chars | `not-a-secure-key` |
|
||||
| `existingSecretSecretKey` | An existing secret containing the encoding secretKey | `""` |
|
||||
|
@ -251,6 +244,10 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `jobservice.maxJobWorkers` | The max job workers | `10` |
|
||||
| `jobservice.jobLoggers` | The loggers for jobs: `file`, `database` or `stdout` | `[file]` |
|
||||
| `jobservice.loggerSweeperDuration` | The jobLogger sweeper duration in days (ignored if `jobLoggers` is set to `stdout`) | `14` |
|
||||
| `jobservice.notification.webhook_job_max_retry` | The maximum retry of webhook sending notifications | `3` |
|
||||
| `jobservice.notification.webhook_job_http_client_timeout` | The http client timeout value of webhook sending notifications | `3` |
|
||||
| `jobservice.reaper.max_update_hours` | the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 | `24` |
|
||||
| `jobservice.reaper.max_dangling_hours` | the max time for execution in running state without new task created | `168` |
|
||||
| `jobservice.resources` | The [resources] to allocate for container | undefined |
|
||||
| `jobservice.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
|
||||
| `jobservice.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
|
@ -278,27 +275,13 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
|
||||
| `registry.credentials.username` | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
|
||||
| `registry.credentials.password` | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
|
||||
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_CREDENTIAL_PASSWORD` | `""` |
|
||||
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_PASSWD` | `""` |
|
||||
| `registry.credentials.htpasswdString` | Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. | undefined |
|
||||
| `registry.relativeurls` | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | `false` |
|
||||
| `registry.upload_purging.enabled` | If true, enable purge _upload directories | `true` |
|
||||
| `registry.upload_purging.age` | Remove files in _upload directories which exist for a period of time, default is one week. | `168h` |
|
||||
| `registry.upload_purging.interval` | The interval of the purge operations | `24h` |
|
||||
| `registry.upload_purging.dryrun` | If true, enable dryrun for purging _upload, default false | `false` |
|
||||
| **Chartmuseum** | | |
|
||||
| `chartmuseum.enabled` | Enable chartmusuem to store chart | `true` |
|
||||
| `chartmuseum.absoluteUrl` | If true, ChartMuseum will return absolute URLs. The default behavior is to return relative URLs | `false` |
|
||||
| `chartmuseum.image.repository` | Repository for chartmuseum image | `goharbor/chartmuseum-photon` |
|
||||
| `chartmuseum.image.tag` | Tag for chartmuseum image | `dev` |
|
||||
| `chartmuseum.replicas` | The replica count | `1` |
|
||||
| `chartmuseum.revisionHistoryLimit` | The revision history limit | `10` |
|
||||
| `chartmuseum.resources` | The [resources] to allocate for container | undefined |
|
||||
| `chartmuseum.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
|
||||
| `chartmuseum.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `chartmuseum.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `chartmuseum.affinity` | Node/Pod affinities | `{}` |
|
||||
| `chartmuseum.podAnnotations` | Annotations to add to the chart museum pod | `{}` |
|
||||
| `chartmuseum.priorityClassName` | The priority class to run the pod as | |
|
||||
| **[Trivy][trivy]** | | |
|
||||
| `trivy.enabled` | The flag to enable Trivy scanner | `true` |
|
||||
| `trivy.image.repository` | Repository for Trivy adapter image | `goharbor/trivy-adapter-photon` |
|
||||
|
@ -336,7 +319,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `notary.affinity` | Node/Pod affinities | `{}` |
|
||||
| `notary.podAnnotations` | Annotations to add to the notary pod | `{}` |
|
||||
| `notary.serviceAnnotations` | Annotations to add to the notary service | `{}` |
|
||||
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `tls.ca`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
|
||||
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `ca.crt`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
|
||||
| **Database** | | |
|
||||
| `database.type` | If external database is used, set it to `external` | `internal` |
|
||||
| `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` |
|
||||
|
@ -380,8 +363,8 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `redis.external.coreDatabaseIndex` | The database index for core | `0` |
|
||||
| `redis.external.jobserviceDatabaseIndex` | The database index for jobservice | `1` |
|
||||
| `redis.external.registryDatabaseIndex` | The database index for registry | `2` |
|
||||
| `redis.external.chartmuseumDatabaseIndex` | The database index for chartmuseum | `3` |
|
||||
| `redis.external.trivyAdapterIndex` | The database index for trivy adapter | `5` |
|
||||
| `redis.external.username` | The username of external Redis | |
|
||||
| `redis.external.password` | The password of external Redis | |
|
||||
| `redis.external.existingSecret` | Use an existing secret to connect to redis. The key must be `REDIS_PASSWORD`. | `""` |
|
||||
| `redis.podAnnotations` | Annotations to add to the redis pod | `{}` |
|
||||
|
|
|
@ -172,7 +172,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- define "harbor.redis.url" -}}
|
||||
{{- with .Values.redis }}
|
||||
{{- $path := ternary "" (printf "/%s" (include "harbor.redis.masterSet" $)) (not (include "harbor.redis.masterSet" $)) }}
|
||||
{{- $cred := ternary (printf ":%s@" (.external.password | urlquery)) "" (and (eq .type "external" ) (not (not .external.password))) }}
|
||||
{{- $cred := ternary (printf "%s:%s@" (.external.username | urlquery) (.external.password | urlquery)) "" (and (eq .type "external" ) (not (not .external.password))) }}
|
||||
{{- printf "%s://%s%s%s" (include "harbor.redis.scheme" $) $cred (include "harbor.redis.addr" $) $path -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
@ -215,12 +215,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.redis.dbForChartmuseum" -}}
|
||||
{{- with .Values.redis }}
|
||||
{{- ternary "3" .external.chartmuseumDatabaseIndex (eq .type "internal") }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.portal" -}}
|
||||
{{- printf "%s-portal" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
@ -245,10 +239,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- printf "%s-registryctl" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.chartmuseum" -}}
|
||||
{{- printf "%s-chartmuseum" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.database" -}}
|
||||
{{- printf "%s-database" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
@ -282,7 +272,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- end -}}
|
||||
|
||||
{{- define "harbor.noProxy" -}}
|
||||
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.chartmuseum" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
|
||||
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.caBundleVolume" -}}
|
||||
|
@ -306,24 +296,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* chartmuseum component container port */}}
|
||||
{{- define "harbor.chartmuseum.containerPort" -}}
|
||||
{{- if .Values.internalTLS.enabled -}}
|
||||
{{- printf "9443" -}}
|
||||
{{- else -}}
|
||||
{{- printf "9999" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* chartmuseum component service port */}}
|
||||
{{- define "harbor.chartmuseum.servicePort" -}}
|
||||
{{- if .Values.internalTLS.enabled -}}
|
||||
{{- printf "443" -}}
|
||||
{{- else -}}
|
||||
{{- printf "80" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* core component container port */}}
|
||||
{{- define "harbor.core.containerPort" -}}
|
||||
{{- if .Values.internalTLS.enabled -}}
|
||||
|
@ -468,14 +440,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.trivy" .) (include "harbor.trivy.servicePort" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.internalTLS.chartmuseum.secretName" -}}
|
||||
{{- if eq .Values.internalTLS.certSource "secret" -}}
|
||||
{{- .Values.internalTLS.chartmuseum.secretName -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-chartmuseum-internal-tls" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.internalTLS.core.secretName" -}}
|
||||
{{- if eq .Values.internalTLS.certSource "secret" -}}
|
||||
{{- .Values.internalTLS.core.secretName -}}
|
||||
|
|
|
@ -1,118 +0,0 @@
|
|||
{{- if .Values.chartmuseum.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: "{{ template "harbor.chartmuseum" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
data:
|
||||
PORT: "{{ template "harbor.chartmuseum.containerPort" . }}"
|
||||
{{- if .Values.internalTLS.enabled }}
|
||||
TLS_CERT: "/etc/harbor/ssl/chartmuseum/tls.crt"
|
||||
TLS_KEY: "/etc/harbor/ssl/chartmuseum/tls.key"
|
||||
{{- end }}
|
||||
{{- if eq "redis" (include "harbor.redis.scheme" .) }}
|
||||
CACHE: "redis"
|
||||
{{- else }}
|
||||
CACHE: "redis_sentinel"
|
||||
CACHE_REDIS_MASTERNAME: "{{ template "harbor.redis.masterSet" . }}"
|
||||
{{- end }}
|
||||
CACHE_REDIS_ADDR: "{{ template "harbor.redis.addr" . }}"
|
||||
CACHE_REDIS_DB: "{{ template "harbor.redis.dbForChartmuseum" . }}"
|
||||
BASIC_AUTH_USER: "chart_controller"
|
||||
{{- if .Values.chartmuseum.absoluteUrl }}
|
||||
CHART_URL: {{ .Values.externalURL }}/chartrepo
|
||||
{{- end }}
|
||||
DEPTH: "1"
|
||||
{{- if eq .Values.logLevel "debug" }}
|
||||
DEBUG: "true"
|
||||
{{- else }}
|
||||
DEBUG: "false"
|
||||
{{- end }}
|
||||
LOG_JSON: "true"
|
||||
DISABLE_METRICS: "false"
|
||||
DISABLE_API: "false"
|
||||
DISABLE_STATEFILES: "false"
|
||||
ALLOW_OVERWRITE: "true"
|
||||
AUTH_ANONYMOUS_GET: "false"
|
||||
CONTEXT_PATH: ""
|
||||
INDEX_LIMIT: {{ .Values.chartmuseum.indexLimit | quote}}
|
||||
MAX_STORAGE_OBJECTS: "0"
|
||||
MAX_UPLOAD_SIZE: "20971520"
|
||||
CHART_POST_FORM_FIELD_NAME: "chart"
|
||||
PROV_POST_FORM_FIELD_NAME: "prov"
|
||||
{{- $storage := .Values.persistence.imageChartStorage }}
|
||||
{{- $storageType := $storage.type }}
|
||||
{{- if eq $storageType "filesystem" }}
|
||||
STORAGE: "local"
|
||||
STORAGE_LOCAL_ROOTDIR: "/chart_storage"
|
||||
{{- else if eq $storageType "azure" }}
|
||||
STORAGE: "microsoft"
|
||||
STORAGE_MICROSOFT_CONTAINER: {{ $storage.azure.container }}
|
||||
AZURE_STORAGE_ACCOUNT: {{ $storage.azure.accountname }}
|
||||
AZURE_BASE_URL: {{ $storage.azure.realm }}
|
||||
STORAGE_MICROSOFT_PREFIX: "/azure/harbor/charts"
|
||||
{{- else if eq $storageType "gcs" }}
|
||||
STORAGE: "google"
|
||||
STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }}
|
||||
{{- if not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity }}
|
||||
GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json
|
||||
{{- end }}
|
||||
{{- if $storage.gcs.rootdirectory }}
|
||||
STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }}
|
||||
{{- end }}
|
||||
{{- else if eq $storageType "s3" }}
|
||||
STORAGE: "amazon"
|
||||
STORAGE_AMAZON_BUCKET: {{ $storage.s3.bucket }}
|
||||
{{- if $storage.s3.rootdirectory }}
|
||||
STORAGE_AMAZON_PREFIX: {{ $storage.s3.rootdirectory }}
|
||||
{{- end }}
|
||||
STORAGE_AMAZON_REGION: {{ $storage.s3.region }}
|
||||
{{- if $storage.s3.regionendpoint }}
|
||||
STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }}
|
||||
{{- end }}
|
||||
{{- if $storage.s3.skipverify }}
|
||||
AWS_INSECURE_SKIP_VERIFY: "true"
|
||||
{{- end }}
|
||||
{{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }}
|
||||
AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }}
|
||||
{{- end }}
|
||||
{{- if $storage.s3.keyid }}
|
||||
STORAGE_AMAZON_SSE: aws:kms
|
||||
{{- end }}
|
||||
{{- else if eq $storageType "swift" }}
|
||||
STORAGE: "openstack"
|
||||
STORAGE_OPENSTACK_CONTAINER: {{ $storage.swift.container }}
|
||||
{{- if $storage.swift.prefix }}
|
||||
STORAGE_OPENSTACK_PREFIX: {{ $storage.swift.prefix }}
|
||||
{{- end }}
|
||||
{{- if $storage.swift.region }}
|
||||
STORAGE_OPENSTACK_REGION: {{ $storage.swift.region }}
|
||||
{{- end }}
|
||||
OS_AUTH_URL: {{ $storage.swift.authurl }}
|
||||
OS_USERNAME: {{ $storage.swift.username }}
|
||||
{{- if $storage.swift.tenantid }}
|
||||
OS_PROJECT_ID: {{ $storage.swift.tenantid }}
|
||||
{{- end }}
|
||||
{{- if $storage.swift.tenant }}
|
||||
OS_PROJECT_NAME: {{ $storage.swift.tenant }}
|
||||
{{- end }}
|
||||
{{- if $storage.swift.domainid }}
|
||||
OS_DOMAIN_ID: {{ $storage.swift.domainid }}
|
||||
{{- end }}
|
||||
{{- if $storage.swift.domain }}
|
||||
OS_DOMAIN_NAME: {{ $storage.swift.domain }}
|
||||
{{- end }}
|
||||
{{- else if eq $storageType "oss" }}
|
||||
STORAGE: "alibaba"
|
||||
STORAGE_ALIBABA_BUCKET: {{ $storage.oss.bucket }}
|
||||
{{- if $storage.oss.rootdirectory }}
|
||||
STORAGE_ALIBABA_PREFIX: {{ $storage.oss.rootdirectory }}
|
||||
{{- end }}
|
||||
{{- if $storage.oss.endpoint }}
|
||||
STORAGE_ALIBABA_ENDPOINT: {{ $storage.oss.endpoint }}
|
||||
{{- end }}
|
||||
ALIBABA_CLOUD_ACCESS_KEY_ID: {{ $storage.oss.accesskeyid }}
|
||||
{{- end }}
|
||||
STORAGE_TIMESTAMP_TOLERANCE: 1s
|
||||
{{- end }}
|
|
@ -1,192 +0,0 @@
|
|||
{{- if .Values.chartmuseum.enabled }}
|
||||
{{- $storage := .Values.persistence.imageChartStorage }}
|
||||
{{- $type := $storage.type }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: "{{ template "harbor.chartmuseum" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
component: chartmuseum
|
||||
spec:
|
||||
replicas: {{ .Values.chartmuseum.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.chartmuseum.revisionHistoryLimit }}
|
||||
strategy:
|
||||
type: {{ .Values.updateStrategy.type }}
|
||||
{{- if eq .Values.updateStrategy.type "Recreate" }}
|
||||
rollingUpdate: null
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" . | indent 6 }}
|
||||
component: chartmuseum
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: chartmuseum
|
||||
annotations:
|
||||
checksum/configmap: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }}
|
||||
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
|
||||
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
|
||||
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
|
||||
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
|
||||
checksum/tls: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-tls.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.chartmuseum.podAnnotations }}
|
||||
{{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 10000
|
||||
fsGroup: 10000
|
||||
{{- if .Values.chartmuseum.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.chartmuseum.serviceAccountName }}
|
||||
{{- end -}}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.chartmuseum.automountServiceAccountToken | default false }}
|
||||
containers:
|
||||
- name: chartmuseum
|
||||
image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
|
||||
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
scheme: {{ include "harbor.component.scheme" . | upper }}
|
||||
port: {{ template "harbor.chartmuseum.containerPort" . }}
|
||||
initialDelaySeconds: 300
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
scheme: {{ include "harbor.component.scheme" . | upper }}
|
||||
port: {{ template "harbor.chartmuseum.containerPort" . }}
|
||||
initialDelaySeconds: 1
|
||||
periodSeconds: 10
|
||||
{{- if .Values.chartmuseum.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.chartmuseum.resources | indent 10 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ template "harbor.chartmuseum" . }}"
|
||||
- secretRef:
|
||||
name: "{{ template "harbor.chartmuseum" . }}"
|
||||
{{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.imageChartStorage.azure.existingSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- if has "chartmuseum" .Values.proxy.components }}
|
||||
- name: HTTP_PROXY
|
||||
value: "{{ .Values.proxy.httpProxy }}"
|
||||
- name: HTTPS_PROXY
|
||||
value: "{{ .Values.proxy.httpsProxy }}"
|
||||
- name: NO_PROXY
|
||||
value: "{{ template "harbor.noProxy" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.internalTLS.enabled }}
|
||||
- name: INTERNAL_TLS_ENABLED
|
||||
value: "true"
|
||||
- name: INTERNAL_TLS_KEY_PATH
|
||||
value: /etc/harbor/ssl/chartmuseum/tls.key
|
||||
- name: INTERNAL_TLS_CERT_PATH
|
||||
value: /etc/harbor/ssl/chartmuseum/tls.crt
|
||||
- name: INTERNAL_TLS_TRUST_CA_PATH
|
||||
value: /etc/harbor/ssl/chartmuseum/ca.crt
|
||||
{{- end }}
|
||||
- name: BASIC_AUTH_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "harbor.core" . }}
|
||||
key: secret
|
||||
- # Needed to make AWS' client connect correctly (see https://github.com/helm/chartmuseum/issues/280)
|
||||
name: AWS_SDK_LOAD_CONFIG
|
||||
value: "1"
|
||||
{{- if .Values.redis.external.existingSecret }}
|
||||
- name: CACHE_REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.redis.external.existingSecret }}
|
||||
key: REDIS_PASSWORD
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ template "harbor.chartmuseum.containerPort" . }}
|
||||
volumeMounts:
|
||||
- name: chartmuseum-data
|
||||
mountPath: /chart_storage
|
||||
subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }}
|
||||
{{- if .Values.internalTLS.enabled }}
|
||||
- name: chart-internal-certs
|
||||
mountPath: /etc/harbor/ssl/chartmuseum
|
||||
{{- end }}
|
||||
{{- if and (and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs")) (not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity ) }}
|
||||
- name: gcs-key
|
||||
mountPath: /etc/chartmuseum/gcs-key.json
|
||||
subPath: gcs-key.json
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
|
||||
- name: storage-service-ca
|
||||
mountPath: /harbor_cust_cert/custom-ca-bundle.crt
|
||||
subPath: ca.crt
|
||||
{{- end }}
|
||||
{{- if .Values.caBundleSecretName }}
|
||||
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: chartmuseum-data
|
||||
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- if .Values.internalTLS.enabled }}
|
||||
- name: chart-internal-certs
|
||||
secret:
|
||||
secretName: {{ template "harbor.internalTLS.chartmuseum.secretName" . }}
|
||||
{{- end }}
|
||||
{{- if and (and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs")) (not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity ) }}
|
||||
- name: gcs-key
|
||||
secret:
|
||||
{{- if and (eq $type "gcs") $storage.gcs.existingSecret }}
|
||||
secretName: {{ $storage.gcs.existingSecret }}
|
||||
{{- else }}
|
||||
secretName: {{ template "harbor.registry" . }}
|
||||
{{- end }}
|
||||
items:
|
||||
- key: GCS_KEY_DATA
|
||||
path: gcs-key.json
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
|
||||
- name: storage-service-ca
|
||||
secret:
|
||||
secretName: {{ .Values.persistence.imageChartStorage.caBundleSecretName }}
|
||||
{{- end }}
|
||||
{{- if .Values.caBundleSecretName }}
|
||||
{{ include "harbor.caBundleVolume" . | indent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.chartmuseum.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.chartmuseum.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.chartmuseum.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.chartmuseum.priorityClassName }}
|
||||
priorityClassName: {{ .Values.chartmuseum.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,35 +0,0 @@
|
|||
{{- if .Values.chartmuseum.enabled }}
|
||||
{{- $persistence := .Values.persistence -}}
|
||||
{{- if $persistence.enabled }}
|
||||
{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
|
||||
{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "harbor.chartmuseum" . }}
|
||||
annotations:
|
||||
{{- range $key, $value := $chartmuseum.annotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.persistence.resourcePolicy "keep" }}
|
||||
helm.sh/resource-policy: keep
|
||||
{{- end }}
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
component: chartmuseum
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ $chartmuseum.accessMode }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ $chartmuseum.size }}
|
||||
{{- if $chartmuseum.storageClass }}
|
||||
{{- if eq "-" $chartmuseum.storageClass }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: {{ $chartmuseum.storageClass }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,28 +0,0 @@
|
|||
{{- if .Values.chartmuseum.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "{{ template "harbor.chartmuseum" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if not .Values.redis.external.existingSecret }}
|
||||
CACHE_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- $storage := .Values.persistence.imageChartStorage }}
|
||||
{{- $storageType := $storage.type }}
|
||||
{{- if and (eq $storageType "azure") (not $storage.azure.existingSecret) }}
|
||||
AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }}
|
||||
{{- else if eq $storageType "gcs" }}
|
||||
# TODO support the keyfile of gcs
|
||||
{{- else if eq $storageType "s3" }}
|
||||
{{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }}
|
||||
AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- else if eq $storageType "swift" }}
|
||||
OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }}
|
||||
{{- else if eq $storageType "oss" }}
|
||||
ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||
{{- if .Values.chartmuseum.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: "{{ template "harbor.chartmuseum" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
spec:
|
||||
ports:
|
||||
- port: {{ template "harbor.chartmuseum.servicePort" . }}
|
||||
targetPort: {{ template "harbor.chartmuseum.containerPort" . }}
|
||||
selector:
|
||||
{{ include "harbor.matchLabels" . | indent 4 }}
|
||||
component: chartmuseum
|
||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||
{{- if and .Values.chartmuseum.enabled .Values.internalTLS.enabled }}
|
||||
{{- if eq .Values.internalTLS.certSource "manual" }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
tls.ca: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
|
||||
tls.crt: {{ (required "The \"internalTLS.chartmuseum.crt\" is required!" .Values.internalTLS.chartmuseum.crt) | b64enc | quote }}
|
||||
tls.key: {{ (required "The \"internalTLS.chartmuseum.key\" is required!" .Values.internalTLS.chartmuseum.key) | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -32,8 +32,6 @@ data:
|
|||
WITH_TRIVY: {{ .Values.trivy.enabled | quote }}
|
||||
TRIVY_ADAPTER_URL: "{{ template "harbor.trivyAdapterURL" . }}"
|
||||
REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.persistence.imageChartStorage.type }}"
|
||||
WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
|
||||
CHART_REPOSITORY_URL: "{{ template "harbor.component.scheme" . }}://{{ template "harbor.chartmuseum" . }}"
|
||||
LOG_LEVEL: "{{ .Values.logLevel }}"
|
||||
CONFIG_PATH: "/etc/core/app.conf"
|
||||
CHART_CACHE_DRIVER: "redis"
|
||||
|
|
|
@ -86,7 +86,14 @@ spec:
|
|||
secretKeyRef:
|
||||
name: "{{ template "harbor.jobservice" . }}"
|
||||
key: JOBSERVICE_SECRET
|
||||
{{- if .Values.internalTLS.enabled }}
|
||||
{{- if .Values.existingSecretAdminPassword }}
|
||||
- name: HARBOR_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.existingSecretAdminPassword }}
|
||||
key: {{ .Values.existingSecretAdminPasswordKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.internalTLS.enabled }}
|
||||
- name: INTERNAL_TLS_ENABLED
|
||||
value: "true"
|
||||
- name: INTERNAL_TLS_KEY_PATH
|
||||
|
@ -95,21 +102,21 @@ spec:
|
|||
value: /etc/harbor/ssl/core/tls.crt
|
||||
- name: INTERNAL_TLS_TRUST_CA_PATH
|
||||
value: /etc/harbor/ssl/core/ca.crt
|
||||
{{- end }}
|
||||
{{- if .Values.database.external.existingSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.database.external.existingSecret }}
|
||||
- name: POSTGRESQL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.database.external.existingSecret }}
|
||||
key: password
|
||||
{{- end }}
|
||||
{{- if .Values.registry.credentials.existingSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.registry.credentials.existingSecret }}
|
||||
- name: REGISTRY_CREDENTIAL_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.registry.credentials.existingSecret }}
|
||||
key: REGISTRY_PASSWD
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ template "harbor.core.containerPort" . }}
|
||||
volumeMounts:
|
||||
|
|
|
@ -15,7 +15,9 @@ data:
|
|||
tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }}
|
||||
tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if not .Values.existingSecretAdminPassword }}
|
||||
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if not .Values.database.external.existingSecret }}
|
||||
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
|
||||
{{- end }}
|
||||
|
|
|
@ -64,6 +64,13 @@ spec:
|
|||
name: {{ .Values.database.external.existingSecret }}
|
||||
key: password
|
||||
{{- end }}
|
||||
{{- if .Values.existingSecretAdminPassword }}
|
||||
- name: HARBOR_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.existingSecretAdminPassword }}
|
||||
key: {{ .Values.existingSecretAdminPasswordKey }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.exporter.resources | indent 10 }}
|
||||
|
|
|
@ -7,7 +7,9 @@ metadata:
|
|||
{{ include "harbor.labels" . | indent 4 }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if not .Values.existingSecretAdminPassword }}
|
||||
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if not .Values.database.external.existingSecret }}
|
||||
HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
|
||||
{{- end }}
|
||||
|
|
|
@ -61,23 +61,6 @@ data:
|
|||
tls.crt: {{ $portalCrt.Cert | b64enc | quote }}
|
||||
tls.key: {{ $portalCrt.Key | b64enc | quote }}
|
||||
|
||||
{{- if .Values.chartmuseum.enabled }}
|
||||
---
|
||||
{{- $chartCN := (include "harbor.chartmuseum" .) }}
|
||||
{{- $chartCrt := genSignedCert $chartCN nil (list $chartCN) 365 $ca }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||||
tls.crt: {{ $chartCrt.Cert | b64enc | quote }}
|
||||
tls.key: {{ $chartCrt.Key | b64enc | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.trivy.enabled}}
|
||||
---
|
||||
{{- $trivyCN := (include "harbor.trivy" .) }}
|
||||
|
|
|
@ -10,6 +10,10 @@ data:
|
|||
REGISTRY_URL: "{{ template "harbor.registryURL" . }}"
|
||||
REGISTRY_CONTROLLER_URL: "{{ template "harbor.registryControllerURL" . }}"
|
||||
REGISTRY_CREDENTIAL_USERNAME: "{{ .Values.registry.credentials.username }}"
|
||||
|
||||
JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}"
|
||||
JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}"
|
||||
|
||||
{{- if has "jobservice" .Values.proxy.components }}
|
||||
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
|
||||
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"
|
||||
|
|
|
@ -49,4 +49,9 @@ data:
|
|||
#Loggers for the job service
|
||||
loggers:
|
||||
- name: "STD_OUTPUT"
|
||||
level: {{ .Values.logLevel | upper }}
|
||||
level: {{ .Values.logLevel | upper }}
|
||||
reaper:
|
||||
# the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24
|
||||
max_update_hours: {{ .Values.jobservice.reaper.max_update_hours }}
|
||||
# the max time for execution in running state without new task created
|
||||
max_dangling_hours: {{ .Values.jobservice.reaper.max_dangling_hours }}
|
||||
|
|
|
@ -127,6 +127,8 @@ data:
|
|||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
proxy_send_timeout 900;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
|
||||
location /service/ {
|
||||
|
|
|
@ -88,6 +88,9 @@ data:
|
|||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
proxy_send_timeout 900;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
}
|
||||
{{- end }}
|
||||
|
|
|
@ -23,6 +23,7 @@ spec:
|
|||
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
|
||||
checksum/tls: {{ include (print $.Template.BasePath "/portal/tls.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
checksum/configmap: {{ include (print $.Template.BasePath "/portal/configmap.yaml") . | sha256sum }}
|
||||
{{- if .Values.portal.podAnnotations }}
|
||||
{{ toYaml .Values.portal.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -170,14 +170,6 @@ internalTLS:
|
|||
crt: ""
|
||||
# Content of portal's TLS key file, only available when `certSource` is "manual"
|
||||
key: ""
|
||||
# chartmuseum related cert configuration
|
||||
chartmuseum:
|
||||
# secret name for chartmuseum's tls certs
|
||||
secretName: ""
|
||||
# Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
|
||||
crt: ""
|
||||
# Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
|
||||
key: ""
|
||||
# trivy related cert configuration
|
||||
trivy:
|
||||
# secret name for trivy's tls certs
|
||||
|
@ -222,13 +214,6 @@ persistence:
|
|||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
annotations: {}
|
||||
chartmuseum:
|
||||
existingClaim: ""
|
||||
storageClass: ""
|
||||
subPath: ""
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
annotations: {}
|
||||
jobservice:
|
||||
jobLog:
|
||||
existingClaim: ""
|
||||
|
@ -262,7 +247,7 @@ persistence:
|
|||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
annotations: {}
|
||||
# Define which storage backend is used for registry and chartmuseum to store
|
||||
# Define which storage backend is used for registry to store
|
||||
# images and charts. Refer to
|
||||
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
|
||||
# for the detail.
|
||||
|
@ -276,13 +261,12 @@ persistence:
|
|||
disableredirect: false
|
||||
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
|
||||
# The secret must contain keys named "ca.crt" which will be injected into the trust store
|
||||
# of registry's and chartmuseum's containers.
|
||||
# of registry's containers.
|
||||
# caBundleSecretName:
|
||||
|
||||
# Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
|
||||
# "oss" and fill the information needed in the corresponding section. The type
|
||||
# must be "filesystem" if you want to use persistent volumes for registry
|
||||
# and chartmuseum
|
||||
type: filesystem
|
||||
filesystem:
|
||||
rootdirectory: /storage
|
||||
|
@ -305,7 +289,6 @@ persistence:
|
|||
useWorkloadIdentity: false
|
||||
s3:
|
||||
# Set an existing secret for S3 accesskey and secretkey
|
||||
# keys in the secret should be AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for chartmuseum
|
||||
# keys in the secret should be REGISTRY_STORAGE_S3_ACCESSKEY and REGISTRY_STORAGE_S3_SECRETKEY for registry
|
||||
#existingSecret: ""
|
||||
region: us-west-1
|
||||
|
@ -363,8 +346,7 @@ imagePullSecrets:
|
|||
# - name: docker-registry-secret
|
||||
# - name: internal-registry-secret
|
||||
|
||||
# The update strategy for deployments with persistent volumes(jobservice, registry
|
||||
# and chartmuseum): "RollingUpdate" or "Recreate"
|
||||
# The update strategy for deployments with persistent volumes(jobservice, registry): "RollingUpdate" or "Recreate"
|
||||
# Set it as "Recreate" when "RWM" for volumes isn't supported
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
|
@ -373,6 +355,10 @@ updateStrategy:
|
|||
logLevel: info
|
||||
|
||||
# The initial password of Harbor admin. Change it from portal after launching Harbor
|
||||
# or give an existing secret for it
|
||||
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
|
||||
# existingSecretAdminPassword:
|
||||
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
|
||||
harborAdminPassword: "Harbor12345"
|
||||
|
||||
# The name of the secret which contains key named "ca.crt". Setting this enables the
|
||||
|
@ -382,7 +368,7 @@ caSecretName: ""
|
|||
|
||||
# The secret key used for encryption. Must be a string of 16 chars.
|
||||
secretKey: "not-a-secure-key"
|
||||
# If using existingSecretSecretKey, the key must be sercretKey
|
||||
# If using existingSecretSecretKey, the key must be secretKey
|
||||
existingSecretSecretKey: ""
|
||||
|
||||
# The proxy settings for updating trivy vulnerabilities from the Internet and replicating
|
||||
|
@ -400,7 +386,7 @@ proxy:
|
|||
enableMigrateHelmHook: false
|
||||
|
||||
# The custom ca bundle secret, the secret must contain key named "ca.crt"
|
||||
# which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components
|
||||
# which will be injected into the trust store for core, jobservice, registry, trivy components
|
||||
# caBundleSecretName: ""
|
||||
|
||||
## UAA Authentication Options
|
||||
|
@ -414,7 +400,7 @@ enableMigrateHelmHook: false
|
|||
nginx:
|
||||
image:
|
||||
repository: goharbor/nginx-photon
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -436,7 +422,7 @@ nginx:
|
|||
portal:
|
||||
image:
|
||||
repository: goharbor/harbor-portal
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -458,7 +444,7 @@ portal:
|
|||
core:
|
||||
image:
|
||||
repository: goharbor/harbor-core
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -511,7 +497,7 @@ core:
|
|||
jobservice:
|
||||
image:
|
||||
repository: goharbor/harbor-jobservice
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
# set the service account to be used, default if left empty
|
||||
|
@ -526,6 +512,14 @@ jobservice:
|
|||
# - stdout
|
||||
# The jobLogger sweeper duration (ignored if `jobLogger` is `stdout`)
|
||||
loggerSweeperDuration: 14 #days
|
||||
notification:
|
||||
webhook_job_max_retry: 3
|
||||
webhook_job_http_client_timeout: 3 # in seconds
|
||||
reaper:
|
||||
# the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24
|
||||
max_update_hours: 24
|
||||
# the max time for execution in running state without new task created
|
||||
max_dangling_hours: 168
|
||||
|
||||
# resources:
|
||||
# requests:
|
||||
|
@ -551,7 +545,7 @@ registry:
|
|||
registry:
|
||||
image:
|
||||
repository: goharbor/registry-photon
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
|
@ -559,7 +553,7 @@ registry:
|
|||
controller:
|
||||
image:
|
||||
repository: goharbor/harbor-registryctl
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
|
||||
# resources:
|
||||
# requests:
|
||||
|
@ -609,33 +603,6 @@ registry:
|
|||
interval: 24h
|
||||
dryrun: false
|
||||
|
||||
chartmuseum:
|
||||
enabled: true
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
automountServiceAccountToken: false
|
||||
# Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
|
||||
absoluteUrl: false
|
||||
image:
|
||||
repository: goharbor/chartmuseum-photon
|
||||
tag: v2.7.1
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
## limit the number of parallel indexers
|
||||
indexLimit: 0
|
||||
|
||||
trivy:
|
||||
# enabled the flag to enable Trivy scanner
|
||||
enabled: true
|
||||
|
@ -643,7 +610,7 @@ trivy:
|
|||
# repository the repository for Trivy adapter image
|
||||
repository: goharbor/trivy-adapter-photon
|
||||
# tag the tag for Trivy adapter image
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -718,7 +685,7 @@ notary:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/notary-server-photon
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
replicas: 1
|
||||
# resources:
|
||||
# requests:
|
||||
|
@ -740,7 +707,7 @@ notary:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/notary-signer-photon
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
replicas: 1
|
||||
# resources:
|
||||
# requests:
|
||||
|
@ -763,7 +730,7 @@ notary:
|
|||
|
||||
database:
|
||||
# if external database is used, set "type" to "external"
|
||||
# and fill the connection informations in "external" section
|
||||
# and fill the connection information in "external" section
|
||||
type: internal
|
||||
internal:
|
||||
# set the service account to be used, default if left empty
|
||||
|
@ -772,7 +739,7 @@ database:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/harbor-db
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# The initial superuser password for internal database
|
||||
password: "changeit"
|
||||
# The size limit for Shared memory, pgSQL use it for shared_buffer
|
||||
|
@ -835,7 +802,7 @@ database:
|
|||
|
||||
redis:
|
||||
# if external Redis is used, set "type" to "external"
|
||||
# and fill the connection informations in "external" section
|
||||
# and fill the connection information in "external" section
|
||||
type: internal
|
||||
internal:
|
||||
# set the service account to be used, default if left empty
|
||||
|
@ -844,7 +811,7 @@ redis:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/redis-photon
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
|
@ -866,8 +833,9 @@ redis:
|
|||
coreDatabaseIndex: "0"
|
||||
jobserviceDatabaseIndex: "1"
|
||||
registryDatabaseIndex: "2"
|
||||
chartmuseumDatabaseIndex: "3"
|
||||
trivyAdapterIndex: "5"
|
||||
# username field can be an empty string and it will be authenticated against the default user
|
||||
username: ""
|
||||
password: ""
|
||||
# If using existingSecret, the key must be REDIS_PASSWORD
|
||||
existingSecret: ""
|
||||
|
@ -887,7 +855,7 @@ exporter:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/harbor-exporter
|
||||
tag: v2.7.1
|
||||
tag: v2.8.0
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
|
|
@ -15,4 +15,4 @@ maintainers:
|
|||
name: jaeger-operator
|
||||
sources:
|
||||
- https://github.com/jaegertracing/jaeger-operator
|
||||
version: 2.42.0
|
||||
version: 2.43.0
|
||||
|
|
|
@ -53,27 +53,28 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
|
||||
The following table lists the configurable parameters of the jaeger-operator chart and their default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| :---------------------- | :---------------------------------------------------------------------------------------------------------- | :------------------------------ |
|
||||
| `serviceExtraLabels` | Additional labels to jaeger-operator service | `{}`
|
||||
| `extraLabels` | Additional labels to jaeger-operator deployment | `{}`
|
||||
| `image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` |
|
||||
| `image.tag` | Controller container image tag | `1.43.0` |
|
||||
| `image.pullPolicy` | Controller container image pull policy | `IfNotPresent` |
|
||||
| `jaeger.create` | Jaeger instance will be created | `false` |
|
||||
| `jaeger.spec` | Jaeger instance specification | `{}` |
|
||||
| `rbac.create` | All required roles and rolebindings will be created | `true` |
|
||||
| `serviceAccount.create` | Service account to use | `true` |
|
||||
| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` |
|
||||
| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` |
|
||||
| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` |
|
||||
| `extraEnv` | Additional environment variables passed to the operator. For example: name: LOG-LEVEL value: debug | `[]` |
|
||||
| `resources` | K8s pod resources | `None` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
| `affinity` | Affinity settings for pod assignment | `{}` |
|
||||
| `securityContext` | Security context for pod | `{}` |
|
||||
| `priorityClassName` | Priority class name for the pod | `None` |
|
||||
| Parameter | Description | Default |
|
||||
|-:--------------------------|-:-----------------------------------------------------------------------------------------------------------|-:-------------------------------|
|
||||
| `serviceExtraLabels` | Additional labels to jaeger-operator service | `{}` |
|
||||
| `extraLabels` | Additional labels to jaeger-operator deployment | `{}` |
|
||||
| `image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` |
|
||||
| `image.tag` | Controller container image tag | `1.43.0` |
|
||||
| `image.pullPolicy` | Controller container image pull policy | `IfNotPresent` |
|
||||
| `jaeger.create` | Jaeger instance will be created | `false` |
|
||||
| `jaeger.spec` | Jaeger instance specification | `{}` |
|
||||
| `rbac.create` | All required roles and rolebindings will be created | `true` |
|
||||
| `serviceAccount.create` | Service account to use | `true` |
|
||||
| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` |
|
||||
| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` |
|
||||
| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` |
|
||||
| `extraEnv` | Additional environment variables passed to the operator. For example: name: LOG-LEVEL value: debug | `[]` |
|
||||
| `resources` | K8s pod resources | `None` |
|
||||
| `nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `tolerations` | Toleration labels for pod assignment | `[]` |
|
||||
| `affinity` | Affinity settings for pod assignment | `{}` |
|
||||
| `securityContext` | Security context for pod | `{}` |
|
||||
| `containerSecurityContext` | Security context for the container | `{}` |
|
||||
| `priorityClassName` | Priority class name for the pod | `None` |
|
||||
|
||||
Specify each parameter you'd like to override using a YAML file as described above in the [installation](#installing-the-chart) section.
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue