diff --git a/assets/argo/argo-cd-5.47.0.tgz b/assets/argo/argo-cd-5.47.0.tgz index 77503fb15..3725b2c23 100644 Binary files a/assets/argo/argo-cd-5.47.0.tgz and b/assets/argo/argo-cd-5.47.0.tgz differ diff --git a/assets/argo/argo-cd-5.49.0.tgz b/assets/argo/argo-cd-5.49.0.tgz new file mode 100644 index 000000000..4986e6cd0 Binary files /dev/null and b/assets/argo/argo-cd-5.49.0.tgz differ diff --git a/assets/bitnami/wordpress-18.0.12.tgz b/assets/bitnami/wordpress-18.0.12.tgz new file mode 100644 index 000000000..5eea871f6 Binary files /dev/null and b/assets/bitnami/wordpress-18.0.12.tgz differ diff --git a/assets/cert-manager/cert-manager-v1.13.2.tgz b/assets/cert-manager/cert-manager-v1.13.2.tgz new file mode 100644 index 000000000..8a699fd14 Binary files /dev/null and b/assets/cert-manager/cert-manager-v1.13.2.tgz differ diff --git a/assets/crowdstrike/falcon-sensor-1.22.1.tgz b/assets/crowdstrike/falcon-sensor-1.22.1.tgz new file mode 100644 index 000000000..80c73d181 Binary files /dev/null and b/assets/crowdstrike/falcon-sensor-1.22.1.tgz differ diff --git a/assets/external-secrets/external-secrets-0.9.8.tgz b/assets/external-secrets/external-secrets-0.9.8.tgz new file mode 100644 index 000000000..c7b16e129 Binary files /dev/null and b/assets/external-secrets/external-secrets-0.9.8.tgz differ diff --git a/assets/hashicorp/vault-0.25.0.tgz b/assets/hashicorp/vault-0.25.0.tgz index 6288de03a..1d0d68211 100644 Binary files a/assets/hashicorp/vault-0.25.0.tgz and b/assets/hashicorp/vault-0.25.0.tgz differ diff --git a/assets/hashicorp/vault-0.26.1.tgz b/assets/hashicorp/vault-0.26.1.tgz new file mode 100644 index 000000000..f0e580147 Binary files /dev/null and b/assets/hashicorp/vault-0.26.1.tgz differ diff --git a/assets/loft/loft-3.3.1.tgz b/assets/loft/loft-3.3.1.tgz new file mode 100644 index 000000000..461f9ce24 Binary files /dev/null and b/assets/loft/loft-3.3.1.tgz differ diff --git a/assets/nats/nats-1.1.3.tgz b/assets/nats/nats-1.1.3.tgz new file mode 100644 index 000000000..3a2a15bbc Binary files /dev/null and b/assets/nats/nats-1.1.3.tgz differ diff --git a/assets/new-relic/nri-bundle-5.0.43.tgz b/assets/new-relic/nri-bundle-5.0.43.tgz new file mode 100644 index 000000000..bc9e298bf Binary files /dev/null and b/assets/new-relic/nri-bundle-5.0.43.tgz differ diff --git a/assets/redpanda/redpanda-5.6.37.tgz b/assets/redpanda/redpanda-5.6.37.tgz new file mode 100644 index 000000000..8d6008d0f Binary files /dev/null and b/assets/redpanda/redpanda-5.6.37.tgz differ diff --git a/assets/stackstate/stackstate-k8s-agent-1.0.51.tgz b/assets/stackstate/stackstate-k8s-agent-1.0.51.tgz new file mode 100644 index 000000000..93dda7821 Binary files /dev/null and b/assets/stackstate/stackstate-k8s-agent-1.0.51.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index 1a550c344..95144722c 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,7 +1,7 @@ annotations: artifacthub.io/changes: | - kind: added - description: add terminationGracePeriodSeconds + description: Add notification cluster role support artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -11,7 +11,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.8.4 +appVersion: v2.8.5 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -33,4 +33,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.47.0 +version: 5.49.0 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index d870dbdc6..e0e250256 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -1160,6 +1160,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide |-----|------|---------|-------------| | notifications.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules | | notifications.argocdUrl | string | `nil` | Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates | +| notifications.clusterRoleRules.rules | list | `[]` | List of custom rules for the notifications controller's ClusterRole resource | | notifications.cm.create | bool | `true` | Whether helm chart creates notifications controller config map | | notifications.containerPorts.metrics | int | `9001` | Metrics container port | | notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | diff --git a/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml b/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml new file mode 100644 index 000000000..1d2e0fd7f --- /dev/null +++ b/charts/argo/argo-cd/templates/argocd-notifications/clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +rules: + {{- with .Values.notifications.clusterRoleRules.rules }} + {{- toYaml . | nindent 2 }} + {{- end }} + - apiGroups: + - "argoproj.io" + resources: + - "applications" + verbs: + - get + - list + - watch + - update + - patch +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml b/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml new file mode 100644 index 000000000..1b47bf123 --- /dev/null +++ b/charts/argo/argo-cd/templates/argocd-notifications/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.notifications.fullname" . }} + labels: + {{- include "argo-cd.labels" (dict "context" . "component" .Values.notifications.name "name" .Values.notifications.name) | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.notifications.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.notificationsServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml index 633e19432..edee786a4 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml @@ -78,13 +78,19 @@ spec: configMapKeyRef: key: notificationscontroller.log.level name: argocd-cmd-params-cm - optional: true + optional: true - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT valueFrom: configMapKeyRef: key: notificationscontroller.log.format name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 0352ef2e8..4ec932224 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -326,7 +326,7 @@ configs: [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= @@ -2997,6 +2997,12 @@ notifications: # -- Whether helm chart creates notifications controller config map create: true + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. + ## Defaults to off + clusterRoleRules: + # -- List of custom rules for the notifications controller's ClusterRole resource + rules: [] + # -- Contains centrally managed global application subscriptions ## For more information: https://argocd-notifications.readthedocs.io/en/stable/subscriptions/ subscriptions: [] diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 270bc2795..fcb1b77cd 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -10,7 +10,7 @@ annotations: - name: os-shell image: docker.io/bitnami/os-shell:11-debian-11-r90 - name: wordpress - image: docker.io/bitnami/wordpress:6.3.2-debian-11-r4 + image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5 licenses: Apache-2.0 apiVersion: v2 appVersion: 6.3.2 @@ -47,4 +47,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 18.0.11 +version: 18.0.12 diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 5b7e4e0cb..43cf568dd 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.3.2-debian-11-r4 + tag: 6.3.2-debian-11-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/cert-manager/cert-manager/Chart.yaml b/charts/cert-manager/cert-manager/Chart.yaml index 89669f325..c3ca8f4df 100644 --- a/charts/cert-manager/cert-manager/Chart.yaml +++ b/charts/cert-manager/cert-manager/Chart.yaml @@ -10,7 +10,7 @@ annotations: catalog.cattle.io/namespace: cert-manager catalog.cattle.io/release-name: cert-manager apiVersion: v1 -appVersion: v1.13.1 +appVersion: v1.13.2 description: A Helm chart for cert-manager home: https://github.com/cert-manager/cert-manager icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png @@ -27,4 +27,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.13.1 +version: v1.13.2 diff --git a/charts/cert-manager/cert-manager/README.md b/charts/cert-manager/cert-manager/README.md index c28a64c6c..7fbee254c 100644 --- a/charts/cert-manager/cert-manager/README.md +++ b/charts/cert-manager/cert-manager/README.md @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml ``` To install the chart with the release name `my-release`: @@ -29,7 +29,7 @@ To install the chart with the release name `my-release`: $ helm repo add jetstack https://charts.jetstack.io ## Install the cert-manager helm chart -$ helm install my-release --namespace cert-manager --version v1.13.1 jetstack/cert-manager +$ helm install my-release --namespace cert-manager --version v1.13.2 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml ``` ## Configuration @@ -86,7 +86,7 @@ The following table lists the configurable parameters of the cert-manager chart | `global.leaderElection.retryPeriod` | The duration the clients should wait between attempting acquisition and renewal of a leadership | | | `installCRDs` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | `false` | | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v1.13.1` | +| `image.tag` | Image tag | `v1.13.2` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicaCount` | Number of cert-manager replicas | `1` | | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod | @@ -171,7 +171,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.tolerations` | Node tolerations for webhook pod assignment | `[]` | | `webhook.topologySpreadConstraints` | Topology spread constraints for webhook pod assignment | `[]` | | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v1.13.1` | +| `webhook.image.tag` | Webhook image tag | `v1.13.2` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | | `webhook.securePort` | The port that the webhook should listen on for requests. | `10250` | | `webhook.securityContext` | Security context for webhook pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -210,13 +210,13 @@ The following table lists the configurable parameters of the cert-manager chart | `cainjector.tolerations` | Node tolerations for cainjector pod assignment | `[]` | | `cainjector.topologySpreadConstraints` | Topology spread constraints for cainjector pod assignment | `[]` | | `cainjector.image.repository` | cainjector image repository | `quay.io/jetstack/cert-manager-cainjector` | -| `cainjector.image.tag` | cainjector image tag | `v1.13.1` | +| `cainjector.image.tag` | cainjector image tag | `v1.13.2` | | `cainjector.image.pullPolicy` | cainjector image pull policy | `IfNotPresent` | | `cainjector.securityContext` | Security context for cainjector pod assignment | refer to [Default Security Contexts](#default-security-contexts) | | `cainjector.containerSecurityContext` | Security context to be set on cainjector component container | refer to [Default Security Contexts](#default-security-contexts) | | `cainjector.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. | `false` | | `acmesolver.image.repository` | acmesolver image repository | `quay.io/jetstack/cert-manager-acmesolver` | -| `acmesolver.image.tag` | acmesolver image tag | `v1.13.1` | +| `acmesolver.image.tag` | acmesolver image tag | `v1.13.2` | | `acmesolver.image.pullPolicy` | acmesolver image pull policy | `IfNotPresent` | | `startupapicheck.enabled` | Toggles whether the startupapicheck Job should be installed | `true` | | `startupapicheck.securityContext` | Security context for startupapicheck pod assignment | refer to [Default Security Contexts](#default-security-contexts) | @@ -232,7 +232,7 @@ The following table lists the configurable parameters of the cert-manager chart | `startupapicheck.tolerations` | Node tolerations for startupapicheck pod assignment | `[]` | | `startupapicheck.podLabels` | Optional additional labels to add to the startupapicheck Pods | `{}` | | `startupapicheck.image.repository` | startupapicheck image repository | `quay.io/jetstack/cert-manager-ctl` | -| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.1` | +| `startupapicheck.image.tag` | startupapicheck image tag | `v1.13.2` | | `startupapicheck.image.pullPolicy` | startupapicheck image pull policy | `IfNotPresent` | | `startupapicheck.serviceAccount.create` | If `true`, create a new service account for the startupapicheck component | `true` | | `startupapicheck.serviceAccount.name` | Service account for the startupapicheck component to be used. If not set and `startupapicheck.serviceAccount.create` is `true`, a name is generated using the fullname template | | diff --git a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml index 4935694d7..99830f953 100644 --- a/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml +++ b/charts/cert-manager/cert-manager/templates/webhook-deployment.yaml @@ -75,7 +75,7 @@ spec: {{ if not $config.securePort -}} - --secure-port={{ .Values.webhook.securePort }} {{- end }} - {{- if .Values.featureGates }} + {{- if .Values.webhook.featureGates }} - --feature-gates={{ .Values.webhook.featureGates }} {{- end }} {{- $tlsConfig := default $config.tlsConfig "" }} diff --git a/charts/crowdstrike/falcon-sensor/Chart.yaml b/charts/crowdstrike/falcon-sensor/Chart.yaml index 9b09dacf7..21a4bb936 100644 --- a/charts/crowdstrike/falcon-sensor/Chart.yaml +++ b/charts/crowdstrike/falcon-sensor/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>1.22.0-0' catalog.cattle.io/release-name: falcon-sensor apiVersion: v2 -appVersion: 1.21.2 +appVersion: 1.22.1 description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters. home: https://crowdstrike.com icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg @@ -24,4 +24,4 @@ name: falcon-sensor sources: - https://github.com/CrowdStrike/falcon-helm type: application -version: 1.21.2 +version: 1.22.1 diff --git a/charts/crowdstrike/falcon-sensor/templates/daemonset.yaml b/charts/crowdstrike/falcon-sensor/templates/daemonset.yaml index a9b78a248..ac8495a2d 100644 --- a/charts/crowdstrike/falcon-sensor/templates/daemonset.yaml +++ b/charts/crowdstrike/falcon-sensor/templates/daemonset.yaml @@ -108,6 +108,15 @@ spec: - name: falconstore-dir mountPath: /host_opt {{- end }} + resources: + requests: + cpu: 10m + ephemeral-storage: 10Mi + memory: 50Mi + limits: + cpu: 10m + ephemeral-storage: 10Mi + memory: 50Mi securityContext: runAsUser: 0 privileged: true diff --git a/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml b/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml index 9ce0c1ed1..2a7f0165e 100644 --- a/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml +++ b/charts/crowdstrike/falcon-sensor/templates/node_cleanup.yaml @@ -100,6 +100,15 @@ spec: - name: opt-crowdstrike mountPath: /host_opt {{- end }} + resources: + requests: + cpu: 10m + ephemeral-storage: 10Mi + memory: 50Mi + limits: + cpu: 10m + ephemeral-storage: 10Mi + memory: 50Mi securityContext: runAsUser: 0 privileged: true @@ -124,6 +133,15 @@ spec: - sleep 10 command: - /bin/bash + resources: + requests: + cpu: 10m + ephemeral-storage: 10Mi + memory: 50Mi + limits: + cpu: 10m + ephemeral-storage: 10Mi + memory: 50Mi securityContext: privileged: false readOnlyRootFilesystem: true diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index abc4dcfd3..5b49058e8 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.9.7 +appVersion: v0.9.8 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.9.7 +version: 0.9.8 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index aa08eac25..f327ca59f 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.7](https://img.shields.io/badge/Version-0.9.7-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.8](https://img.shields.io/badge/Version-0.9.8-informational?style=flat-square) External secret management for Kubernetes diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml index a6a20c5f1..7b4deb42f 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml @@ -79,16 +79,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -151,16 +163,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -177,10 +201,18 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string name: description: Finds secrets based on the name. @@ -215,6 +247,15 @@ spec: - source - target type: object + transform: + description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation. + properties: + template: + description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template. + type: string + required: + - template + type: object type: object type: array sourceRef: @@ -307,9 +348,16 @@ spec: type: object engineVersion: default: v2 + description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string mergePolicy: default: Replace + enum: + - Replace + - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. @@ -335,6 +383,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -357,6 +408,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -370,6 +424,10 @@ spec: type: object target: default: Data + enum: + - Data + - Annotations + - Labels type: string type: object type: array @@ -409,12 +467,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + namespaces: + description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing. + items: + type: string + type: array refreshTime: - description: The time in which the controller should reconcile it's objects and recheck namespaces for labels. + description: The time in which the controller should reconcile its objects and recheck namespaces for labels. type: string required: - externalSecretSpec - - namespaceSelector type: object status: description: ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret. diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index 3b545439f..1a2ff4008 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -657,7 +657,7 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -703,6 +703,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string @@ -2221,6 +2224,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string diff --git a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml index d9f637dbe..1e58e04a7 100644 --- a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml @@ -62,6 +62,9 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string key: description: Key is the key used in the Provider, mandatory @@ -90,6 +93,9 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string key: description: Key is the key used in the Provider, mandatory @@ -126,6 +132,10 @@ spec: creationPolicy: default: Owner description: CreationPolicy defines rules on how to create the resulting Secret Defaults to 'Owner' + enum: + - Owner + - Merge + - None type: string immutable: description: Immutable defines if the final secret will be immutable @@ -143,6 +153,9 @@ spec: engineVersion: default: v1 description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. @@ -288,16 +301,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -360,16 +385,28 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string key: description: Key is the key used in the Provider, mandatory type: string metadataPolicy: + default: None description: Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None + enum: + - None + - Fetch type: string property: description: Used to select a specific property of the Provider value (if a map), if supported @@ -386,10 +423,18 @@ spec: conversionStrategy: default: Default description: Used to define a conversion Strategy + enum: + - Default + - Unicode type: string decodingStrategy: default: None description: Used to define a decoding Strategy + enum: + - Auto + - Base64 + - Base64URL + - None type: string name: description: Finds secrets based on the name. @@ -424,6 +469,15 @@ spec: - source - target type: object + transform: + description: Used to apply string transformation on the secrets. The resulting key will be the output of the template applied by the operation. + properties: + template: + description: Used to define the template to apply on the secret name. `.value ` will specify the secret name in the template. + type: string + required: + - template + type: object type: object type: array sourceRef: @@ -516,9 +570,16 @@ spec: type: object engineVersion: default: v2 + description: EngineVersion specifies the template engine version that should be used to compile/execute the template specified in .data and .templateFrom[]. + enum: + - v1 + - v2 type: string mergePolicy: default: Replace + enum: + - Replace + - Merge type: string metadata: description: ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint. @@ -544,6 +605,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -566,6 +630,9 @@ spec: type: string templateAs: default: Values + enum: + - Values + - KeysAndValues type: string required: - key @@ -579,6 +646,10 @@ spec: type: object target: default: Data + enum: + - Data + - Annotations + - Labels type: string type: object type: array diff --git a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml index d8cd46887..3f0649b6e 100644 --- a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml @@ -80,6 +80,9 @@ spec: deletionPolicy: default: None description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".' + enum: + - Delete + - None type: string refreshInterval: description: The Interval to which External Secrets will try to push a secret definition diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index 43a260499..4f8df404f 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -657,7 +657,7 @@ spec: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -703,6 +703,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string @@ -2221,6 +2224,9 @@ spec: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index f5a2eebf3..9a26f09f0 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.7 - helm.sh/chart: external-secrets-0.9.7 + app.kubernetes.io/version: v0.9.8 + helm.sh/chart: external-secrets-0.9.8 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.7 - helm.sh/chart: external-secrets-0.9.7 + app.kubernetes.io/version: v0.9.8 + helm.sh/chart: external-secrets-0.9.8 spec: automountServiceAccountToken: true containers: @@ -38,7 +38,7 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.7 + image: ghcr.io/external-secrets/external-secrets:v0.9.8 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 7afc53251..6f1e0c022 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.7 - helm.sh/chart: external-secrets-0.9.7 + app.kubernetes.io/version: v0.9.8 + helm.sh/chart: external-secrets-0.9.8 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,14 +24,14 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.7 - helm.sh/chart: external-secrets-0.9.7 + app.kubernetes.io/version: v0.9.8 + helm.sh/chart: external-secrets-0.9.8 spec: automountServiceAccountToken: true containers: - args: - --concurrent=1 - image: ghcr.io/external-secrets/external-secrets:v0.9.7 + image: ghcr.io/external-secrets/external-secrets:v0.9.8 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap index b078e7e23..c52723693 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -662,7 +662,7 @@ should match snapshot of default values: description: Oracle configures this store to sync secrets using Oracle Vault provider properties: auth: - description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, use the instance principal, otherwise the user credentials specified in Auth. + description: Auth configures how secret-manager authenticates with the Oracle Vault. If empty, instance principal is used. Optionally, the authenticating principal type and/or user data may be supplied for the use of workload identity and user principal. properties: secretRef: description: SecretRef to pass through sensitive information. @@ -708,6 +708,9 @@ should match snapshot of default values: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string @@ -2226,6 +2229,9 @@ should match snapshot of default values: - tenancy - user type: object + principalType: + description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. + type: string region: description: Region is the region where vault is located. type: string diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 82c680a48..f58f7ad46 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.7 - helm.sh/chart: external-secrets-0.9.7 + app.kubernetes.io/version: v0.9.8 + helm.sh/chart: external-secrets-0.9.8 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.7 - helm.sh/chart: external-secrets-0.9.7 + app.kubernetes.io/version: v0.9.8 + helm.sh/chart: external-secrets-0.9.8 spec: automountServiceAccountToken: true containers: @@ -37,7 +37,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.7 + image: ghcr.io/external-secrets/external-secrets:v0.9.8 imagePullPolicy: IfNotPresent name: webhook ports: @@ -81,8 +81,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.7 + app.kubernetes.io/version: v0.9.8 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.7 + helm.sh/chart: external-secrets-0.9.8 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE diff --git a/charts/hashicorp/vault/CHANGELOG.md b/charts/hashicorp/vault/CHANGELOG.md index f3c466f2c..87ffb2099 100644 --- a/charts/hashicorp/vault/CHANGELOG.md +++ b/charts/hashicorp/vault/CHANGELOG.md @@ -1,5 +1,33 @@ ## Unreleased +## 0.26.1 (October 30, 2023) + +Bugs: +* Fix templating of `server.ha.replicas` when set via override file. The `0.26.0` chart would ignore `server.ha.replicas` and always deploy 3 server replicas when `server.ha.enabled=true` unless overridden by command line when issuing the helm command: `--set server.ha.replicas=`. Fixed in [GH-961](https://github.com/hashicorp/vault-helm/pull/961) + +## 0.26.0 (October 27, 2023) + +Changes: +* Default `vault` version updated to 1.15.1 +* Default `vault-k8s` version updated to 1.3.1 +* Default `vault-csi-provider` version updated to 1.4.1 +* Tested with Kubernetes versions 1.24-1.28 +* server: OpenShift default readiness probe returns 204 when uninitialized [GH-966](https://github.com/hashicorp/vault-helm/pull/966) + +Features: +* server: Add support for dual stack clusters [GH-833](https://github.com/hashicorp/vault-helm/pull/833) +* server: Support `hostAliases` for the StatefulSet pods [GH-955](https://github.com/hashicorp/vault-helm/pull/955) +* server: Add `server.service.active.annotations` and `server.service.standby.annotations` [GH-896](https://github.com/hashicorp/vault-helm/pull/896) +* server: Add long-lived service account token option [GH-923](https://github.com/hashicorp/vault-helm/pull/923) + +Bugs: +* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) + +Improvements: +* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909) +* server: use vault.fullname in Helm test [GH-912](https://github.com/hashicorp/vault-helm/pull/912) +* server: Allow scaling HA replicas to zero [GH-943](https://github.com/hashicorp/vault-helm/pull/943) + ## 0.25.0 (June 26, 2023) Changes: diff --git a/charts/hashicorp/vault/Chart.yaml b/charts/hashicorp/vault/Chart.yaml index 124e646dd..d34ec94e5 100644 --- a/charts/hashicorp/vault/Chart.yaml +++ b/charts/hashicorp/vault/Chart.yaml @@ -6,7 +6,7 @@ annotations: catalog.cattle.io/release-name: vault charts.openshift.io/name: HashiCorp Vault apiVersion: v2 -appVersion: 1.14.0 +appVersion: 1.15.1 description: Official HashiCorp Vault Chart home: https://www.vaultproject.io icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png @@ -25,4 +25,4 @@ sources: - https://github.com/hashicorp/vault-helm - https://github.com/hashicorp/vault-k8s - https://github.com/hashicorp/vault-csi-provider -version: 0.25.0 +version: 0.26.1 diff --git a/charts/hashicorp/vault/README.md b/charts/hashicorp/vault/README.md index 6e7014360..256bd8b91 100644 --- a/charts/hashicorp/vault/README.md +++ b/charts/hashicorp/vault/README.md @@ -10,7 +10,7 @@ cases of Vault on Kubernetes depending on the values provided. For full documentation on this Helm chart along with all the ways you can use Vault with Kubernetes, please see the -[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/). +[Vault and Kubernetes documentation](https://developer.hashicorp.com/vault/docs/platform/k8s). ## Prerequisites @@ -39,5 +39,5 @@ $ helm install vault hashicorp/vault Please see the many options supported in the `values.yaml` file. These are also fully documented directly on the [Vault -website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more +website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more detailed installation instructions. diff --git a/charts/hashicorp/vault/templates/NOTES.txt b/charts/hashicorp/vault/templates/NOTES.txt index 8e267121c..60d99a4e5 100644 --- a/charts/hashicorp/vault/templates/NOTES.txt +++ b/charts/hashicorp/vault/templates/NOTES.txt @@ -4,7 +4,7 @@ Thank you for installing HashiCorp Vault! Now that you have deployed Vault, you should look over the docs on using Vault with Kubernetes available here: -https://www.vaultproject.io/docs/ +https://developer.hashicorp.com/vault/docs Your release is named {{ .Release.Name }}. To learn more about the release, try: diff --git a/charts/hashicorp/vault/templates/_helpers.tpl b/charts/hashicorp/vault/templates/_helpers.tpl index dafac3787..965c7f64d 100644 --- a/charts/hashicorp/vault/templates/_helpers.tpl +++ b/charts/hashicorp/vault/templates/_helpers.tpl @@ -36,6 +36,13 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Allow the release namespace to be overridden +*/}} +{{- define "vault.namespace" -}} +{{- default .Release.Namespace .Values.global.namespace -}} +{{- end -}} + {{/* Compute if the csi driver is enabled. */}} @@ -75,6 +82,17 @@ Compute if the server serviceaccount is enabled. (eq (.Values.global.enabled | toString) "true"))) -}} {{- end -}} +{{/* +Compute if the server serviceaccount should have a token created and mounted to the serviceaccount. +*/}} +{{- define "vault.serverServiceAccountSecretCreationEnabled" -}} +{{- $_ := set . "serverServiceAccountSecretCreationEnabled" + (and + (eq (.Values.server.serviceAccount.create | toString) "true") + (eq (.Values.server.serviceAccount.createSecret | toString) "true")) -}} +{{- end -}} + + {{/* Compute if the server auth delegator serviceaccount is enabled. */}} @@ -149,7 +167,11 @@ Set's the replica count based on the different modes configured by user {{ if eq .mode "standalone" }} {{- default 1 -}} {{ else if eq .mode "ha" }} - {{- .Values.server.ha.replicas | default 3 -}} + {{- if or (kindIs "int64" .Values.server.ha.replicas) (kindIs "float64" .Values.server.ha.replicas) -}} + {{- .Values.server.ha.replicas -}} + {{ else }} + {{- 3 -}} + {{- end -}} {{ else }} {{- default 1 -}} {{ end }} @@ -688,6 +710,33 @@ Sets extra vault server Service annotations {{- end }} {{- end -}} +{{/* +Sets extra vault server Service (active) annotations +*/}} +{{- define "vault.service.active.annotations" -}} + {{- if .Values.server.service.active.annotations }} + {{- $tp := typeOf .Values.server.service.active.annotations }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.service.active.annotations . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.service.active.annotations | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} +{{/* +Sets extra vault server Service annotations +*/}} +{{- define "vault.service.standby.annotations" -}} + {{- if .Values.server.service.standby.annotations }} + {{- $tp := typeOf .Values.server.service.standby.annotations }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.service.standby.annotations . | nindent 4 }} + {{- else }} + {{- toYaml .Values.server.service.standby.annotations | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Sets PodSecurityPolicy annotations */}} diff --git a/charts/hashicorp/vault/templates/csi-agent-configmap.yaml b/charts/hashicorp/vault/templates/csi-agent-configmap.yaml index 7af08e8f9..18cdb04ac 100644 --- a/charts/hashicorp/vault/templates/csi-agent-configmap.yaml +++ b/charts/hashicorp/vault/templates/csi-agent-configmap.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "vault.fullname" . }}-csi-provider-agent-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider @@ -21,7 +21,7 @@ data: {{- if .Values.global.externalVaultAddr }} "address" = "{{ .Values.global.externalVaultAddr }}" {{- else }} - "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}" + "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}" {{- end }} } diff --git a/charts/hashicorp/vault/templates/csi-clusterrolebinding.yaml b/charts/hashicorp/vault/templates/csi-clusterrolebinding.yaml index d5a934688..506ec944a 100644 --- a/charts/hashicorp/vault/templates/csi-clusterrolebinding.yaml +++ b/charts/hashicorp/vault/templates/csi-clusterrolebinding.yaml @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{- end }} diff --git a/charts/hashicorp/vault/templates/csi-daemonset.yaml b/charts/hashicorp/vault/templates/csi-daemonset.yaml index 28e7cd070..1436ff905 100644 --- a/charts/hashicorp/vault/templates/csi-daemonset.yaml +++ b/charts/hashicorp/vault/templates/csi-daemonset.yaml @@ -9,7 +9,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} @@ -71,7 +71,7 @@ spec: {{- else if .Values.global.externalVaultAddr }} value: "{{ .Values.global.externalVaultAddr }}" {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }} {{- end }} volumeMounts: - name: providervol diff --git a/charts/hashicorp/vault/templates/csi-role.yaml b/charts/hashicorp/vault/templates/csi-role.yaml index dd23af655..17e1918b4 100644 --- a/charts/hashicorp/vault/templates/csi-role.yaml +++ b/charts/hashicorp/vault/templates/csi-role.yaml @@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-csi-provider-role + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/csi-rolebinding.yaml b/charts/hashicorp/vault/templates/csi-rolebinding.yaml index e61f2dc2d..3d3b981b8 100644 --- a/charts/hashicorp/vault/templates/csi-rolebinding.yaml +++ b/charts/hashicorp/vault/templates/csi-rolebinding.yaml @@ -9,6 +9,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-csi-provider-rolebinding + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} @@ -20,5 +21,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{- end }} diff --git a/charts/hashicorp/vault/templates/csi-serviceaccount.yaml b/charts/hashicorp/vault/templates/csi-serviceaccount.yaml index 25e123ee9..6327a7b2f 100644 --- a/charts/hashicorp/vault/templates/csi-serviceaccount.yaml +++ b/charts/hashicorp/vault/templates/csi-serviceaccount.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "vault.fullname" . }}-csi-provider - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/injector-certs-secret.yaml b/charts/hashicorp/vault/templates/injector-certs-secret.yaml index 3e5ddb7b9..f6995af10 100644 --- a/charts/hashicorp/vault/templates/injector-certs-secret.yaml +++ b/charts/hashicorp/vault/templates/injector-certs-secret.yaml @@ -10,7 +10,7 @@ apiVersion: v1 kind: Secret metadata: name: vault-injector-certs - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/injector-clusterrolebinding.yaml b/charts/hashicorp/vault/templates/injector-clusterrolebinding.yaml index 9253e4f0a..82cbce0ce 100644 --- a/charts/hashicorp/vault/templates/injector-clusterrolebinding.yaml +++ b/charts/hashicorp/vault/templates/injector-clusterrolebinding.yaml @@ -20,5 +20,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{ end }} diff --git a/charts/hashicorp/vault/templates/injector-deployment.yaml b/charts/hashicorp/vault/templates/injector-deployment.yaml index fbf32c093..822e8e41d 100644 --- a/charts/hashicorp/vault/templates/injector-deployment.yaml +++ b/charts/hashicorp/vault/templates/injector-deployment.yaml @@ -10,7 +10,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} @@ -64,7 +64,7 @@ spec: {{- else if .Values.injector.externalVaultAddr }} value: "{{ .Values.injector.externalVaultAddr }}" {{- else }} - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }} {{- end }} - name: AGENT_INJECT_VAULT_AUTH_PATH value: {{ .Values.injector.authPath }} @@ -79,7 +79,7 @@ spec: - name: AGENT_INJECT_TLS_AUTO value: {{ template "vault.fullname" . }}-agent-injector-cfg - name: AGENT_INJECT_TLS_AUTO_HOSTS - value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc + value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }}.svc {{- end }} - name: AGENT_INJECT_LOG_FORMAT value: {{ .Values.injector.logFormat | default "standard" }} diff --git a/charts/hashicorp/vault/templates/injector-disruptionbudget.yaml b/charts/hashicorp/vault/templates/injector-disruptionbudget.yaml index 6ae714bae..2b2a61c6f 100644 --- a/charts/hashicorp/vault/templates/injector-disruptionbudget.yaml +++ b/charts/hashicorp/vault/templates/injector-disruptionbudget.yaml @@ -8,7 +8,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector diff --git a/charts/hashicorp/vault/templates/injector-mutating-webhook.yaml b/charts/hashicorp/vault/templates/injector-mutating-webhook.yaml index d03cd136d..b1de1ee3f 100644 --- a/charts/hashicorp/vault/templates/injector-mutating-webhook.yaml +++ b/charts/hashicorp/vault/templates/injector-mutating-webhook.yaml @@ -28,7 +28,7 @@ webhooks: clientConfig: service: name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} path: "/mutate" caBundle: {{ .Values.injector.certs.caBundle | quote }} rules: diff --git a/charts/hashicorp/vault/templates/injector-psp-role.yaml b/charts/hashicorp/vault/templates/injector-psp-role.yaml index 65d8e9ba9..a07f8f6c0 100644 --- a/charts/hashicorp/vault/templates/injector-psp-role.yaml +++ b/charts/hashicorp/vault/templates/injector-psp-role.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/injector-psp-rolebinding.yaml b/charts/hashicorp/vault/templates/injector-psp-rolebinding.yaml index 48a3a26a2..3c97e8dad 100644 --- a/charts/hashicorp/vault/templates/injector-psp-rolebinding.yaml +++ b/charts/hashicorp/vault/templates/injector-psp-rolebinding.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-agent-injector-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/injector-role.yaml b/charts/hashicorp/vault/templates/injector-role.yaml index df7b0ed74..b2ad0c7b9 100644 --- a/charts/hashicorp/vault/templates/injector-role.yaml +++ b/charts/hashicorp/vault/templates/injector-role.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/injector-rolebinding.yaml b/charts/hashicorp/vault/templates/injector-rolebinding.yaml index 0848e43d8..6ad25ca69 100644 --- a/charts/hashicorp/vault/templates/injector-rolebinding.yaml +++ b/charts/hashicorp/vault/templates/injector-rolebinding.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} @@ -22,6 +22,6 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{- end }} {{- end }} \ No newline at end of file diff --git a/charts/hashicorp/vault/templates/injector-service.yaml b/charts/hashicorp/vault/templates/injector-service.yaml index 5b2069286..1479cd1ab 100644 --- a/charts/hashicorp/vault/templates/injector-service.yaml +++ b/charts/hashicorp/vault/templates/injector-service.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-agent-injector-svc - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/injector-serviceaccount.yaml b/charts/hashicorp/vault/templates/injector-serviceaccount.yaml index 9b5c2f6ed..2f91c3d4a 100644 --- a/charts/hashicorp/vault/templates/injector-serviceaccount.yaml +++ b/charts/hashicorp/vault/templates/injector-serviceaccount.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "vault.fullname" . }}-agent-injector - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/prometheus-servicemonitor.yaml b/charts/hashicorp/vault/templates/prometheus-servicemonitor.yaml index 60f2729a0..25d30a468 100644 --- a/charts/hashicorp/vault/templates/prometheus-servicemonitor.yaml +++ b/charts/hashicorp/vault/templates/prometheus-servicemonitor.yaml @@ -45,5 +45,5 @@ spec: insecureSkipVerify: true namespaceSelector: matchNames: - - {{ .Release.Namespace }} + - {{ include "vault.namespace" . }} {{ end }} diff --git a/charts/hashicorp/vault/templates/server-clusterrolebinding.yaml b/charts/hashicorp/vault/templates/server-clusterrolebinding.yaml index b694129b5..14ec838a0 100644 --- a/charts/hashicorp/vault/templates/server-clusterrolebinding.yaml +++ b/charts/hashicorp/vault/templates/server-clusterrolebinding.yaml @@ -25,5 +25,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{ end }} \ No newline at end of file diff --git a/charts/hashicorp/vault/templates/server-config-configmap.yaml b/charts/hashicorp/vault/templates/server-config-configmap.yaml index 5d29e98d6..5c660579f 100644 --- a/charts/hashicorp/vault/templates/server-config-configmap.yaml +++ b/charts/hashicorp/vault/templates/server-config-configmap.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "vault.fullname" . }}-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/charts/hashicorp/vault/templates/server-discovery-role.yaml b/charts/hashicorp/vault/templates/server-discovery-role.yaml index adae42a2b..0cbdefaff 100644 --- a/charts/hashicorp/vault/templates/server-discovery-role.yaml +++ b/charts/hashicorp/vault/templates/server-discovery-role.yaml @@ -10,7 +10,7 @@ SPDX-License-Identifier: MPL-2.0 apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} name: {{ template "vault.fullname" . }}-discovery-role labels: helm.sh/chart: {{ include "vault.chart" . }} diff --git a/charts/hashicorp/vault/templates/server-discovery-rolebinding.yaml b/charts/hashicorp/vault/templates/server-discovery-rolebinding.yaml index 853ee870c..87b0f6170 100644 --- a/charts/hashicorp/vault/templates/server-discovery-rolebinding.yaml +++ b/charts/hashicorp/vault/templates/server-discovery-rolebinding.yaml @@ -15,7 +15,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-discovery-rolebinding - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} @@ -28,7 +28,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} {{ end }} {{ end }} {{ end }} diff --git a/charts/hashicorp/vault/templates/server-disruptionbudget.yaml b/charts/hashicorp/vault/templates/server-disruptionbudget.yaml index 3ff11099b..bbe9eb299 100644 --- a/charts/hashicorp/vault/templates/server-disruptionbudget.yaml +++ b/charts/hashicorp/vault/templates/server-disruptionbudget.yaml @@ -13,7 +13,7 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/charts/hashicorp/vault/templates/server-ha-active-service.yaml b/charts/hashicorp/vault/templates/server-ha-active-service.yaml index 58d540fd5..9d2abfbb1 100644 --- a/charts/hashicorp/vault/templates/server-ha-active-service.yaml +++ b/charts/hashicorp/vault/templates/server-ha-active-service.yaml @@ -14,7 +14,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-active - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} @@ -22,11 +22,20 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} vault-active: "true" annotations: -{{ template "vault.service.annotations" .}} +{{- template "vault.service.active.annotations" . }} +{{- template "vault.service.annotations" . }} spec: {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} {{- end}} + {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }} + {{- if .Values.server.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.server.service.ipFamilies }} + ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }} + {{- end }} + {{- end }} {{- if .Values.server.service.clusterIP }} clusterIP: {{ .Values.server.service.clusterIP }} {{- end }} diff --git a/charts/hashicorp/vault/templates/server-ha-standby-service.yaml b/charts/hashicorp/vault/templates/server-ha-standby-service.yaml index b9f643586..bae1e2834 100644 --- a/charts/hashicorp/vault/templates/server-ha-standby-service.yaml +++ b/charts/hashicorp/vault/templates/server-ha-standby-service.yaml @@ -14,18 +14,27 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-standby - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} annotations: -{{ template "vault.service.annotations" .}} +{{- template "vault.service.standby.annotations" . }} +{{- template "vault.service.annotations" . }} spec: {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} {{- end}} + {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }} + {{- if .Values.server.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.server.service.ipFamilies }} + ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }} + {{- end }} + {{- end }} {{- if .Values.server.service.clusterIP }} clusterIP: {{ .Values.server.service.clusterIP }} {{- end }} diff --git a/charts/hashicorp/vault/templates/server-headless-service.yaml b/charts/hashicorp/vault/templates/server-headless-service.yaml index 42e1aa000..c0f4d3460 100644 --- a/charts/hashicorp/vault/templates/server-headless-service.yaml +++ b/charts/hashicorp/vault/templates/server-headless-service.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-internal - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} @@ -22,6 +22,14 @@ metadata: annotations: {{ template "vault.service.annotations" .}} spec: + {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }} + {{- if .Values.server.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.server.service.ipFamilies }} + ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }} + {{- end }} + {{- end }} clusterIP: None publishNotReadyAddresses: true ports: diff --git a/charts/hashicorp/vault/templates/server-ingress.yaml b/charts/hashicorp/vault/templates/server-ingress.yaml index 3aba66885..d796bae41 100644 --- a/charts/hashicorp/vault/templates/server-ingress.yaml +++ b/charts/hashicorp/vault/templates/server-ingress.yaml @@ -21,7 +21,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/charts/hashicorp/vault/templates/server-psp-role.yaml b/charts/hashicorp/vault/templates/server-psp-role.yaml index 0c8c983ea..64cd6c507 100644 --- a/charts/hashicorp/vault/templates/server-psp-role.yaml +++ b/charts/hashicorp/vault/templates/server-psp-role.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/server-psp-rolebinding.yaml b/charts/hashicorp/vault/templates/server-psp-rolebinding.yaml index 9b975d556..342f55379 100644 --- a/charts/hashicorp/vault/templates/server-psp-rolebinding.yaml +++ b/charts/hashicorp/vault/templates/server-psp-rolebinding.yaml @@ -10,7 +10,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "vault.fullname" . }}-psp - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/templates/server-route.yaml b/charts/hashicorp/vault/templates/server-route.yaml index 3f35aefe2..4e955555a 100644 --- a/charts/hashicorp/vault/templates/server-route.yaml +++ b/charts/hashicorp/vault/templates/server-route.yaml @@ -14,7 +14,7 @@ kind: Route apiVersion: route.openshift.io/v1 metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/charts/hashicorp/vault/templates/server-service.yaml b/charts/hashicorp/vault/templates/server-service.yaml index 8e34c88c5..c12e190cb 100644 --- a/charts/hashicorp/vault/templates/server-service.yaml +++ b/charts/hashicorp/vault/templates/server-service.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} @@ -24,6 +24,14 @@ spec: {{- if .Values.server.service.type}} type: {{ .Values.server.service.type }} {{- end}} + {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }} + {{- if .Values.server.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }} + {{- end }} + {{- if .Values.server.service.ipFamilies }} + ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }} + {{- end }} + {{- end }} {{- if .Values.server.service.clusterIP }} clusterIP: {{ .Values.server.service.clusterIP }} {{- end }} diff --git a/charts/hashicorp/vault/templates/server-serviceaccount-secret.yaml b/charts/hashicorp/vault/templates/server-serviceaccount-secret.yaml new file mode 100644 index 000000000..74d70f900 --- /dev/null +++ b/charts/hashicorp/vault/templates/server-serviceaccount-secret.yaml @@ -0,0 +1,21 @@ +{{/* +Copyright (c) HashiCorp, Inc. +SPDX-License-Identifier: MPL-2.0 +*/}} + +{{ template "vault.serverServiceAccountSecretCreationEnabled" . }} +{{- if .serverServiceAccountSecretCreationEnabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "vault.serviceAccount.name" . }}-token + namespace: {{ include "vault.namespace" . }} + annotations: + kubernetes.io/service-account.name: {{ template "vault.serviceAccount.name" . }} + labels: + helm.sh/chart: {{ include "vault.chart" . }} + app.kubernetes.io/name: {{ include "vault.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: kubernetes.io/service-account-token +{{ end }} \ No newline at end of file diff --git a/charts/hashicorp/vault/templates/server-serviceaccount.yaml b/charts/hashicorp/vault/templates/server-serviceaccount.yaml index e154f8dc2..216ea6178 100644 --- a/charts/hashicorp/vault/templates/server-serviceaccount.yaml +++ b/charts/hashicorp/vault/templates/server-serviceaccount.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "vault.serviceAccount.name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }} diff --git a/charts/hashicorp/vault/templates/server-statefulset.yaml b/charts/hashicorp/vault/templates/server-statefulset.yaml index 7ab7de8e2..f330927d6 100644 --- a/charts/hashicorp/vault/templates/server-statefulset.yaml +++ b/charts/hashicorp/vault/templates/server-statefulset.yaml @@ -12,7 +12,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "vault.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} @@ -61,6 +61,10 @@ spec: {{ template "vault.volumes" . }} - name: home emptyDir: {} + {{- if .Values.server.hostAliases }} + hostAliases: + {{ toYaml .Values.server.hostAliases | nindent 8}} + {{- end }} {{- if .Values.server.extraInitContainers }} initContainers: {{ toYaml .Values.server.extraInitContainers | nindent 8}} diff --git a/charts/hashicorp/vault/templates/tests/server-test.yaml b/charts/hashicorp/vault/templates/tests/server-test.yaml index 59b150109..20e2e5a5a 100644 --- a/charts/hashicorp/vault/templates/tests/server-test.yaml +++ b/charts/hashicorp/vault/templates/tests/server-test.yaml @@ -9,8 +9,8 @@ SPDX-License-Identifier: MPL-2.0 apiVersion: v1 kind: Pod metadata: - name: "{{ .Release.Name }}-server-test" - namespace: {{ .Release.Namespace }} + name: {{ template "vault.fullname" . }}-server-test + namespace: {{ include "vault.namespace" . }} annotations: "helm.sh/hook": test spec: @@ -21,7 +21,7 @@ spec: imagePullPolicy: {{ .Values.server.image.pullPolicy }} env: - name: VAULT_ADDR - value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }} {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} command: - /bin/sh diff --git a/charts/hashicorp/vault/templates/ui-service.yaml b/charts/hashicorp/vault/templates/ui-service.yaml index 4b2e8f7e4..95370842e 100644 --- a/charts/hashicorp/vault/templates/ui-service.yaml +++ b/charts/hashicorp/vault/templates/ui-service.yaml @@ -12,7 +12,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "vault.fullname" . }}-ui - namespace: {{ .Release.Namespace }} + namespace: {{ include "vault.namespace" . }} labels: helm.sh/chart: {{ include "vault.chart" . }} app.kubernetes.io/name: {{ include "vault.name" . }}-ui @@ -20,6 +20,14 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} {{- template "vault.ui.annotations" . }} spec: + {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }} + {{- if .Values.ui.serviceIPFamilyPolicy }} + ipFamilyPolicy: {{ .Values.ui.serviceIPFamilyPolicy }} + {{- end }} + {{- if .Values.ui.serviceIPFamilies }} + ipFamilies: {{ .Values.ui.serviceIPFamilies | toYaml | nindent 2 }} + {{- end }} + {{- end }} selector: app.kubernetes.io/name: {{ include "vault.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hashicorp/vault/values.openshift.yaml b/charts/hashicorp/vault/values.openshift.yaml index 6e575e4d4..2dbe4df17 100644 --- a/charts/hashicorp/vault/values.openshift.yaml +++ b/charts/hashicorp/vault/values.openshift.yaml @@ -9,13 +9,16 @@ global: injector: image: repository: "registry.connect.redhat.com/hashicorp/vault-k8s" - tag: "1.2.1-ubi" + tag: "1.3.1-ubi" agentImage: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.14.0-ubi" + tag: "1.15.1-ubi" server: image: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.14.0-ubi" + tag: "1.15.1-ubi" + + readinessProbe: + path: "/v1/sys/health?uninitcode=204" diff --git a/charts/hashicorp/vault/values.schema.json b/charts/hashicorp/vault/values.schema.json index ecb97dece..6a8b350ce 100644 --- a/charts/hashicorp/vault/values.schema.json +++ b/charts/hashicorp/vault/values.schema.json @@ -228,6 +228,9 @@ "enabled": { "type": "boolean" }, + "namespace": { + "type": "string" + }, "externalVaultAddr": { "type": "string" }, @@ -737,6 +740,9 @@ } } }, + "hostAliases": { + "type": "array" + }, "image": { "type": "object", "properties": { @@ -916,6 +922,12 @@ "properties": { "enabled": { "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] } } }, @@ -950,6 +962,12 @@ "properties": { "enabled": { "type": "boolean" + }, + "annotations": { + "type": [ + "object", + "string" + ] } } }, @@ -964,6 +982,14 @@ }, "standbyNodePort": { "type": "integer" + }, + "ipFamilyPolicy": { + "type": "string" + }, + "ipFamilies": { + "type": [ + "array" + ] } } }, @@ -982,6 +1008,9 @@ "extraLabels": { "type": "object" }, + "createSecret": { + "type": "boolean" + }, "name": { "type": "string" }, @@ -1137,6 +1166,16 @@ }, "targetPort": { "type": "integer" + }, + "serviceIPFamilyPolicy": { + "type": [ + "string" + ] + }, + "serviceIPFamilies": { + "type": [ + "array" + ] } } } diff --git a/charts/hashicorp/vault/values.yaml b/charts/hashicorp/vault/values.yaml index 58eb8a221..781b930af 100644 --- a/charts/hashicorp/vault/values.yaml +++ b/charts/hashicorp/vault/values.yaml @@ -8,6 +8,9 @@ global: # will enable or disable all the components within this chart by default. enabled: true + # The namespace to deploy to. Defaults to the `helm` installation namespace. + namespace: "" + # Image pull secret to use for registry authentication. # Alternatively, the value may be specified as an array of strings. imagePullSecrets: [] @@ -65,7 +68,7 @@ injector: # image sets the repo and tag of the vault-k8s image to use for the injector. image: repository: "hashicorp/vault-k8s" - tag: "1.2.1" + tag: "1.3.1" pullPolicy: IfNotPresent # agentImage sets the repo and tag of the Vault image to use for the Vault Agent @@ -73,7 +76,7 @@ injector: # required. agentImage: repository: "hashicorp/vault" - tag: "1.14.0" + tag: "1.15.1" # The default values for the injected Vault Agent containers. agentDefaults: @@ -374,7 +377,7 @@ server: image: repository: "hashicorp/vault" - tag: "1.14.0" + tag: "1.15.1" # Overrides the default Image Pull Policy pullPolicy: IfNotPresent @@ -442,6 +445,12 @@ server: # hosts: # - chart-example.local + # hostAliases is a list of aliases to be added to /etc/hosts. Specified as a YAML list. + hostAliases: [] + # - ip: 127.0.0.1 + # hostnames: + # - chart-example.local + # OpenShift only - create a route to expose the service # By default the created route will be of type passthrough route: @@ -462,7 +471,7 @@ server: # authDelegator enables a cluster role binding to be attached to the service # account. This cluster role binding can be used to setup Kubernetes auth - # method. https://www.vaultproject.io/docs/auth/kubernetes.html + # method. See https://developer.hashicorp.com/vault/docs/auth/kubernetes authDelegator: enabled: true @@ -649,13 +658,21 @@ server: service: enabled: true # Enable or disable the vault-active service, which selects Vault pods that - # have labelled themselves as the cluster leader with `vault-active: "true"` + # have labeled themselves as the cluster leader with `vault-active: "true"`. active: enabled: true + # Extra annotations for the service definition. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the active service. + annotations: {} # Enable or disable the vault-standby service, which selects Vault pods that - # have labelled themselves as a cluster follower with `vault-active: "false"` + # have labeled themselves as a cluster follower with `vault-active: "false"`. standby: enabled: true + # Extra annotations for the service definition. This can either be YAML or a + # YAML-formatted multi-line templated string map of the annotations to apply + # to the standby service. + annotations: {} # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}` # When disabled, services may select Vault pods not deployed from the chart. # Does not affect the headless vault-internal service with `ClusterIP: None` @@ -673,6 +690,21 @@ server: # or NodePort. #type: ClusterIP + # The IP family and IP families options are to set the behaviour in a dual-stack environment. + # Omitting these values will let the service fall back to whatever the CNI dictates the defaults + # should be. + # These are only supported for kubernetes versions >=1.23.0 + # + # Configures the service's supported IP family policy, can be either: + # SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range. + # PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service. + # RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges. + ipFamilyPolicy: "" + + # Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. + # Can be IPv4 and/or IPv6. + ipFamilies: [] + # Do not wait for pods to be ready before including them in the services' # targets. Does not apply to the headless service, which is used for # cluster-internal communication. @@ -709,7 +741,7 @@ server: # This configures the Vault Statefulset to create a PVC for data # storage when using the file or raft backend storage engines. - # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more + # See https://developer.hashicorp.com/vault/docs/configuration/storage to know more dataStorage: enabled: true # Size of the PVC created @@ -728,7 +760,7 @@ server: # logs. Once Vault is deployed, initialized, and unsealed, Vault must # be configured to use this for audit logs. This will be mounted to # /vault/audit - # See https://www.vaultproject.io/docs/audit/index.html to know more + # See https://developer.hashicorp.com/vault/docs/audit to know more auditStorage: enabled: false # Size of the PVC created @@ -747,7 +779,7 @@ server: # and no initialization. This is useful for experimenting with Vault without # needing to unseal, store keys, et. al. All data is lost on restart - do not # use dev mode for anything other than experimenting. - # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more + # See https://developer.hashicorp.com/vault/docs/concepts/dev-server to know more dev: enabled: false @@ -769,7 +801,7 @@ server: # Note: Configuration files are stored in ConfigMaps so sensitive data # such as passwords should be either mounted through extraSecretEnvironmentVars # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations + # https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations config: | ui = true @@ -812,12 +844,12 @@ server: replicas: 3 # Set the api_addr configuration for Vault HA - # See https://www.vaultproject.io/docs/configuration#api_addr + # See https://developer.hashicorp.com/vault/docs/configuration#api_addr # If set to null, this will be set to the Pod IP Address apiAddr: null # Set the cluster_addr confuguration for Vault HA - # See https://www.vaultproject.io/docs/configuration#cluster_addr + # See https://developer.hashicorp.com/vault/docs/configuration#cluster_addr # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201 clusterAddr: null @@ -835,7 +867,7 @@ server: # Note: Configuration files are stored in ConfigMaps so sensitive data # such as passwords should be either mounted through extraSecretEnvironmentVars # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations + # https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations config: | ui = true @@ -862,7 +894,7 @@ server: # Note: Configuration files are stored in ConfigMaps so sensitive data # such as passwords should be either mounted through extraSecretEnvironmentVars # or through a Kube secret. For more information see: - # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations + # https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations config: | ui = true @@ -914,6 +946,12 @@ server: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" + # Create a Secret API object to store a non-expiring token for the service account. + # Prior to v1.24.0, Kubernetes used to generate this secret for each service account by default. + # Kubernetes now recommends using short-lived tokens from the TokenRequest API or projected volumes instead if possible. + # For more details, see https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets + # serviceAccount.create must be equal to 'true' in order to use this feature. + createSecret: false # Extra annotations for the serviceAccount definition. This can either be # YAML or a YAML-formatted multi-line templated string map of the # annotations to apply to the serviceAccount. @@ -970,6 +1008,21 @@ ui: externalPort: 8200 targetPort: 8200 + # The IP family and IP families options are to set the behaviour in a dual-stack environment. + # Omitting these values will let the service fall back to whatever the CNI dictates the defaults + # should be. + # These are only supported for kubernetes versions >=1.23.0 + # + # Configures the service's supported IP family, can be either: + # SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range. + # PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service. + # RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges. + serviceIPFamilyPolicy: "" + + # Sets the families that should be supported and the order in which they should be applied to ClusterIP as well + # Can be IPv4 and/or IPv6. + serviceIPFamilies: [] + # The externalTrafficPolicy can be set to either Cluster or Local # and is only valid for LoadBalancer and NodePort service types. # The default value is Cluster. @@ -1001,7 +1054,7 @@ csi: image: repository: "hashicorp/vault-csi-provider" - tag: "1.4.0" + tag: "1.4.1" pullPolicy: IfNotPresent # volumes is a list of volumes made available to all containers. These are rendered @@ -1086,7 +1139,7 @@ csi: image: repository: "hashicorp/vault" - tag: "1.14.0" + tag: "1.15.1" pullPolicy: IfNotPresent logFormat: standard @@ -1143,7 +1196,7 @@ csi: debug: false # Pass arbitrary additional arguments to vault-csi-provider. - # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments + # See https://developer.hashicorp.com/vault/docs/platform/k8s/csi/configurations#command-line-arguments # for the available command line flags. extraArgs: [] @@ -1152,8 +1205,8 @@ csi: # the Vault configuration. There are a few examples included in the `config` sections above. # # For more information see: -# https://www.vaultproject.io/docs/configuration/telemetry -# https://www.vaultproject.io/docs/internals/telemetry +# https://developer.hashicorp.com/vault/docs/configuration/telemetry +# https://developer.hashicorp.com/vault/docs/internals/telemetry serverTelemetry: # Enable support for the Prometheus Operator. Currently, this chart does not support # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included diff --git a/charts/loft/loft/Chart.yaml b/charts/loft/loft/Chart.yaml index 02882849d..41d422704 100644 --- a/charts/loft/loft/Chart.yaml +++ b/charts/loft/loft/Chart.yaml @@ -28,4 +28,4 @@ name: loft sources: - https://github.com/loft-sh/loft type: application -version: 3.3.0 +version: 3.3.1 diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index 87df0fa5c..2ca8a0e39 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: nats apiVersion: v2 -appVersion: 2.10.3 +appVersion: 2.10.4 description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. home: http://github.com/nats-io/k8s @@ -18,4 +18,4 @@ maintainers: name: The NATS Authors url: https://github.com/nats-io name: nats -version: 1.1.2 +version: 1.1.3 diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index 02588f509..882cf4343 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -308,7 +308,7 @@ config: container: image: repository: nats - tag: 2.10.3-alpine + tag: 2.10.4-alpine pullPolicy: registry: diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock index c574d45fc..04d861113 100644 --- a/charts/new-relic/nri-bundle/Chart.lock +++ b/charts/new-relic/nri-bundle/Chart.lock @@ -1,25 +1,25 @@ dependencies: - name: newrelic-infrastructure repository: https://newrelic.github.io/nri-kubernetes - version: 3.23.3 + version: 3.23.4 - name: nri-prometheus repository: https://newrelic.github.io/nri-prometheus version: 2.1.17 - name: newrelic-prometheus-agent repository: https://newrelic.github.io/newrelic-prometheus-configurator - version: 1.5.1 + version: 1.6.0 - name: nri-metadata-injection repository: https://newrelic.github.io/k8s-metadata-injection - version: 4.10.2 + version: 4.11.0 - name: newrelic-k8s-metrics-adapter repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter - version: 1.4.3 + version: 1.5.0 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 5.12.1 - name: nri-kube-events repository: https://newrelic.github.io/nri-kube-events - version: 3.2.6 + version: 3.3.0 - name: newrelic-logging repository: https://newrelic.github.io/helm-charts version: 1.18.1 @@ -31,6 +31,6 @@ dependencies: version: 0.1.4 - name: newrelic-infra-operator repository: https://newrelic.github.io/newrelic-infra-operator - version: 2.3.3 -digest: sha256:c543d1a04d2e80cc532d335b7c13104007c19ca20fc64a625ca1f0c4e27ae681 -generated: "2023-10-25T15:02:36.960563782Z" + version: 2.4.0 +digest: sha256:513fd7c4b9475bfa329ebe349022b95481f456b4facad64b82921bb8926361e1 +generated: "2023-10-31T08:04:17.666576471Z" diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml index f15c655c9..59f69efdd 100644 --- a/charts/new-relic/nri-bundle/Chart.yaml +++ b/charts/new-relic/nri-bundle/Chart.yaml @@ -7,7 +7,7 @@ dependencies: - condition: infrastructure.enabled,newrelic-infrastructure.enabled name: newrelic-infrastructure repository: file://./charts/newrelic-infrastructure - version: 3.23.3 + version: 3.23.4 - condition: prometheus.enabled,nri-prometheus.enabled name: nri-prometheus repository: file://./charts/nri-prometheus @@ -15,15 +15,15 @@ dependencies: - condition: newrelic-prometheus-agent.enabled name: newrelic-prometheus-agent repository: file://./charts/newrelic-prometheus-agent - version: 1.5.1 + version: 1.6.0 - condition: webhook.enabled,nri-metadata-injection.enabled name: nri-metadata-injection repository: file://./charts/nri-metadata-injection - version: 4.10.2 + version: 4.11.0 - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled name: newrelic-k8s-metrics-adapter repository: file://./charts/newrelic-k8s-metrics-adapter - version: 1.4.3 + version: 1.5.0 - condition: ksm.enabled,kube-state-metrics.enabled name: kube-state-metrics repository: file://./charts/kube-state-metrics @@ -31,7 +31,7 @@ dependencies: - condition: kubeEvents.enabled,nri-kube-events.enabled name: nri-kube-events repository: file://./charts/nri-kube-events - version: 3.2.6 + version: 3.3.0 - condition: logging.enabled,newrelic-logging.enabled name: newrelic-logging repository: file://./charts/newrelic-logging @@ -48,7 +48,7 @@ dependencies: - condition: newrelic-infra-operator.enabled name: newrelic-infra-operator repository: file://./charts/newrelic-infra-operator - version: 2.3.3 + version: 2.4.0 description: Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment. home: https://github.com/newrelic/helm-charts @@ -89,4 +89,4 @@ sources: - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 5.0.42 +version: 5.0.43 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml index 693da46d9..430ac5090 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.11.3 +appVersion: 0.12.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -32,4 +32,4 @@ name: newrelic-infra-operator sources: - https://github.com/newrelic/newrelic-infra-operator - https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator -version: 2.3.3 +version: 2.4.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml index 2377b3889..03f4471c7 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.18.3 +appVersion: 3.18.4 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kubernetes/ - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - https://github.com/newrelic/infrastructure-agent/ -version: 3.23.3 +version: 3.23.4 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml index 5f8b004b3..71a8a3a67 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-k8s-metrics-adapter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.6.4 +appVersion: 0.7.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -20,4 +20,4 @@ name: newrelic-k8s-metrics-adapter sources: - https://github.com/newrelic/newrelic-k8s-metrics-adapter - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/main/charts/newrelic-k8s-metrics-adapter -version: 1.4.3 +version: 1.5.0 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml index 547b657f7..23a923e55 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-prometheus-agent/Chart.yaml @@ -1,5 +1,5 @@ annotations: - configuratorVersion: 1.8.1 + configuratorVersion: 1.9.0 apiVersion: v2 appVersion: v2.37.8 dependencies: @@ -31,4 +31,4 @@ maintainers: url: https://github.com/xqi-nr name: newrelic-prometheus-agent type: application -version: 1.5.1 +version: 1.6.0 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml index 2f36dc47d..86b71314c 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.2.13 +appVersion: 2.3.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kube-events/ - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events - https://github.com/newrelic/infrastructure-agent/ -version: 3.2.6 +version: 3.3.0 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md index fc62c8b13..e5dfe03d4 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md @@ -1,6 +1,6 @@ # nri-kube-events -![Version: 3.2.6](https://img.shields.io/badge/Version-3.2.6-informational?style=flat-square) ![AppVersion: 2.2.13](https://img.shields.io/badge/AppVersion-2.2.13-informational?style=flat-square) +![Version: 3.3.0](https://img.shields.io/badge/Version-3.3.0-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) A Helm chart to deploy the New Relic Kube Events router diff --git a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml index bdf96cf8d..6a14a30dd 100644 --- a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.18.4 +appVersion: 1.19.0 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -22,4 +22,4 @@ name: nri-metadata-injection sources: - https://github.com/newrelic/k8s-metadata-injection - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection -version: 4.10.2 +version: 4.11.0 diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 8f2fc0cda..beaf12d04 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: https://charts.redpanda.com version: 0.1.7 digest: sha256:2be209fa1660b3c8a030bb35e9e7fa25dcb81aa456ce7a73c2ab1ae6eebb3d04 -generated: "2023-10-27T18:34:04.296697929Z" +generated: "2023-10-30T17:31:44.018230015Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 838b52cf5..d88858d56 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -10,7 +10,7 @@ annotations: artifacthub.io/links: | - name: Documentation url: https://docs.redpanda.com - - name: "Helm (>= 3.6.0)" + - name: "Helm (>= 3.8.0)" url: https://helm.sh/docs/intro/install/ catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redpanda @@ -37,4 +37,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 5.6.35 +version: 5.6.37 diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index 0e166e204..1957152ea 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -202,7 +202,10 @@ Use AppVersion if image.tag is not set Input can be: b | B | k | K | m | M | g | G | Ki | Mi | Gi Or number without suffix */}} - {{- $si := . | toString -}} + {{- $si := . -}} + {{- if not (typeIs "string" . ) -}} + {{- $si = int64 $si | toString -}} + {{- end -}} {{- $bytes := 0 -}} {{- if or (hasSuffix "B" $si) (hasSuffix "b" $si) -}} {{- $bytes = $si | trimSuffix "B" | trimSuffix "b" | float64 | floor -}} @@ -423,6 +426,13 @@ than 1 core. {{- end -}} {{- end -}} +{{- define "fail-on-unsupported-helm-version" -}} + {{- $helmVer := (fromYaml (toYaml .Capabilities.HelmVersion)).version -}} + {{- if semverCompare "<3.8.0-0" $helmVer -}} + {{- fail (printf "helm version %s is not supported. Please use helm version v3.8.0 or newer." $helmVer) -}} + {{- end -}} +{{- end -}} + {{- define "redpanda-atleast-22-2-0" -}} {{- toJson (dict "bool" (or (not (eq .Values.image.repository "docker.redpanda.com/redpandadata/redpanda")) (include "redpanda.semver" . | semverCompare ">=22.2.0-0 || <0.0.1-0"))) -}} {{- end -}} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 6aa191126..0f272a4f8 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -15,6 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- include "fail-on-unsupported-helm-version" . -}} {{- include "fail-on-insecure-sasl-logging" . -}} {{- $values := .Values }} diff --git a/charts/stackstate/stackstate-k8s-agent/Chart.yaml b/charts/stackstate/stackstate-k8s-agent/Chart.yaml index 3f1874084..2a86505c9 100644 --- a/charts/stackstate/stackstate-k8s-agent/Chart.yaml +++ b/charts/stackstate/stackstate-k8s-agent/Chart.yaml @@ -21,4 +21,4 @@ maintainers: - email: ops@stackstate.com name: Stackstate name: stackstate-k8s-agent -version: 1.0.49 +version: 1.0.51 diff --git a/charts/stackstate/stackstate-k8s-agent/README.md b/charts/stackstate/stackstate-k8s-agent/README.md index 714263c4e..ee8065f70 100644 --- a/charts/stackstate/stackstate-k8s-agent/README.md +++ b/charts/stackstate/stackstate-k8s-agent/README.md @@ -2,7 +2,7 @@ Helm chart for the StackState Agent. -Current chart version is `1.0.49` +Current chart version is `1.0.51` **Homepage:** @@ -61,7 +61,7 @@ stackstate/stackstate-k8s-agent | checksAgent.enabled | bool | `true` | Enable / disable runnning cluster checks in a separately deployed pod | | checksAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | | checksAgent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| checksAgent.image.tag | string | `"e36d1c88"` | Default container image tag. | +| checksAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | | checksAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | | checksAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | | checksAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | @@ -121,7 +121,7 @@ stackstate/stackstate-k8s-agent | clusterAgent.enabled | bool | `true` | Enable / disable the cluster agent. | | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | | clusterAgent.image.repository | string | `"stackstate/stackstate-k8s-cluster-agent"` | Base container image repository. | -| clusterAgent.image.tag | string | `"e36d1c88"` | Default container image tag. | +| clusterAgent.image.tag | string | `"9af1b63f"` | Default container image tag. | | clusterAgent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | | clusterAgent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | | clusterAgent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | @@ -178,7 +178,7 @@ stackstate/stackstate-k8s-agent | nodeAgent.containers.agent.env | object | `{}` | Additional environment variables for the agent container | | nodeAgent.containers.agent.image.pullPolicy | string | `"IfNotPresent"` | Default container image pull policy. | | nodeAgent.containers.agent.image.repository | string | `"stackstate/stackstate-k8s-agent"` | Base container image repository. | -| nodeAgent.containers.agent.image.tag | string | `"e36d1c88"` | Default container image tag. | +| nodeAgent.containers.agent.image.tag | string | `"9af1b63f"` | Default container image tag. | | nodeAgent.containers.agent.livenessProbe.enabled | bool | `true` | Enable use of livenessProbe check. | | nodeAgent.containers.agent.livenessProbe.failureThreshold | int | `3` | `failureThreshold` for the liveness probe. | | nodeAgent.containers.agent.livenessProbe.initialDelaySeconds | int | `15` | `initialDelaySeconds` for the liveness probe. | diff --git a/charts/stackstate/stackstate-k8s-agent/templates/checks-agent-deployment.yaml b/charts/stackstate/stackstate-k8s-agent/templates/checks-agent-deployment.yaml index 376db4ddf..4530fc616 100644 --- a/charts/stackstate/stackstate-k8s-agent/templates/checks-agent-deployment.yaml +++ b/charts/stackstate/stackstate-k8s-agent/templates/checks-agent-deployment.yaml @@ -144,7 +144,8 @@ spec: volumeMounts: - name: confd-empty-volume mountPath: /etc/stackstate-agent/conf.d - readOnly: true +# setting as readOnly: false because we need the ability to write data on /etc/stackstate-agent/conf.d as we enable checks to run. + readOnly: false {{- if .Values.checksAgent.config.override }} {{- range .Values.checksAgent.config.override }} - name: config-override-volume diff --git a/charts/stackstate/stackstate-k8s-agent/values.yaml b/charts/stackstate/stackstate-k8s-agent/values.yaml index 8dc0cb14f..e5d8a9a56 100644 --- a/charts/stackstate/stackstate-k8s-agent/values.yaml +++ b/charts/stackstate/stackstate-k8s-agent/values.yaml @@ -73,7 +73,7 @@ nodeAgent: # nodeAgent.containers.agent.image.repository -- Base container image repository. repository: stackstate/stackstate-k8s-agent # nodeAgent.containers.agent.image.tag -- Default container image tag. - tag: "e36d1c88" + tag: "9af1b63f" # nodeAgent.containers.agent.image.pullPolicy -- Default container image pull policy. pullPolicy: IfNotPresent processAgent: @@ -297,7 +297,7 @@ clusterAgent: # clusterAgent.image.repository -- Base container image repository. repository: stackstate/stackstate-k8s-cluster-agent # clusterAgent.image.tag -- Default container image tag. - tag: "e36d1c88" + tag: "9af1b63f" # clusterAgent.image.pullPolicy -- Default container image pull policy. pullPolicy: IfNotPresent @@ -449,7 +449,7 @@ checksAgent: # checksAgent.image.repository -- Base container image repository. repository: stackstate/stackstate-k8s-agent # checksAgent.image.tag -- Default container image tag. - tag: "e36d1c88" + tag: "9af1b63f" # checksAgent.image.pullPolicy -- Default container image pull policy. pullPolicy: IfNotPresent diff --git a/index.yaml b/index.yaml index 578e0034b..0d7af3651 100644 --- a/index.yaml +++ b/index.yaml @@ -2146,7 +2146,7 @@ entries: - annotations: artifacthub.io/changes: | - kind: added - description: add terminationGracePeriodSeconds + description: Add notification cluster role support artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -2156,8 +2156,8 @@ entries: catalog.cattle.io/kube-version: '>=1.23.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 - appVersion: v2.8.4 - created: "2023-10-27T19:53:03.270897287Z" + appVersion: v2.8.5 + created: "2023-10-31T13:39:42.763394267Z" dependencies: - condition: redis-ha.enabled name: redis-ha @@ -2165,7 +2165,46 @@ entries: version: 4.23.0 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. - digest: 3d0f1d15650ab52ba90760b7a80c96c783b31fa4421942a89a2767ac709f758c + digest: d9d983efbd013780bcc3b09633b724cb3b1457f578de4953c78d9217fbe89d4c + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.49.0.tgz + version: 5.49.0 + - annotations: + artifacthub.io/changes: | + - kind: added + description: add terminationGracePeriodSeconds + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.8.4 + created: "2023-10-31T13:39:23.012948425Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: a5184664bb09f7b7844a98f41178cd597907ca5ccef9aefe6cfc3fc54f3e28a7 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -11758,6 +11797,40 @@ entries: - assets/bitnami/cassandra-9.7.3.tgz version: 9.7.3 cert-manager: + - annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E + url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: cert-manager + catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/namespace: cert-manager + catalog.cattle.io/release-name: cert-manager + apiVersion: v1 + appVersion: v1.13.2 + created: "2023-10-31T13:39:48.06224633Z" + description: A Helm chart for cert-manager + digest: c00bc4f678e896e0777d3e8c72ec5cf864b1eba63997359591a4c1a4de52d4a8 + home: https://github.com/cert-manager/cert-manager + icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png + keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls + kubeVersion: '>= 1.22.0-0' + maintainers: + - email: cert-manager-maintainers@googlegroups.com + name: cert-manager-maintainers + url: https://cert-manager.io + name: cert-manager + sources: + - https://github.com/cert-manager/cert-manager + urls: + - assets/cert-manager/cert-manager-v1.13.2.tgz + version: v1.13.2 - annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "false" @@ -21115,6 +21188,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.9.8 + created: "2023-10-31T13:39:49.561187449Z" + description: External secret management for Kubernetes + digest: 9be0f75f0687f904b2c51602e16edd4823242f8e1c911bde6a31eca645a84872 + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.9.8.tgz + version: 0.9.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -21796,6 +21893,38 @@ entries: - assets/f5/f5-bigip-ctlr-0.0.1901.tgz version: 0.0.1901 falcon-sensor: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrowdStrike Falcon Platform + catalog.cattle.io/kube-version: '>1.22.0-0' + catalog.cattle.io/release-name: falcon-sensor + apiVersion: v2 + appVersion: 1.22.1 + created: "2023-10-31T13:39:48.449979792Z" + description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes + clusters. + digest: 9a728314f490bf49880bbc17d6b2903495b645e28627f8cf90dfe8d8ec00b775 + home: https://crowdstrike.com + icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg + keywords: + - CrowdStrike + - Falcon + - EDR + - kubernetes + - security + - monitoring + - alerting + kubeVersion: '>1.22.0-0' + maintainers: + - email: integrations@crowdstrike.com + name: CrowdStrike Solutions Architecture + name: falcon-sensor + sources: + - https://github.com/CrowdStrike/falcon-helm + type: application + urls: + - assets/crowdstrike/falcon-sensor-1.22.1.tgz + version: 1.22.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrowdStrike Falcon Platform @@ -36447,6 +36576,41 @@ entries: - assets/linkerd/linkerd-control-plane-1.12.5.tgz version: 1.12.5 loft: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Loft + catalog.cattle.io/kube-version: '>=1.22-0' + catalog.cattle.io/release-name: loft + apiVersion: v2 + created: "2023-10-31T13:40:12.393205345Z" + description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual + Clusters + digest: 0b44f6d864f16fcb9fcbd2899c7a6e2d1a01d95bcbc2699d3fb9061cadaab017 + home: https://loft.sh + icon: https://static.loft.sh/loft/logo/loft-logo.svg + keywords: + - developer + - development + - sharing + - share + - multi-tenancy + - tenancy + - cluster + - space + - namespace + - vcluster + - vclusters + maintainers: + - email: info@loft.sh + name: Loft Labs, Inc. + url: https://twitter.com/loft_sh + name: loft + sources: + - https://github.com/loft-sh/loft + type: application + urls: + - assets/loft/loft-3.3.1.tgz + version: 3.3.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Loft @@ -40423,6 +40587,31 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.10.4 + created: "2023-10-31T13:40:12.523832946Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 53cb906c0e9f81b6dafbf49e91001cfb44426319510e7574422be84614ee3f35 + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io + name: nats + urls: + - assets/nats/nats-1.1.3.tgz + version: 1.1.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -41682,6 +41871,102 @@ entries: - assets/f5/nginx-service-mesh-0.2.100.tgz version: 0.2.100 nri-bundle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: New Relic + catalog.cattle.io/release-name: nri-bundle + apiVersion: v2 + created: "2023-10-31T13:40:13.141845975Z" + dependencies: + - condition: infrastructure.enabled,newrelic-infrastructure.enabled + name: newrelic-infrastructure + repository: file://./charts/newrelic-infrastructure + version: 3.23.4 + - condition: prometheus.enabled,nri-prometheus.enabled + name: nri-prometheus + repository: file://./charts/nri-prometheus + version: 2.1.17 + - condition: newrelic-prometheus-agent.enabled + name: newrelic-prometheus-agent + repository: file://./charts/newrelic-prometheus-agent + version: 1.6.0 + - condition: webhook.enabled,nri-metadata-injection.enabled + name: nri-metadata-injection + repository: file://./charts/nri-metadata-injection + version: 4.11.0 + - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled + name: newrelic-k8s-metrics-adapter + repository: file://./charts/newrelic-k8s-metrics-adapter + version: 1.5.0 + - condition: ksm.enabled,kube-state-metrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + version: 5.12.1 + - condition: kubeEvents.enabled,nri-kube-events.enabled + name: nri-kube-events + repository: file://./charts/nri-kube-events + version: 3.3.0 + - condition: logging.enabled,newrelic-logging.enabled + name: newrelic-logging + repository: file://./charts/newrelic-logging + version: 1.18.1 + - condition: newrelic-pixie.enabled + name: newrelic-pixie + repository: file://./charts/newrelic-pixie + version: 2.1.2 + - alias: pixie-chart + condition: pixie-chart.enabled + name: pixie-operator-chart + repository: file://./charts/pixie-operator-chart + version: 0.1.4 + - condition: newrelic-infra-operator.enabled + name: newrelic-infra-operator + repository: file://./charts/newrelic-infra-operator + version: 2.4.0 + description: Groups together the individual charts for the New Relic Kubernetes + solution for a more comfortable deployment. + digest: 9209a26e36600557c13a03244e56bd341baec5657c49872a5df781f7086cde28 + home: https://github.com/newrelic/helm-charts + icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg + keywords: + - infrastructure + - newrelic + - monitoring + maintainers: + - name: nserrino + url: https://github.com/nserrino + - name: philkuz + url: https://github.com/philkuz + - name: htroisi + url: https://github.com/htroisi + - name: juanjjaramillo + url: https://github.com/juanjjaramillo + - name: svetlanabrennan + url: https://github.com/svetlanabrennan + - name: nrepai + url: https://github.com/nrepai + - name: csongnr + url: https://github.com/csongnr + - name: vuqtran88 + url: https://github.com/vuqtran88 + - name: xqi-nr + url: https://github.com/xqi-nr + name: nri-bundle + sources: + - https://github.com/newrelic/nri-bundle/ + - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle + - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure + - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus + - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent + - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection + - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter + - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie + - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator + urls: + - assets/new-relic/nri-bundle-5.0.43.tgz + version: 5.0.43 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: New Relic @@ -51524,6 +51809,50 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.2.13 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.8.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.2.13 + created: "2023-10-31T13:40:14.350113773Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + - condition: connectors.enabled + name: connectors + repository: file://./charts/connectors + version: '>=0.1.2 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 8b302bc728e7211b0baecae17fae8e99d3aec9c8e806a3a6669f4ed7bce1f391 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-5.6.37.tgz + version: 5.6.37 - annotations: artifacthub.io/images: | - name: redpanda @@ -59282,6 +59611,34 @@ entries: - assets/speedscale/speedscale-operator-0.9.12600.tgz version: 0.9.12600 stackstate-k8s-agent: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: StackState Agent + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: stackstate-k8s-agent + apiVersion: v2 + appVersion: 2.19.1 + created: "2023-10-31T13:40:14.508505312Z" + dependencies: + - alias: httpHeaderInjectorWebhook + name: http-header-injector + repository: file://./charts/http-header-injector + version: 0.0.6 + description: Helm chart for the StackState Agent. + digest: cd83b5880746d2a8f0228de01a6e2f11c0742b7aa5b8750459ad0dcd5086fa96 + home: https://github.com/StackVista/stackstate-agent + icon: https://raw.githubusercontent.com/StackVista/helm-charts/master/stable/stackstate-k8s-agent/logo.svg + keywords: + - monitoring + - observability + - stackstate + maintainers: + - email: ops@stackstate.com + name: Stackstate + name: stackstate-k8s-agent + urls: + - assets/stackstate/stackstate-k8s-agent-1.0.51.tgz + version: 1.0.51 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: StackState Agent @@ -64543,10 +64900,41 @@ entries: catalog.cattle.io/release-name: vault charts.openshift.io/name: HashiCorp Vault apiVersion: v2 - appVersion: 1.14.0 - created: "2023-07-06T06:53:05.454258443-06:00" + appVersion: 1.15.1 + created: "2023-10-31T13:40:09.169111265Z" description: Official HashiCorp Vault Chart - digest: eba0f7ffb0072d1fd75f062562be83327c77fdc5be482ae2da4d7617e24ce861 + digest: ec4b7b0963cd64e789700735089e7dfb8e3479b8f239d85ef70cb36239e467d9 + home: https://www.vaultproject.io + icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png + keywords: + - vault + - security + - encryption + - secrets + - management + - automation + - infrastructure + kubeVersion: '>= 1.20.0-0' + name: vault + sources: + - https://github.com/hashicorp/vault + - https://github.com/hashicorp/vault-helm + - https://github.com/hashicorp/vault-k8s + - https://github.com/hashicorp/vault-csi-provider + urls: + - assets/hashicorp/vault-0.26.1.tgz + version: 0.26.1 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Hashicorp Vault + catalog.cattle.io/kube-version: '>= 1.20.0-0' + catalog.cattle.io/release-name: vault + charts.openshift.io/name: HashiCorp Vault + apiVersion: v2 + appVersion: 1.14.0 + created: "2023-10-31T13:39:50.209063045Z" + description: Official HashiCorp Vault Chart + digest: 8a7b8a76366d5e69f194b89d66d2d986561fa4a31f4f5c4a86f29c013da41260 home: https://www.vaultproject.io icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png keywords: @@ -64720,6 +65108,60 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + images: | + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.3-debian-11-r0 + - name: os-shell + image: docker.io/bitnami/os-shell:11-debian-11-r90 + - name: wordpress + image: docker.io/bitnami/wordpress:6.3.2-debian-11-r5 + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.3.2 + created: "2023-10-31T13:39:47.823327074Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 14.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: cda25629f0c8c9a4bc560792c8686cd535bd9305bc87aedee84c5c8e87b00dab + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-18.0.12.tgz + version: 18.0.12 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress