diff --git a/assets/argo/argo-cd-5.36.10.tgz b/assets/argo/argo-cd-5.36.10.tgz new file mode 100644 index 000000000..269734af9 Binary files /dev/null and b/assets/argo/argo-cd-5.36.10.tgz differ diff --git a/assets/bitnami/spark-7.0.2.tgz b/assets/bitnami/spark-7.0.2.tgz new file mode 100644 index 000000000..11aa29482 Binary files /dev/null and b/assets/bitnami/spark-7.0.2.tgz differ diff --git a/assets/bitnami/wordpress-16.1.19.tgz b/assets/bitnami/wordpress-16.1.19.tgz new file mode 100644 index 000000000..a0486436f Binary files /dev/null and b/assets/bitnami/wordpress-16.1.19.tgz differ diff --git a/assets/datadog/datadog-operator-1.0.4.tgz b/assets/datadog/datadog-operator-1.0.4.tgz new file mode 100644 index 000000000..45295e338 Binary files /dev/null and b/assets/datadog/datadog-operator-1.0.4.tgz differ diff --git a/assets/dell/csi-isilon-2.7.0.tgz b/assets/dell/csi-isilon-2.7.0.tgz new file mode 100644 index 000000000..fc8489f16 Binary files /dev/null and b/assets/dell/csi-isilon-2.7.0.tgz differ diff --git a/assets/dell/csi-powermax-2.7.0.tgz b/assets/dell/csi-powermax-2.7.0.tgz new file mode 100644 index 000000000..db5d67726 Binary files /dev/null and b/assets/dell/csi-powermax-2.7.0.tgz differ diff --git a/assets/dell/csi-powerstore-2.7.0.tgz b/assets/dell/csi-powerstore-2.7.0.tgz new file mode 100644 index 000000000..a8b231244 Binary files /dev/null and b/assets/dell/csi-powerstore-2.7.0.tgz differ diff --git a/assets/dell/csi-unity-2.7.0.tgz b/assets/dell/csi-unity-2.7.0.tgz new file mode 100644 index 000000000..6306b7764 Binary files /dev/null and b/assets/dell/csi-unity-2.7.0.tgz differ diff --git a/assets/dell/csi-vxflexos-2.7.0.tgz b/assets/dell/csi-vxflexos-2.7.0.tgz new file mode 100644 index 000000000..839da18b1 Binary files /dev/null and b/assets/dell/csi-vxflexos-2.7.0.tgz differ diff --git a/assets/external-secrets/external-secrets-0.9.0.tgz b/assets/external-secrets/external-secrets-0.9.0.tgz new file mode 100644 index 000000000..709a53ed3 Binary files /dev/null and b/assets/external-secrets/external-secrets-0.9.0.tgz differ diff --git a/assets/haproxy/haproxy-1.31.0.tgz b/assets/haproxy/haproxy-1.31.0.tgz new file mode 100644 index 000000000..48825aaf5 Binary files /dev/null and b/assets/haproxy/haproxy-1.31.0.tgz differ diff --git a/assets/hashicorp/vault-0.25.0.tgz b/assets/hashicorp/vault-0.25.0.tgz new file mode 100644 index 000000000..9078079b9 Binary files /dev/null and b/assets/hashicorp/vault-0.25.0.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.104.1.tgz b/assets/kubecost/cost-analyzer-1.104.1.tgz index 95e4f4df1..7f9907f63 100644 Binary files a/assets/kubecost/cost-analyzer-1.104.1.tgz and b/assets/kubecost/cost-analyzer-1.104.1.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.104.2.tgz b/assets/kubecost/cost-analyzer-1.104.2.tgz new file mode 100644 index 000000000..24677403c Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.104.2.tgz differ diff --git a/assets/kuma/kuma-2.3.0.tgz b/assets/kuma/kuma-2.3.0.tgz new file mode 100644 index 000000000..b2389c072 Binary files /dev/null and b/assets/kuma/kuma-2.3.0.tgz differ diff --git a/assets/nats/nats-0.19.16.tgz b/assets/nats/nats-0.19.16.tgz new file mode 100644 index 000000000..abd8745b1 Binary files /dev/null and b/assets/nats/nats-0.19.16.tgz differ diff --git a/assets/new-relic/nri-bundle-5.0.22.tgz b/assets/new-relic/nri-bundle-5.0.22.tgz new file mode 100644 index 000000000..19fda94e7 Binary files /dev/null and b/assets/new-relic/nri-bundle-5.0.22.tgz differ diff --git a/assets/redpanda/redpanda-4.0.47.tgz b/assets/redpanda/redpanda-4.0.47.tgz new file mode 100644 index 000000000..2ec5c94fd Binary files /dev/null and b/assets/redpanda/redpanda-4.0.47.tgz differ diff --git a/assets/sysdig/sysdig-1.15.93.tgz b/assets/sysdig/sysdig-1.15.93.tgz new file mode 100644 index 000000000..fdb986c96 Binary files /dev/null and b/assets/sysdig/sysdig-1.15.93.tgz differ diff --git a/assets/weka/csi-wekafsplugin-2.1.1.tgz b/assets/weka/csi-wekafsplugin-2.1.1.tgz new file mode 100644 index 000000000..1f3dae539 Binary files /dev/null and b/assets/weka/csi-wekafsplugin-2.1.1.tgz differ diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index f02e2497b..f0ecb3d53 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,9 +1,7 @@ annotations: artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo CD to v2.7.6 - - kind: changed - description: applicationSet.containerPorts.metrics to 8085 + - kind: added + description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment artifacthub.io/signKey: | fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc @@ -34,4 +32,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.36.6 +version: 5.36.10 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 6d2e0b89d..dbf3f0121 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -464,6 +464,7 @@ NAME: my-release | configs.params."server.staticassets" | string | `"/shared/app"` | Directory path that contains additional static assets | | configs.params."server.x.frame.options" | string | `"sameorigin"` | Set X-Frame-Options header in HTTP responses to value. To disable, set to "". | | configs.params.annotations | object | `{}` | Annotations to be added to the argocd-cmd-params-cm ConfigMap | +| configs.params.create | bool | `true` | Create the argocd-cmd-params-cm configmap If false, it is expected the configmap will be created by something else. | | configs.rbac."policy.csv" | string | `''` (See [values.yaml]) | File containing user-defined policies and role definitions. | | configs.rbac."policy.default" | string | `""` | The name of the default role which Argo CD will falls back to, when authorizing API requests (optional). If omitted or empty, users may be still be able to login, but will see no apps, projects, etc... | | configs.rbac.annotations | object | `{}` | Annotations to be added to argocd-rbac-cm configmap | @@ -1044,7 +1045,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.certificate.privateKey.size | int | `2048` | Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored. | | applicationSet.certificate.renewBefore | string | `""` (defaults to 360h = 15d if not specified) | How long before the expiry a certificate should be renewed. | | applicationSet.certificate.secretName | string | `"argocd-application-controller-tls"` | The name of the Secret that will be automatically created and managed by this Certificate resource | -| applicationSet.containerPorts.metrics | int | `8085` | Metrics container port | +| applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | @@ -1075,7 +1076,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.metrics.service.clusterIP | string | `""` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | | applicationSet.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | -| applicationSet.metrics.service.servicePort | int | `8085` | Metrics service port | +| applicationSet.metrics.service.servicePort | int | `8080` | Metrics service port | | applicationSet.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | applicationSet.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | | applicationSet.metrics.serviceMonitor.annotations | object | `{}` | Prometheus ServiceMonitor annotations | diff --git a/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml b/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml index 18fead9bb..9d60d932f 100644 --- a/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ b/charts/argo/argo-cd/templates/argocd-configs/argocd-cmd-params-cm.yaml @@ -1,3 +1,4 @@ +{{- if .Values.configs.params.create }} apiVersion: v1 kind: ConfigMap metadata: @@ -13,3 +14,4 @@ metadata: {{- end }} data: {{- include "argo-cd.config.params" . | trim | nindent 2 }} +{{- end }} diff --git a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml index 8df6c8bb1..d2eca77f4 100644 --- a/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-notifications/deployment.yaml @@ -66,10 +66,22 @@ spec: {{- range .Values.notifications.extraArgs }} - {{ . | squote }} {{- end }} - {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} env: - {{- toYaml . | nindent 12 }} - {{- end }} + {{- with (concat .Values.global.env .Values.notifications.extraEnv) }} + {{- toYaml . | nindent 12 }} + {{- end }} + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true {{- with .Values.notifications.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 2c3fe694e..c7129babf 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -217,6 +217,10 @@ configs: # Argo CD configuration parameters ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params: + # -- Create the argocd-cmd-params-cm configmap + # If false, it is expected the configmap will be created by something else. + create: true + # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap annotations: {} @@ -2433,7 +2437,7 @@ applicationSet: # -- Metrics service labels labels: {} # -- Metrics service port - servicePort: 8085 + servicePort: 8080 # -- Metrics service port name portName: http-metrics serviceMonitor: @@ -2506,7 +2510,7 @@ applicationSet: # ApplicationSet controller container ports containerPorts: # -- Metrics container port - metrics: 8085 + metrics: 8080 # -- Probe container port probe: 8081 # -- Webhook container port diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index bc4e3ca52..fcd68cdf0 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.4.0 +appVersion: 3.4.1 dependencies: - name: common repository: file://./charts/common @@ -27,4 +27,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 7.0.1 +version: 7.0.2 diff --git a/charts/bitnami/spark/README.md b/charts/bitnami/spark/README.md index c9ac5a6a6..602ebf771 100644 --- a/charts/bitnami/spark/README.md +++ b/charts/bitnami/spark/README.md @@ -22,6 +22,8 @@ Apache Spark includes APIs for Java, Python, Scala and R. Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. +Looking to use Apache Spark in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog. + ## Prerequisites - Kubernetes 1.19+ @@ -84,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | ----------------------------------------------------------------------------------------------------- | -------------------- | | `image.registry` | Spark image registry | `docker.io` | | `image.repository` | Spark image repository | `bitnami/spark` | -| `image.tag` | Spark image tag (immutable tags are recommended) | `3.4.0-debian-11-r2` | +| `image.tag` | Spark image tag (immutable tags are recommended) | `3.4.1-debian-11-r0` | | `image.digest` | Spark image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | Spark image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -464,7 +466,7 @@ This version standardizes the way of defining Ingress rules. When configuring a ## License -Copyright © 2023 VMware Inc +Copyright © 2023 VMware, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/spark/values.yaml b/charts/bitnami/spark/values.yaml index 19185f41b..405348c86 100644 --- a/charts/bitnami/spark/values.yaml +++ b/charts/bitnami/spark/values.yaml @@ -92,7 +92,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.4.0-debian-11-r2 + tag: 3.4.1-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index 1c6b4eba7..1c4c9191b 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: wordpress sources: - https://github.com/bitnami/charts/tree/main/bitnami/wordpress -version: 16.1.18 +version: 16.1.19 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index a81fa3d0e..062ff9635 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r18` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.2.2-debian-11-r19` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r7` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.13.4-debian-11-r8` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index 1f5ad6402..fb021b1eb 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.2.2-debian-11-r18 + tag: 6.2.2-debian-11-r19 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -857,7 +857,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.13.4-debian-11-r7 + tag: 0.13.4-debian-11-r8 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/datadog/datadog-operator/CHANGELOG.md b/charts/datadog/datadog-operator/CHANGELOG.md index b5e7dd6e3..f2f147a0b 100644 --- a/charts/datadog/datadog-operator/CHANGELOG.md +++ b/charts/datadog/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.0.4 + +* Update Datadog Operator version to 1.0.3. + ## 1.0.3 * Add `list` and `watch` permissions of `customresourcedefinitions` for the KSM core check to collect CRD resources. diff --git a/charts/datadog/datadog-operator/Chart.lock b/charts/datadog/datadog-operator/Chart.lock index 96fb3bc02..3722378cc 100644 --- a/charts/datadog/datadog-operator/Chart.lock +++ b/charts/datadog/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.0.0 -digest: sha256:46c620716bf7ab9e1ffd7eaf39dfd44b5a8cab49a5acb70de071dcbad4c7ee86 -generated: "2023-04-03T15:45:41.953207-04:00" + version: 1.0.1 +digest: sha256:e882fa60c39302a3092cc43bcbf0a8412a2c63933efc9767740c4c6144c5b0b4 +generated: "2023-06-22T11:55:54.905315-04:00" diff --git a/charts/datadog/datadog-operator/Chart.yaml b/charts/datadog/datadog-operator/Chart.yaml index 9ed271eb5..d3defc9b3 100644 --- a/charts/datadog/datadog-operator/Chart.yaml +++ b/charts/datadog/datadog-operator/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: Datadog Operator catalog.cattle.io/release-name: datadog-operator apiVersion: v2 -appVersion: 1.0.0 +appVersion: 1.0.3 dependencies: - alias: datadogCRDs condition: installCRDs @@ -11,7 +11,7 @@ dependencies: repository: file://./charts/datadog-crds tags: - install-crds - version: =1.0.0 + version: =1.0.1 description: Datadog Operator home: https://www.datadoghq.com icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png @@ -26,4 +26,4 @@ name: datadog-operator sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 1.0.3 +version: 1.0.4 diff --git a/charts/datadog/datadog-operator/README.md b/charts/datadog/datadog-operator/README.md index 55b1891f5..3dbfbce2f 100644 --- a/charts/datadog/datadog-operator/README.md +++ b/charts/datadog/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) ## Values @@ -28,7 +28,7 @@ | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.0.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.0.3"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | @@ -93,7 +93,7 @@ and for the Datadog Operator chart: ``` NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-operator 1.0.0 1.0.0 Datadog Operator +datadog/datadog-operator 1.0.4 1.0.3 Datadog Operator ``` Then you will need to install the cert manager if you don't have it already, add the chart: @@ -115,7 +115,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.0.0 \ + --set image.tag=1.0.3 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog/datadog-operator/README.md.gotmpl b/charts/datadog/datadog-operator/README.md.gotmpl index 337a9c8f9..2ea485fd6 100644 --- a/charts/datadog/datadog-operator/README.md.gotmpl +++ b/charts/datadog/datadog-operator/README.md.gotmpl @@ -46,7 +46,7 @@ and for the Datadog Operator chart: ``` NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-operator 1.0.0 1.0.0 Datadog Operator +datadog/datadog-operator 1.0.4 1.0.3 Datadog Operator ``` Then you will need to install the cert manager if you don't have it already, add the chart: @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.0.0 \ + --set image.tag=1.0.3 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/CHANGELOG.md b/charts/datadog/datadog-operator/charts/datadog-crds/CHANGELOG.md index 905cd534a..8614d115b 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog/datadog-operator/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.0.1 + +* Update CRDs from Datadog Operator v1.0.3. + ## 1.0.0 * Default DatadogAgent stored version is `v2alpha1` to align with the GA of the Datadog Operator. diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/Chart.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/Chart.yaml index 731ad3000..9326ab3a8 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/Chart.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/Chart.yaml @@ -15,4 +15,4 @@ sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-operator - https://docs.datadoghq.com/agent/cluster_agent/external_metrics -version: 1.0.0 +version: 1.0.1 diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/README.md b/charts/datadog/datadog-operator/charts/datadog-crds/README.md index acf004df8..39e927166 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/README.md +++ b/charts/datadog/datadog-operator/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 3958acb6a..3326d03bb 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -5852,9 +5852,6 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map - defaultOverride: - type: object - x-kubernetes-preserve-unknown-fields: true type: object type: object {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} @@ -6407,6 +6404,10 @@ spec: type: object logLevel: type: string + namespaceLabelsAsTags: + additionalProperties: + type: string + type: object networkPolicy: properties: create: @@ -6440,10 +6441,6 @@ spec: flavor: type: string type: object - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object nodeLabelsAsTags: additionalProperties: type: string diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index f21fb9394..acbda2b6f 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -1,4 +1,6 @@ {{- if and .Values.crds.datadogAgents (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -6393,6 +6395,10 @@ spec: type: object logLevel: type: string + namespaceLabelsAsTags: + additionalProperties: + type: string + type: object networkPolicy: properties: create: @@ -6426,6 +6432,10 @@ spec: flavor: type: string type: object + nodeLabelsAsTags: + additionalProperties: + type: string + type: object podAnnotationsAsTags: additionalProperties: type: string diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml index e7725de2d..af440ca92 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml @@ -1,4 +1,6 @@ {{- if and .Values.crds.datadogMetrics (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -61,6 +63,9 @@ spec: query: description: Query is the raw datadog query type: string + timeWindow: + description: TimeWindow provides the time window for the metric query, defaults to MaxAge. + type: string type: object status: description: DatadogMetricStatus defines the observed state of DatadogMetric diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml index 4259757a6..2512a24f8 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1beta1.yaml @@ -1,4 +1,6 @@ {{- if and .Values.crds.datadogMetrics (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -61,6 +63,9 @@ spec: query: description: Query is the raw datadog query type: string + timeWindow: + description: TimeWindow provides the time window for the metric query, defaults to MaxAge. + type: string type: object status: description: DatadogMetricStatus defines the observed state of DatadogMetric @@ -98,6 +103,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map currentValue: description: Value is the latest value of the metric type: string diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index 9bd04d77e..ae24b022b 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -1,4 +1,6 @@ {{- if and .Values.crds.datadogMonitors (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml index fa6cd0a4f..12b2a707e 100644 --- a/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml +++ b/charts/datadog/datadog-operator/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml @@ -1,4 +1,6 @@ {{- if and .Values.crds.datadogMonitors (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -185,6 +187,9 @@ spec: - type type: object type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map created: description: Created is the time the monitor was created format: date-time diff --git a/charts/datadog/datadog-operator/values.yaml b/charts/datadog/datadog-operator/values.yaml index d477effec..f802c1f1d 100644 --- a/charts/datadog/datadog-operator/values.yaml +++ b/charts/datadog/datadog-operator/values.yaml @@ -42,7 +42,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.0.0 + tag: 1.0.3 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) diff --git a/charts/dell/csi-isilon/Chart.yaml b/charts/dell/csi-isilon/Chart.yaml index ebfd356e6..0f94edb39 100644 --- a/charts/dell/csi-isilon/Chart.yaml +++ b/charts/dell/csi-isilon/Chart.yaml @@ -1,10 +1,10 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerScale - catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0' + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0' catalog.cattle.io/release-name: isilon -apiVersion: v1 -appVersion: 2.6.1 +apiVersion: v2 +appVersion: 2.7.0 description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as an Isilon StorageClass. ' @@ -12,10 +12,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png keywords: - csi - storage -kubeVersion: '>= 1.21.0 < 1.27.0' +kubeVersion: '>= 1.21.0 < 1.28.0' maintainers: - name: DellEMC name: csi-isilon sources: - https://github.com/dell/csi-isilon -version: 2.6.1 +version: 2.7.0 diff --git a/charts/dell/csi-isilon/templates/_helpers.tpl b/charts/dell/csi-isilon/templates/_helpers.tpl index c84203055..02b2867e1 100644 --- a/charts/dell/csi-isilon/templates/_helpers.tpl +++ b/charts/dell/csi-isilon/templates/_helpers.tpl @@ -3,48 +3,59 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-isilon.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-isilon.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-isilon.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-isilon.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-isilon.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-isilon.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} + +{{/* +Return true if storage capacity tracking is enabled and is supported based on k8s version +*/}} +{{- define "csi-isilon.isStorageCapacitySupported" -}} +{{- if eq .Values.storageCapacity.enabled true -}} + {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}} + {{- true -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/dell/csi-isilon/templates/controller.yaml b/charts/dell/csi-isilon/templates/controller.yaml index 7a7db9acc..9a0dbc9cf 100644 --- a/charts/dell/csi-isilon/templates/controller.yaml +++ b/charts/dell/csi-isilon/templates/controller.yaml @@ -1,553 +1,604 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-controller -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - {{- if hasKey .Values "podmon" }} - {{- if eq .Values.podmon.enabled true }} - verbs: ["get", "list", "watch", "patch"] - {{- else }} - verbs: ["get", "list", "watch"] - {{- end }} - {{- end }} - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["pods"] - {{- if hasKey .Values "podmon" }} - {{- if eq .Values.podmon.enabled true }} - verbs: ["get", "list", "watch", "update", "delete"] - {{- else }} - verbs: ["get", "list", "watch"] - {{- end }} - {{- end }} - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - {{- if hasKey .Values "podmon" }} - {{- if eq .Values.podmon.enabled true }} - verbs: ["get", "list", "watch", "update", "patch", "delete"] - {{- else }} - verbs: ["get", "list", "watch", "update", "patch"] - {{- end }} - {{- end }} - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments/status"] - verbs: ["patch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch", "update"] -# below for snapshotter - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] - # below for resizer - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - # below for dell-csi-replicator - {{- if hasKey .Values.controller "replication" }} - {{- if eq .Values.controller.replication.enabled true}} - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] - {{- end}} - {{- end}} ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-controller -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Release.Name }}-controller - apiGroup: rbac.authorization.k8s.io ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: {{ .Release.Name }}-controller - namespace: {{ .Release.Namespace }} - {{- if hasKey .Values "authorization" }} - {{- if eq .Values.authorization.enabled true }} - annotations: - com.dell.karavi-authorization-proxy: "true" - {{ end }} - {{ end }} -spec: - selector: - matchLabels: - app: {{ .Release.Name }}-controller - {{- if lt (.Values.controller.controllerCount | toString | atoi ) 1 -}} - {{- fail "value for .Values.controller.controllerCount should be atleast 1" }} - {{- else }} - replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }} - {{- end }} - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - app: {{ .Release.Name }}-controller - spec: - serviceAccount: {{ .Release.Name }}-controller - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ .Release.Name }}-controller - topologyKey: kubernetes.io/hostname - {{ if .Values.controller.nodeSelector }} - nodeSelector: - {{- toYaml .Values.controller.nodeSelector | nindent 8 }} - {{ end }} - {{ if .Values.controller.tolerations }} - tolerations: - {{- toYaml .Values.controller.tolerations | nindent 8 }} - {{ end }} - containers: - {{- $encModes := list false }} - {{- if eq .Values.encryption.enabled true }} - {{- $encModes = list false true }} - {{- end }} -{{- range $encrypted := $encModes }} -{{- with $ }} - {{- $driverSock := "csi.sock" }} - {{- $csiSidecarSuffix := "" }} - {{- if $encrypted }} - {{- $driverSock = "csi-sec.sock" }} - {{- $csiSidecarSuffix = "-sec" }} - {{- end }} - {{- $driverSockPath := printf "/var/run/csi/%s" $driverSock }} - {{- if not $encrypted }} - {{- if hasKey .Values "podmon" }} - {{- if eq .Values.podmon.enabled true }} - - name: podmon - image: {{ required "Must provide the podmon container image." .Values.podmon.image }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - {{- toYaml .Values.podmon.controller.args | nindent 12 }} - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params - {{- end }} - {{- end }} - {{- if hasKey .Values.controller "replication" }} - {{- if eq .Values.controller.replication.enabled true}} - - name: dell-csi-replicator - image: {{ required "Must provide the Dell CSI Replicator image." .Values.controller.replication.image}} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - "--csi-address={{ $driverSockPath }}" - - "--leader-election=true" - - "--worker-threads=2" - - "--retry-interval-start=1s" - - "--retry-interval-max=300s" - - "--timeout=300s" - - "--context-prefix={{ .Values.controller.replication.replicationContextPrefix}}" - - "--prefix={{ .Values.controller.replication.replicationPrefix}}" - env: - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /csi-isilon-config-params - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: driver-config-params.yaml - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params - {{- end }} - {{- end }} - {{- end }} - {{- if hasKey .Values.controller "resizer" }} - {{- if eq .Values.controller.resizer.enabled true }} - - name: resizer{{ $csiSidecarSuffix }} - image: {{ required "Must provide the CSI resizer container image." ( include "csi-isilon.resizerImage" . ) }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - "--csi-address={{ $driverSockPath }}" - - "--leader-election" - - "--timeout=120s" - - "--v=5" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - {{ end }} - {{ end }} - - name: attacher{{ $csiSidecarSuffix }} - image: {{ required "Must provide the CSI attacher container image." ( include "csi-isilon.attacherImage" . ) }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - "--csi-address={{ $driverSockPath }}" - - "--v=5" - - "--leader-election" - - "--timeout=180s" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - {{- if not $encrypted }} - {{- if hasKey .Values.controller "healthMonitor" }} - {{- if eq .Values.controller.healthMonitor.enabled true }} - - name: external-health-monitor-controller - image: {{ required "Must provide the CSI external-health-monitor-controller container image." ( include "csi-isilon.healthmonitorImage" . ) }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - "--csi-address={{ $driverSockPath }}" - - "--v=5" - - "--leader-election" - - "--enable-node-watcher=true" - - "--monitor-interval={{ .Values.controller.healthMonitor.interval | default "60s" }}" - - "--timeout=180s" - - "--http-endpoint=:8080" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - {{end}} - {{end}} - {{- end }} - - name: provisioner{{ $csiSidecarSuffix }} - image: {{ required "Must provide the CSI provisioner container image." ( include "csi-isilon.provisionerImage" . ) }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - "--csi-address={{ $driverSockPath }}" - - "--volume-name-prefix={{ required "Must provide a value to prefix to driver created volume names" .Values.controller.volumeNamePrefix }}" - - "--volume-name-uuid-length=10" - - "--worker-threads=5" - - "--timeout=120s" - - "--v=5" - - "--feature-gates=Topology=true" - - "--leader-election" - - "--extra-create-metadata" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - {{- if hasKey .Values.controller "snapshot" }} - {{- if eq .Values.controller.snapshot.enabled true }} - - name: snapshotter{{ $csiSidecarSuffix }} - #image: quay.io/k8scsi/csi-snapshotter:v1.0.0 - image: {{ required "Must provide the CSI snapshotter container image." ( include "csi-isilon.snapshotterImage" . ) }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - "--csi-address={{ $driverSockPath }}" - - "--timeout=120s" - - "--v=5" - - "--snapshot-name-prefix={{ required "Must privided a Snapshot Name Prefix" .Values.controller.snapshot.snapNamePrefix }}" - - "--leader-election" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - {{end}} - {{end}} - {{- if not $encrypted }} - - name: driver - image: {{ required "Must provide the Isilon driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:{{ .Values.version }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - command: [ "/csi-isilon" ] - args: - - "--leader-election" - {{- if hasKey .Values.controller "leaderElection" }} - {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} - - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" - {{end}} - {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} - - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" - {{end}} - {{end}} - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - env: - - name: CSI_ENDPOINT - value: "{{ $driverSockPath }}" - - name: X_CSI_MODE - value: controller - - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION - value: "{{ .Values.skipCertificateValidation }}" - - name: X_CSI_ISI_AUTH_TYPE - value: "{{ .Values.isiAuthType }}" - - name: X_CSI_VERBOSE - value: "{{ .Values.verbose }}" - - name: X_CSI_ISI_PORT - value: "{{ .Values.endpointPort }}" - - name: X_CSI_ISI_AUTOPROBE - value: "{{ .Values.autoProbe }}" - - name: X_CSI_ISI_QUOTA_ENABLED - value: "{{ .Values.enableQuota }}" - - name: X_CSI_ISI_ACCESS_ZONE - value: {{ .Values.isiAccessZone }} - - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED - value: "{{ .Values.enableCustomTopology }}" - - name: X_CSI_ISI_PATH - value: {{ .Values.isiPath }} - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "{{ .Values.isiVolumePathPermissions }}" - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "{{ .Values.ignoreUnresolvableHosts }}" - - name: X_CSI_ISI_NO_PROBE_ON_START - value: "{{ .Values.noProbeOnStart }}" - - name: X_CSI_PODMON_ENABLED - value: "{{ .Values.podmon.enabled }}" - - name: X_CSI_PODMON_API_PORT - value: "{{ .Values.podmonAPIPort }}" - {{- if eq .Values.podmon.enabled true }} - {{- range $key, $value := .Values.podmon.controller.args }} - {{- if contains "--arrayConnectivityPollRate" $value }} - - name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE - value: "{{ (split "=" $value)._1 }}" - {{ end }} - {{ end }} - {{ end }} - {{- if hasKey .Values.controller "replication" }} - {{- if eq .Values.controller.replication.enabled true}} - - name: X_CSI_REPLICATION_CONTEXT_PREFIX - value: {{ .Values.controller.replication.replicationContextPrefix | default "powerscale"}} - - name: X_CSI_REPLICATION_PREFIX - value: {{ .Values.controller.replication.replicationPrefix | default "replication.storage.dell.com"}} - {{- end }} - {{- end }} - {{- if hasKey .Values.controller "healthMonitor" }} - {{- if eq .Values.controller.healthMonitor.enabled true }} - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "{{ .Values.controller.healthMonitor.enabled }}" - {{end}} - {{end}} - - name: X_CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: SSL_CERT_DIR - value: /certs - - name: X_CSI_ISI_CONFIG_PATH - value: /isilon-configs/config - - name: X_CSI_MAX_PATH_LIMIT - value: "{{ .Values.maxPathLen }}" - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: certs - mountPath: /certs - readOnly: true - - name: isilon-configs - mountPath: /isilon-configs - - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params - {{- end }} - {{- if not $encrypted }} - {{- if hasKey .Values "authorization" }} - {{- if eq .Values.authorization.enabled true }} - - name: karavi-authorization-proxy - imagePullPolicy: {{ .Values.imagePullPolicy }} - image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }} - env: - - name: PROXY_HOST - value: "{{ .Values.authorization.proxyHost }}" - - name: SKIP_CERTIFICATE_VALIDATION - value: "{{ .Values.authorization.skipCertificateValidation }}" - - name: PLUGIN_IDENTIFIER - value: powerscale - - name: ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: proxy-authz-tokens - key: access - - name: REFRESH_TOKEN - valueFrom: - secretKeyRef: - name: proxy-authz-tokens - key: refresh - volumeMounts: - - name: karavi-authorization-config - mountPath: /etc/karavi-authorization/config - - name: proxy-server-root-certificate - mountPath: /etc/karavi-authorization/root-certificates - - name: csi-isilon-config-params - mountPath: /etc/karavi-authorization - {{ end }} - {{ end }} - {{- end }} - {{- if $encrypted }} - - name: driver-sec - image: {{ .Values.encryption.image }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - --name={{ .Values.encryption.pluginName }} - - --nodeId=$(NODE_ID) - - "--endpoint=unix://var/run/csi/csi-sec.sock" - - "--targetEndpoint=unix://var/run/csi/csi.sock" - - --targetType=Isilon - - --controller - - --logLevel={{ .Values.encryption.logLevel }} - {{- range index .Values.encryption.extraArgs }} - - {{ . | quote }} - {{- end }} - env: - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - {{- end }} -{{- end }} -{{- end }} - volumes: - - name: socket-dir - emptyDir: - - name: certs - projected: - sources: -{{- range $i, $e := until (int .Values.certSecretCount ) }} - - secret: - name: {{ print $.Release.Name "-certs-" $e }} - items: - - key: cert-{{ $e }} - path: cert-{{ $e }} -{{- end }} - - name: isilon-configs - secret: - secretName: {{ .Release.Name }}-creds - - name: csi-isilon-config-params - configMap: - name: {{ .Release.Name }}-config-params - {{- if hasKey .Values "authorization" }} - {{- if eq .Values.authorization.enabled true }} - - name: karavi-authorization-config - secret: - secretName: karavi-authorization-config - - name: proxy-server-root-certificate - secret: - secretName: proxy-server-root-certificate - {{ end }} - {{ end }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }}-controller + namespace: {{ .Release.Namespace }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + {{- if hasKey .Values "podmon" }} + {{- if eq .Values.podmon.enabled true }} + verbs: ["get", "list", "watch", "patch"] + {{- else }} + verbs: ["get", "list", "watch"] + {{- end }} + {{- end }} + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + {{- if hasKey .Values "podmon" }} + {{- if eq .Values.podmon.enabled true }} + verbs: ["get", "list", "watch", "update", "delete"] + {{- else }} + verbs: ["get", "list", "watch"] + {{- end }} + {{- end }} + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + {{- if hasKey .Values "podmon" }} + {{- if eq .Values.podmon.enabled true }} + verbs: ["get", "list", "watch", "update", "patch", "delete"] + {{- else }} + verbs: ["get", "list", "watch", "update", "patch"] + {{- end }} + {{- end }} + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # below for dell-csi-replicator + {{- if hasKey .Values.controller "replication" }} + {{- if eq .Values.controller.replication.enabled true}} + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] + {{- end}} + {{- end}} + {{- if eq (include "csi-isilon.isStorageCapacitySupported" .) "true" }} + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] + {{- end }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-controller +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }}-controller + namespace: {{ .Release.Namespace }} + {{- if hasKey .Values "authorization" }} + {{- if eq .Values.authorization.enabled true }} + annotations: + com.dell.karavi-authorization-proxy: "true" + {{ end }} + {{ end }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }}-controller + {{- if lt (.Values.controller.controllerCount | toString | atoi ) 1 -}} + {{- fail "value for .Values.controller.controllerCount should be atleast 1" }} + {{- else }} + replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }} + {{- end }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: {{ .Release.Name }}-controller + spec: + serviceAccount: {{ .Release.Name }}-controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ .Release.Name }}-controller + topologyKey: kubernetes.io/hostname + {{ if .Values.controller.nodeSelector }} + nodeSelector: + {{- toYaml .Values.controller.nodeSelector | nindent 8 }} + {{ end }} + {{ if .Values.controller.tolerations }} + tolerations: + {{- toYaml .Values.controller.tolerations | nindent 8 }} + {{ end }} + containers: + {{- $encModes := list false }} + {{- if eq .Values.encryption.enabled true }} + {{- $encModes = list false true }} + {{- end }} +{{- range $encrypted := $encModes }} +{{- with $ }} + {{- $driverSock := "csi.sock" }} + {{- $csiSidecarSuffix := "" }} + {{- if $encrypted }} + {{- $driverSock = "csi-sec.sock" }} + {{- $csiSidecarSuffix = "-sec" }} + {{- end }} + {{- $driverSockPath := printf "/var/run/csi/%s" $driverSock }} + {{- if not $encrypted }} + {{- if hasKey .Values "podmon" }} + {{- if eq .Values.podmon.enabled true }} + - name: podmon + image: {{ required "Must provide the podmon container image." .Values.podmon.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + {{- toYaml .Values.podmon.controller.args | nindent 12 }} + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + {{- end }} + {{- end }} + {{- if hasKey .Values.controller "replication" }} + {{- if eq .Values.controller.replication.enabled true}} + - name: dell-csi-replicator + image: {{ required "Must provide the Dell CSI Replicator image." .Values.controller.replication.image}} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--leader-election=true" + - "--worker-threads=2" + - "--retry-interval-start=1s" + - "--retry-interval-max=300s" + - "--timeout=300s" + - "--context-prefix={{ .Values.controller.replication.replicationContextPrefix}}" + - "--prefix={{ .Values.controller.replication.replicationPrefix}}" + env: + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /csi-isilon-config-params + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: driver-config-params.yaml + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + {{- end }} + {{- end }} + {{- end }} + {{- if hasKey .Values.controller "resizer" }} + {{- if eq .Values.controller.resizer.enabled true }} + - name: resizer{{ $csiSidecarSuffix }} + image: {{ required "Must provide the CSI resizer container image." ( include "csi-isilon.resizerImage" . ) }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--leader-election" + - "--timeout=120s" + - "--v=5" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + {{ end }} + {{ end }} + - name: csi-metadata-retriever {{ $csiSidecarSuffix }} + image: {{ required "Must provide the CSI metadata retriever container image." .Values.controller.metadataretriever.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--leader-election" + - "--timeout=120s" + - "--v=5" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + command: [ "/csi-metadata-retriever" ] + env: + - name: CSI_RETRIEVER_ENDPOINT + value: /var/run/csi/csi_retriever.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher{{ $csiSidecarSuffix }} + image: {{ required "Must provide the CSI attacher container image." ( include "csi-isilon.attacherImage" . ) }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + {{- if not $encrypted }} + {{- if hasKey .Values.controller "healthMonitor" }} + {{- if eq .Values.controller.healthMonitor.enabled true }} + - name: external-health-monitor-controller + image: {{ required "Must provide the CSI external-health-monitor-controller container image." ( include "csi-isilon.healthmonitorImage" . ) }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=true" + - "--monitor-interval={{ .Values.controller.healthMonitor.interval | default "60s" }}" + - "--timeout=180s" + - "--http-endpoint=:8080" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + {{end}} + {{end}} + {{- end }} + - name: provisioner{{ $csiSidecarSuffix }} + image: {{ required "Must provide the CSI provisioner container image." ( include "csi-isilon.provisionerImage" . ) }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--volume-name-prefix={{ required "Must provide a value to prefix to driver created volume names" .Values.controller.volumeNamePrefix }}" + - "--volume-name-uuid-length=10" + - "--worker-threads=5" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--enable-capacity={{ (include "csi-isilon.isStorageCapacitySupported" .) | default false }}" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + {{- if hasKey .Values.controller "snapshot" }} + {{- if eq .Values.controller.snapshot.enabled true }} + - name: snapshotter{{ $csiSidecarSuffix }} + #image: quay.io/k8scsi/csi-snapshotter:v1.0.0 + image: {{ required "Must provide the CSI snapshotter container image." ( include "csi-isilon.snapshotterImage" . ) }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - "--csi-address={{ $driverSockPath }}" + - "--timeout=120s" + - "--v=5" + - "--snapshot-name-prefix={{ required "Must privided a Snapshot Name Prefix" .Values.controller.snapshot.snapNamePrefix }}" + - "--leader-election" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + {{end}} + {{end}} + {{- if not $encrypted }} + - name: driver + image: {{ required "Must provide the Isilon driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:{{ .Values.version }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: [ "/csi-isilon" ] + args: + - "--leader-election" + {{- if hasKey .Values.controller "leaderElection" }} + {{- if hasKey .Values.controller.leaderElection "leaderElectionRenewDeadline" }} + - "--leader-election-renew-deadline={{ .Values.controller.leaderElection.leaderElectionRenewDeadline }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-lease-duration={{ .Values.controller.leaderElection.leaderElectionLeaseDuration }}" + {{end}} + {{- if hasKey .Values.controller.leaderElection "leaderElectionLeaseDuration" }} + - "--leader-election-retry-period={{ .Values.controller.leaderElection.leaderElectionRetryPeriod }}" + {{end}} + {{end}} + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: "{{ $driverSockPath }}" + - name: CSI_RETRIEVER_ENDPOINT + value: /var/run/csi/csi_retriever.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "{{ .Values.skipCertificateValidation }}" + - name: X_CSI_ISI_AUTH_TYPE + value: "{{ .Values.isiAuthType }}" + - name: X_CSI_VERBOSE + value: "{{ .Values.verbose }}" + - name: X_CSI_ISI_PORT + value: "{{ .Values.endpointPort }}" + - name: X_CSI_ISI_AUTOPROBE + value: "{{ .Values.autoProbe }}" + - name: X_CSI_ISI_QUOTA_ENABLED + value: "{{ .Values.enableQuota }}" + - name: X_CSI_ISI_ACCESS_ZONE + value: {{ .Values.isiAccessZone }} + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "{{ .Values.enableCustomTopology }}" + - name: X_CSI_ISI_PATH + value: {{ .Values.isiPath }} + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "{{ .Values.isiVolumePathPermissions }}" + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "{{ .Values.ignoreUnresolvableHosts }}" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "{{ .Values.noProbeOnStart }}" + - name: X_CSI_PODMON_ENABLED + value: "{{ .Values.podmon.enabled }}" + - name: X_CSI_PODMON_API_PORT + value: "{{ .Values.podmonAPIPort }}" + {{- if eq .Values.podmon.enabled true }} + {{- range $key, $value := .Values.podmon.controller.args }} + {{- if contains "--arrayConnectivityPollRate" $value }} + - name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE + value: "{{ (split "=" $value)._1 }}" + {{ end }} + {{ end }} + {{ end }} + {{- if hasKey .Values.controller "replication" }} + {{- if eq .Values.controller.replication.enabled true}} + - name: X_CSI_REPLICATION_CONTEXT_PREFIX + value: {{ .Values.controller.replication.replicationContextPrefix | default "powerscale"}} + - name: X_CSI_REPLICATION_PREFIX + value: {{ .Values.controller.replication.replicationPrefix | default "replication.storage.dell.com"}} + {{- end }} + {{- end }} + {{- if hasKey .Values.controller "healthMonitor" }} + {{- if eq .Values.controller.healthMonitor.enabled true }} + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "{{ .Values.controller.healthMonitor.enabled }}" + {{end}} + {{end}} + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_PATH_LIMIT + value: "{{ .Values.maxPathLen }}" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + {{- end }} + {{- if not $encrypted }} + {{- if hasKey .Values "authorization" }} + {{- if eq .Values.authorization.enabled true }} + - name: karavi-authorization-proxy + imagePullPolicy: {{ .Values.imagePullPolicy }} + image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }} + env: + - name: PROXY_HOST + value: "{{ .Values.authorization.proxyHost }}" + - name: SKIP_CERTIFICATE_VALIDATION + value: "{{ .Values.authorization.skipCertificateValidation }}" + - name: PLUGIN_IDENTIFIER + value: powerscale + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: access + - name: REFRESH_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: refresh + volumeMounts: + - name: karavi-authorization-config + mountPath: /etc/karavi-authorization/config + - name: proxy-server-root-certificate + mountPath: /etc/karavi-authorization/root-certificates + - name: csi-isilon-config-params + mountPath: /etc/karavi-authorization + {{ end }} + {{ end }} + {{- end }} + {{- if $encrypted }} + - name: driver-sec + image: {{ .Values.encryption.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - --name={{ .Values.encryption.pluginName }} + - --nodeId=$(NODE_ID) + - "--endpoint=unix://var/run/csi/csi-sec.sock" + - "--targetEndpoint=unix://var/run/csi/csi.sock" + - --targetType=Isilon + - --controller + - --logLevel={{ .Values.encryption.logLevel }} + {{- range index .Values.encryption.extraArgs }} + - {{ . | quote }} + {{- end }} + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + {{- end }} +{{- end }} +{{- end }} + volumes: + - name: socket-dir + emptyDir: + - name: certs + projected: + sources: +{{- range $i, $e := until (int .Values.certSecretCount ) }} + - secret: + name: {{ print $.Release.Name "-certs-" $e }} + items: + - key: cert-{{ $e }} + path: cert-{{ $e }} +{{- end }} + - name: isilon-configs + secret: + secretName: {{ .Release.Name }}-creds + - name: csi-isilon-config-params + configMap: + name: {{ .Release.Name }}-config-params + {{- if hasKey .Values "authorization" }} + {{- if eq .Values.authorization.enabled true }} + - name: karavi-authorization-config + secret: + secretName: karavi-authorization-config + - name: proxy-server-root-certificate + secret: + secretName: proxy-server-root-certificate + {{ end }} + {{ end }} diff --git a/charts/dell/csi-isilon/templates/csidriver.yaml b/charts/dell/csi-isilon/templates/csidriver.yaml index bf7078d1e..dd8956ac7 100644 --- a/charts/dell/csi-isilon/templates/csidriver.yaml +++ b/charts/dell/csi-isilon/templates/csidriver.yaml @@ -5,6 +5,7 @@ metadata: spec: attachRequired: true podInfoOnMount: true + storageCapacity: {{ (include "csi-isilon.isStorageCapacitySupported" .) | default false }} fsGroupPolicy: {{ .Values.fsGroupPolicy }} volumeLifecycleModes: - Persistent diff --git a/charts/dell/csi-isilon/values.yaml b/charts/dell/csi-isilon/values.yaml index 5ff0dfdb7..4245696cd 100644 --- a/charts/dell/csi-isilon/values.yaml +++ b/charts/dell/csi-isilon/values.yaml @@ -2,7 +2,7 @@ ######################## # version: version of this values file # Note: Do not change this value -version: "v2.6.1" +version: "v2.7.0" # CSI driver log level # Allowed values: "error", "warn"/"warning", "info", "debug" @@ -63,7 +63,7 @@ enableCustomTopology: false # Allowed values: # ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined # and the volume's accessModes contains ReadWriteOnce. -# File: kubernetes may use fsGroup to change permissions and ownership of the volume +# File: kubernetes may use fsGroup to change permissions and ownership of the volume # to match user requested fsGroup in the pod's security policy regardless of fstype or access mode. # None: volumes will be mounted with no modifications. # Default value: ReadWriteOnceWithFSType @@ -110,6 +110,10 @@ controller: # Default value: 5s leaderElectionRetryPeriod: 5s + # Image for csi-metadata-retriever + metadataretriever: + image: dellemc/csi-metadata-retriever:v1.4.0 + # replication: allows to configure replication # Replication CRDs must be installed before installing driver replication: @@ -123,11 +127,11 @@ controller: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.4.0 + image: dellemc/dell-csi-replicator:v1.5.0 # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string - # Default value: powerstore + # Default value: powerscale replicationContextPrefix: "powerscale" # replicationPrefix: prefix to prepend to storage classes parameters @@ -273,7 +277,6 @@ node: # Default value: None enabled: false - ## PLATFORM ATTRIBUTES ###################### # endpointPort: Specify the HTTPs port number of the PowerScale OneFS API server @@ -357,22 +360,36 @@ autoProbe: true authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.6.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + # Default value: dellemc/csm-authorization-sidecar:v1.7.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: # skipCertificateValidation: certificate validation of the csm-authorization server # Allowed Values: # "true" - TLS certificate verification will be skipped - # "false" - TLS certificate will be verified - # Default value: "true" + # "false" - TLS certificate will be verified + # Default value: "true" skipCertificateValidation: true +# Storage Capacity Tracking +# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions. +storageCapacity: + # enabled : Enable/Disable storage capacity tracking + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + # Default value: true + enabled: true + # pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity + # Allowed values: 1m,2m,3m,...,10m,...,60m etc + # Default value: 5m + pollInterval: 5m + # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: dellemc/podmon:v1.6.0 #controller: # args: # - "--csisock=unix:/var/run/csi/csi.sock" @@ -413,15 +430,15 @@ encryption: # logLevel: Log level of the encryption driver. # Allowed values: "error", "warning", "info", "debug", "trace". logLevel: "error" - - # livenessPort: HTTP liveness probe port number. + + # livenessPort: HTTP liveness probe port number. # Leave empty to disable the liveness probe. # Example: 8080 livenessPort: # ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes. ocp: false - + # ocpCoreID: User ID and group ID of user core on CoreOS worker nodes. # Ignored when ocp is set to false. ocpCoreID: "1000:1000" diff --git a/charts/dell/csi-powermax/Chart.yaml b/charts/dell/csi-powermax/Chart.yaml index 103d35fd1..563200b01 100644 --- a/charts/dell/csi-powermax/Chart.yaml +++ b/charts/dell/csi-powermax/Chart.yaml @@ -1,15 +1,15 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerMax - catalog.cattle.io/kube-version: '>= 1.23.0 < 1.27.0' + catalog.cattle.io/kube-version: '>= 1.23.0 < 1.28.0' catalog.cattle.io/release-name: csi-powermax apiVersion: v2 -appVersion: 2.6.0 +appVersion: 2.7.0 dependencies: - condition: required name: csireverseproxy repository: file://./charts/csireverseproxy - version: 2.5.0 + version: 2.6.0 description: 'PowerMax CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerMax StorageClass. ' @@ -18,10 +18,11 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png keywords: - csi - storage -kubeVersion: '>= 1.23.0 < 1.27.0' +kubeVersion: '>= 1.23.0 < 1.28.0' maintainers: - name: DellEMC name: csi-powermax sources: - https://github.com/dell/csi-powermax -version: 2.6.0 +type: application +version: 2.7.0 diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml index fedb5605c..d55833f8e 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 2.5.0 +appVersion: 2.6.0 description: A Helm chart for CSI PowerMax ReverseProxy name: csireverseproxy type: application -version: 2.5.0 +version: 2.6.0 diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/templates/certificate.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/templates/certificate.yaml new file mode 100644 index 000000000..e37a47ac8 --- /dev/null +++ b/charts/dell/csi-powermax/charts/csireverseproxy/templates/certificate.yaml @@ -0,0 +1,70 @@ +# If the csireverseproxy cert and key are provided, deploy a CA Issuer using the cert and key +{{- if ne .Values.certManager.selfSignedCert true }} +apiVersion: v1 +data: + tls.crt: {{ .Values.certManager.certificateFile }} + tls.key: {{ .Values.certManager.privateKeyFile }} +kind: Secret +type: kubernetes.io/tls +metadata: + name: csirevproxy-tls-secret + namespace: {{ .Release.Namespace }} + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: csirevproxy-issuer + namespace: {{ .Release.Namespace }} +spec: + ca: + secretName: csirevproxy-tls-secret +--- +{{- else }} +# deploy a selfsigned-issuer +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} + +--- +{{- end }} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: csirevproxy-tls-cert + namespace: {{ .Release.Namespace }} +spec: + secretName: csirevproxy-tls-secret + commonName: powermax-reverseproxy + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dellemc + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - powermax-reverseproxy + - powermax-reverseproxy.powermax.svc.cluster.local + - reverseproxy + issuerRef: + {{- if ne .Values.certManager.selfSignedCert true }} + name: csirevproxy-issuer + {{- else }} + name: selfsigned-issuer + {{- end }} + kind: Issuer + group: cert-manager.io +--- \ No newline at end of file diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/templates/configmap.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/templates/configmap.yaml index f33e26e26..27938ea42 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/templates/configmap.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/templates/configmap.yaml @@ -2,6 +2,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ .Release.Name }}-reverseproxy-config - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} data: {{ tpl (.Files.Glob "conf/config.yaml").AsConfig . | indent 2 }} diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy-rbac.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy-rbac.yaml index 3de519e6b..2cf759935 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy-rbac.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy-rbac.yaml @@ -3,7 +3,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Release.Name }}-reverseproxy - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} rules: - apiGroups: [""] resources: ["secrets"] @@ -13,11 +13,11 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Release.Name }}-reverseproxy - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount name: {{ .Release.Name }}-reverseproxy - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} roleRef: kind: Role name: {{ .Release.Name }}-reverseproxy diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml index 2c39b851e..53d291ca4 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-reverseproxy - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: @@ -29,7 +29,7 @@ spec: - name: X_CSI_REVPROXY_TLS_CERT_DIR value: /app/tls - name: X_CSI_REVPROXY_WATCH_NAMESPACE - value: {{ include "custom.namespace" . }} + value: {{ .Release.Namespace }} volumeMounts: - name: configmap-volume mountPath: /etc/config/configmap diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/templates/service.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/templates/service.yaml index 503ca3149..ea1b34e43 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/templates/service.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/templates/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ .Release.Name }}-reverseproxy - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} spec: ports: - port: {{ .Values.port }} diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/templates/serviceaccount.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/templates/serviceaccount.yaml index ddc5e8655..aa37a367c 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/templates/serviceaccount.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/templates/serviceaccount.yaml @@ -3,5 +3,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Release.Name }}-reverseproxy - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} {{- end }} \ No newline at end of file diff --git a/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml b/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml index f017be39e..32b0106bb 100644 --- a/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml +++ b/charts/dell/csi-powermax/charts/csireverseproxy/values.yaml @@ -1,4 +1,4 @@ -image: dellemc/csipowermax-reverseproxy:v2.5.0 +image: dellemc/csipowermax-reverseproxy:v2.6.0 port: 2222 # TLS secret which is used for setting up the proxy HTTPS server diff --git a/charts/dell/csi-powermax/templates/_helpers.tpl b/charts/dell/csi-powermax/templates/_helpers.tpl index c7cd1ba5a..0ad1b65d7 100644 --- a/charts/dell/csi-powermax/templates/_helpers.tpl +++ b/charts/dell/csi-powermax/templates/_helpers.tpl @@ -3,58 +3,48 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-powermax.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powermax.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powermax.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powermax.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powermax.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powermax.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} - -{{/* -Namespace for all resources to be installed into -If not defined in values file then the helm release namespace is used -By default this is not set so the helm release namespace will be used -*/}} - -{{- define "custom.namespace" -}} - {{ .Values.namespace | default .Release.Namespace }} -{{- end -}} \ No newline at end of file diff --git a/charts/dell/csi-powermax/templates/controller.yaml b/charts/dell/csi-powermax/templates/controller.yaml index 4e6d4e73d..f5118102e 100644 --- a/charts/dell/csi-powermax/templates/controller.yaml +++ b/charts/dell/csi-powermax/templates/controller.yaml @@ -2,13 +2,13 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{.Release.Name}}-controller - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: {{- if eq .Values.customDriverName.enabled true}} - name: {{printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value}} + name: {{printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value}} {{- else }} name: {{ .Release.Name }}-controller {{- end }} @@ -97,18 +97,18 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: {{- if eq .Values.customDriverName.enabled true}} - name: {{ printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value }} + name: {{ printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value }} {{- else }} name: {{ .Release.Name }}-controller {{- end }} subjects: - kind: ServiceAccount name: {{ .Release.Name }}-controller - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole {{- if eq .Values.customDriverName.enabled true}} - name: {{ printf "%s-%s-controller" ( include "custom.namespace" . ) .Values.customDriverName.value }} + name: {{ printf "%s-%s-controller" .Release.Namespace .Values.customDriverName.value }} {{- else }} name: {{ .Release.Name }}-controller {{- end }} @@ -118,7 +118,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-controller - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} {{- if hasKey .Values "authorization" }} {{- if eq .Values.authorization.enabled true }} annotations: @@ -345,7 +345,7 @@ spec: {{- end }} - name: X_CSI_POWERMAX_DRIVER_NAME {{- if eq .Values.customDriverName.enabled true}} - value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" ( include "custom.namespace" . ) .Values.customDriverName.value) }} + value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" .Release.Namespace .Values.customDriverName.value) }} {{- else }} value: csi-powermax.dellemc.com {{- end }} @@ -448,7 +448,7 @@ spec: - name: X_CSI_REVPROXY_TLS_CERT_DIR value: /app/tls - name: X_CSI_REVPROXY_WATCH_NAMESPACE - value: {{ include "custom.namespace" . }} + value: {{ .Release.Namespace }} - name: X_CSI_REVPROXY_IS_LEADER_ENABLED value: "true" volumeMounts: diff --git a/charts/dell/csi-powermax/templates/csidriver.yaml b/charts/dell/csi-powermax/templates/csidriver.yaml index 0160ef76f..52cc66945 100644 --- a/charts/dell/csi-powermax/templates/csidriver.yaml +++ b/charts/dell/csi-powermax/templates/csidriver.yaml @@ -2,7 +2,7 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: {{- if eq .Values.customDriverName.enabled true}} - name: {{ printf "%s-%s" ( include "custom.namespace" . ) .Values.customDriverName.value }} + name: {{ printf "%s-%s" .Release.Namespace .Values.customDriverName.value }} {{- else }} name: csi-powermax {{- end }} diff --git a/charts/dell/csi-powermax/templates/driver-config-params.yaml b/charts/dell/csi-powermax/templates/driver-config-params.yaml index 2068da2a3..1f39a8b3f 100644 --- a/charts/dell/csi-powermax/templates/driver-config-params.yaml +++ b/charts/dell/csi-powermax/templates/driver-config-params.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ .Release.Name }}-config-params - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} data: driver-config-params.yaml: | CSI_LOG_LEVEL: {{ .Values.global.logLevel | default "debug" }} diff --git a/charts/dell/csi-powermax/templates/node.yaml b/charts/dell/csi-powermax/templates/node.yaml index 6d70d614e..0d0cdae8f 100644 --- a/charts/dell/csi-powermax/templates/node.yaml +++ b/charts/dell/csi-powermax/templates/node.yaml @@ -3,13 +3,13 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Release.Name }}-node - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: {{- if eq .Values.customDriverName.enabled true}} - name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }} + name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }} {{- else }} name: {{ .Release.Name }}-node {{- end }} @@ -43,18 +43,18 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: {{- if eq .Values.customDriverName.enabled true}} - name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }} + name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }} {{- else }} name: {{ .Release.Name }}-node {{- end }} subjects: - kind: ServiceAccount name: {{ .Release.Name }}-node - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole {{- if eq .Values.customDriverName.enabled true}} - name: {{ printf "%s-%s-node" ( include "custom.namespace" . ) .Values.customDriverName.value }} + name: {{ printf "%s-%s-node" .Release.Namespace .Values.customDriverName.value }} {{- else }} name: {{ .Release.Name }}-node {{- end }} @@ -65,7 +65,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: {{ .Release.Name }}-node - namespace: {{ include "custom.namespace" . }} + namespace: {{ .Release.Namespace }} {{- if hasKey .Values "authorization" }} {{- if eq .Values.authorization.enabled true }} annotations: @@ -113,7 +113,7 @@ spec: env: - name: X_CSI_POWERMAX_DRIVER_NAME {{- if eq .Values.customDriverName.enabled true }} - value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" ( include "custom.namespace" . ) .Values.customDriverName.value) }} + value: {{ required "Must provide a driver name" (printf "%s.%s.dellemc.com" .Release.Namespace .Values.customDriverName.value) }} {{- else }} value: csi-powermax.dellemc.com {{- end }} diff --git a/charts/dell/csi-powermax/values.yaml b/charts/dell/csi-powermax/values.yaml index ef37cf816..418b1c32f 100644 --- a/charts/dell/csi-powermax/values.yaml +++ b/charts/dell/csi-powermax/values.yaml @@ -49,7 +49,7 @@ global: # Current version of the driver # Don't modify this value as this value will be used by the install script -version: "v2.6.0" +version: "v2.7.0" images: # "driver" defines the container image, used for the driver container. @@ -255,8 +255,8 @@ enableCHAP: false csireverseproxy: # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.5.0" - image: dellemc/csipowermax-reverseproxy:v2.5.0 + # Example: "csipowermax-reverseproxy:v2.6.0" + image: dellemc/csipowermax-reverseproxy:v2.6.0 # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key # Default value: None @@ -277,9 +277,21 @@ csireverseproxy: # Default value: None # Example: "StandAlone" mode: StandAlone - # Optionally, uncomment and specify the name of the pre-created namespace to install the sidecar in it - # namespace: - + # Auto-create TLS certificate for csi-reverseproxy + certManager: + # Set selfSignedCert to use a self-signed certificate + # Default value: true + selfSignedCert: true + # certificateFile has tls.key content in encoded format + # Allowed Values: + # - encoded base64 value of tls.crt: cat tls.crt | base64 + # - comment the param, if selfsigned should be used + certificateFile: tls.crt.encoded64 + # privateKeyFile has tls.key content in encoded format + # Allowed Values: + # - encoded base64 value of tls.key: cat tls.key | base64 + # - comment the param, if selfsigned should be used + privateKeyFile: tls.key.encoded64 # clusterPrefix: Define a prefix that is appended onto # all resources created in the Array # This should be unique per K8s/CSI deployment @@ -363,7 +375,7 @@ replication: enabled: false # Change this to use any specific version of the dell-csi-replicator sidecar # Default value: None - image: dellemc/dell-csi-replicator:v1.4.0 + image: dellemc/dell-csi-replicator:v1.5.0 # replicationContextPrefix enables side cars to read # required information from the volume context # Default value: "powermax" @@ -384,10 +396,10 @@ migration: enabled: false # Change this to use any specific version of the dell-csi-migrator sidecar # Default value: None - image: dellemc/dell-csi-migrator:v1.1.0 + image: dellemc/dell-csi-migrator:v1.1.1 # Node rescan sidecar does a rescan on nodes for identifying new paths - # Default value: dellemc/dell-csi-node-rescanner:v1.0.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + # Default value: dellemc/dell-csi-node-rescanner:v1.0.1 + nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.1 # migrationPrefix: Determine if migration is enabled # Default value: "migration.storage.dell.com" # Examples: "migration.storage.dell.com" @@ -403,8 +415,8 @@ migration: authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.6.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + # Default value: dellemc/csm-authorization-sidecar:v1.7.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -435,6 +447,3 @@ vSphere: vCenterHost: "00.000.000.00" # vCenterCredSecret: secret name for the vCenter credentials vCenterCredSecret: vcenter-creds - -# Optionally, uncomment and specify the name of the pre-created namespace to install the driver in it -# namespace: diff --git a/charts/dell/csi-powerstore/Chart.yaml b/charts/dell/csi-powerstore/Chart.yaml index 91624f8f8..7b55650bf 100644 --- a/charts/dell/csi-powerstore/Chart.yaml +++ b/charts/dell/csi-powerstore/Chart.yaml @@ -1,10 +1,10 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerStore - catalog.cattle.io/kube-version: '>= 1.22.0 < 1.27.0' - catalog.cattle.io/release-name: csi-powerstore + catalog.cattle.io/kube-version: '>= 1.22.0 < 1.28.0' + catalog.cattle.io/release-name: powerstore apiVersion: v2 -appVersion: 2.6.0 +appVersion: 2.7.0 description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerStore StorageClass. ' @@ -13,10 +13,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png keywords: - csi - storage -kubeVersion: '>= 1.22.0 < 1.27.0' +kubeVersion: '>= 1.22.0 < 1.28.0' maintainers: - name: DellEMC name: csi-powerstore sources: - https://github.com/dell/csi-powerstore -version: 2.6.0 +version: 2.7.0 diff --git a/charts/dell/csi-powerstore/templates/_helpers.tpl b/charts/dell/csi-powerstore/templates/_helpers.tpl index 26242cb8c..8da93b35e 100644 --- a/charts/dell/csi-powerstore/templates/_helpers.tpl +++ b/charts/dell/csi-powerstore/templates/_helpers.tpl @@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-powerstore.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powerstore.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powerstore.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powerstore.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powerstore.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-powerstore.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/dell/csi-powerstore/templates/controller.yaml b/charts/dell/csi-powerstore/templates/controller.yaml index 30673027f..8770c6a2d 100644 --- a/charts/dell/csi-powerstore/templates/controller.yaml +++ b/charts/dell/csi-powerstore/templates/controller.yaml @@ -1,6 +1,6 @@ # # -# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/charts/dell/csi-powerstore/templates/node.yaml b/charts/dell/csi-powerstore/templates/node.yaml index f09982d83..eb0ce7f09 100644 --- a/charts/dell/csi-powerstore/templates/node.yaml +++ b/charts/dell/csi-powerstore/templates/node.yaml @@ -1,6 +1,6 @@ # # -# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -105,7 +105,7 @@ spec: tolerations: {{- toYaml .Values.node.tolerations | nindent 6 }} {{ end }} - serviceAccount: {{ .Release.Name }}-node + serviceAccountName: {{ .Release.Name }}-node dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostIPC: true diff --git a/charts/dell/csi-powerstore/values.yaml b/charts/dell/csi-powerstore/values.yaml index c5aee2bfc..0d4686b18 100644 --- a/charts/dell/csi-powerstore/values.yaml +++ b/charts/dell/csi-powerstore/values.yaml @@ -1,6 +1,6 @@ # # -# Copyright © 2020-2022 Dell Inc. or its subsidiaries. All Rights Reserved. +# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ driverName: "csi-powerstore.dellemc.com" # Driver version required to pull the latest driver image -version: "v2.6.0" +version: "v2.7.0" # Specify kubelet config dir path. # Ensure that the config.yaml file is present at this path. @@ -151,7 +151,7 @@ controller: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.4.0 + image: dellemc/dell-csi-replicator:v1.5.0 # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string @@ -164,7 +164,7 @@ controller: replicationPrefix: "replication.storage.dell.com" # Image for csi-metadata-retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.3.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.4.0 # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each @@ -311,7 +311,7 @@ storageCapacity: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: dellemc/podmon:v1.6.0 #controller: # args: # - "--csisock=unix:/var/run/csi/csi.sock" diff --git a/charts/dell/csi-unity/Chart.yaml b/charts/dell/csi-unity/Chart.yaml index a0bf72529..0a3070d26 100644 --- a/charts/dell/csi-unity/Chart.yaml +++ b/charts/dell/csi-unity/Chart.yaml @@ -1,11 +1,10 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI Unity - catalog.cattle.io/kube-version: '>= 1.24.0 < 1.27.0' - catalog.cattle.io/namespace: unity - catalog.cattle.io/release-name: csi-unity + catalog.cattle.io/kube-version: '>= 1.24.0 < 1.28.0' + catalog.cattle.io/release-name: unity apiVersion: v1 -appVersion: 2.6.0 +appVersion: 2.7.0 description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a Unity XT StorageClass. ' @@ -13,10 +12,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png keywords: - csi - storage -kubeVersion: '>= 1.24.0 < 1.27.0' +kubeVersion: '>= 1.24.0 < 1.28.0' maintainers: - name: DellEMC name: csi-unity sources: - https://github.com/dell/csi-unity -version: 2.6.0 +version: 2.7.0 diff --git a/charts/dell/csi-unity/templates/_helpers.tpl b/charts/dell/csi-unity/templates/_helpers.tpl index 106d91c39..e5bc0130f 100644 --- a/charts/dell/csi-unity/templates/_helpers.tpl +++ b/charts/dell/csi-unity/templates/_helpers.tpl @@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-unity.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-unity.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-unity.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-unity.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-unity.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-unity.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/dell/csi-unity/values.yaml b/charts/dell/csi-unity/values.yaml index 81201fa6a..5cca28ff7 100644 --- a/charts/dell/csi-unity/values.yaml +++ b/charts/dell/csi-unity/values.yaml @@ -3,8 +3,8 @@ # version: version of this values file # Note: Do not change this value -# Examples : "v2.6.0" , "nightly" -version: "v2.6.0" +# Examples : "v2.7.0" , "nightly" +version: "v2.7.0" # LogLevel is used to set the logging level of the driver. # Allowed values: "error", "warn"/"warning", "info", "debug" @@ -181,6 +181,7 @@ node: # - key: "isilon.podmon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" + # CSM module attributes # service to monitor failing jobs and notify podmon: @@ -193,27 +194,27 @@ podmon: # allowed values - string # default value : None # Example : "podman:latest", "pod:latest" - image: dellemc/podmon:v1.5.0 -# controller: -# args: -# - "--csisock=unix:/var/run/csi/csi.sock" -# - "--labelvalue=csi-unity" -# - "--driverPath=csi-unity.dellemc.com" -# - "--mode=controller" -# - "--skipArrayConnectionValidation=false" -# - "--driver-config-params=/unity-config/driver-config-params.yaml" -# - "--driverPodLabelValue=dell-storage" -# - "--ignoreVolumelessPods=false" -# node: -# args: -# - "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock" -# - "--labelvalue=csi-unity" -# - "--driverPath=csi-unity.dellemc.com" -# - "--mode=node" -# - "--leaderelection=false" -# - "--driver-config-params=/unity-config/driver-config-params.yaml" -# - "--driverPodLabelValue=dell-storage" -# - "--ignoreVolumelessPods=false" + image: dellemc/podmon:v1.6.0 + controller: + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-unity" + - "--driverPath=csi-unity.dellemc.com" + - "--mode=controller" + - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/unity-config/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + node: + args: + - "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock" + - "--labelvalue=csi-unity" + - "--driverPath=csi-unity.dellemc.com" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/unity-config/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" ### The below parameters have been discontinued for configuration from secret.yaml and will have to be configured only in values.yaml diff --git a/charts/dell/csi-vxflexos/Chart.yaml b/charts/dell/csi-vxflexos/Chart.yaml index f00c8477f..0070812fd 100644 --- a/charts/dell/csi-vxflexos/Chart.yaml +++ b/charts/dell/csi-vxflexos/Chart.yaml @@ -1,11 +1,11 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerFlex - catalog.cattle.io/kube-version: '>= 1.21.0 < 1.27.0' + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0' catalog.cattle.io/namespace: vxflexos catalog.cattle.io/release-name: vxflexos apiVersion: v2 -appVersion: 2.6.0 +appVersion: 2.7.0 description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a VxFlex OS StorageClass. ' @@ -13,10 +13,10 @@ icon: https://partner-charts.rancher.io/assets/logos/dell.png keywords: - csi - storage -kubeVersion: '>= 1.21.0 < 1.27.0' +kubeVersion: '>= 1.21.0 < 1.28.0' maintainers: - name: DellEMC name: csi-vxflexos sources: - https://github.com/dell/csi-vxflexos -version: 2.6.0 +version: 2.7.0 diff --git a/charts/dell/csi-vxflexos/templates/_helpers.tpl b/charts/dell/csi-vxflexos/templates/_helpers.tpl index 2f501bc45..63e654eaf 100644 --- a/charts/dell/csi-vxflexos/templates/_helpers.tpl +++ b/charts/dell/csi-vxflexos/templates/_helpers.tpl @@ -3,48 +3,48 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-vxflexos.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-vxflexos.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-vxflexos.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-vxflexos.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-vxflexos.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} {{- end -}} {{- define "csi-vxflexos.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "26") -}} - {{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/dell/csi-vxflexos/values.yaml b/charts/dell/csi-vxflexos/values.yaml index 7ca1cab9c..3efb8d38b 100644 --- a/charts/dell/csi-vxflexos/values.yaml +++ b/charts/dell/csi-vxflexos/values.yaml @@ -3,7 +3,7 @@ # "version" is used to verify the values file matches driver version # Not recommend to change -version: v2.6.0 +version: v2.7.0 images: # "driver" defines the container image, used for the driver container. @@ -95,7 +95,7 @@ controller: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.4.0 + image: dellemc/dell-csi-replicator:v1.5.0 # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string @@ -277,7 +277,7 @@ vgsnapshotter: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: dellemc/podmon:v1.6.0 #controller: # args: # - "--csisock=unix:/var/run/csi/csi.sock" @@ -308,8 +308,8 @@ authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.6.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + # Default value: dellemc/csm-authorization-sidecar:v1.7.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 # proxyHost: hostname of the csm-authorization server # Default value: None diff --git a/charts/external-secrets/external-secrets/Chart.yaml b/charts/external-secrets/external-secrets/Chart.yaml index 3649f1504..afa2f94df 100644 --- a/charts/external-secrets/external-secrets/Chart.yaml +++ b/charts/external-secrets/external-secrets/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.19.0-0' catalog.cattle.io/release-name: external-secrets apiVersion: v2 -appVersion: v0.8.3 +appVersion: v0.9.0 description: External secret management for Kubernetes home: https://github.com/external-secrets/external-secrets icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png @@ -17,4 +17,4 @@ maintainers: name: mcavoyk name: external-secrets type: application -version: 0.8.3 +version: 0.9.0 diff --git a/charts/external-secrets/external-secrets/README.md b/charts/external-secrets/external-secrets/README.md index 7d17bccd8..b43910697 100644 --- a/charts/external-secrets/external-secrets/README.md +++ b/charts/external-secrets/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) External secret management for Kubernetes @@ -82,6 +82,7 @@ The command removes all the Kubernetes components associated with the chart and | certController.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | certController.tolerations | list | `[]` | | | certController.topologySpreadConstraints | list | `[]` | | +| commonLabels | object | `{}` | Additional labels added to all helm chart resources. | | concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. | | controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. | | crds.annotations | object | `{}` | | @@ -151,6 +152,13 @@ The command removes all the Kubernetes components associated with the chart and | webhook.affinity | object | `{}` | | | webhook.certCheckInterval | string | `"5m"` | Specifices the time to check if the cert is valid | | webhook.certDir | string | `"/tmp/certs"` | | +| webhook.certManager.addInjectorAnnotations | bool | `true` | Automatically add the cert-manager.io/inject-ca-from annotation to the webhooks and CRDs. As long as you have the cert-manager CA Injector enabled, this will automatically setup your webhook's CA to the one used by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector | +| webhook.certManager.cert.annotations | object | `{}` | Add extra annotations to the Certificate resource. | +| webhook.certManager.cert.create | bool | `true` | Create a certificate resource within this chart. See https://cert-manager.io/docs/usage/certificate/ | +| webhook.certManager.cert.duration | string | `""` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec | +| webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec | +| webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. | +| webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ | | webhook.create | bool | `true` | Specifies whether a webhook deployment be created. | | webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment | | webhook.extraArgs | object | `{}` | | diff --git a/charts/external-secrets/external-secrets/templates/_helpers.tpl b/charts/external-secrets/external-secrets/templates/_helpers.tpl index 10ccbc488..92031fe2f 100644 --- a/charts/external-secrets/external-secrets/templates/_helpers.tpl +++ b/charts/external-secrets/external-secrets/templates/_helpers.tpl @@ -40,6 +40,9 @@ helm.sh/chart: {{ include "external-secrets.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{- define "external-secrets-webhook.labels" -}} @@ -49,11 +52,17 @@ helm.sh/chart: {{ include "external-secrets.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{- define "external-secrets-webhook-metrics.labels" -}} {{ include "external-secrets-webhook.selectorLabels" . }} app.kubernetes.io/metrics: "webhook" +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{- define "external-secrets-cert-controller.labels" -}} @@ -63,11 +72,17 @@ helm.sh/chart: {{ include "external-secrets.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{- define "external-secrets-cert-controller-metrics.labels" -}} {{ include "external-secrets-cert-controller.selectorLabels" . }} app.kubernetes.io/metrics: "cert-controller" +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} {{- end }} {{/* diff --git a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml index edfcaf9f4..644070e6b 100644 --- a/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/acraccesstoken.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml index c553e52c5..62c4e1561 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clusterexternalsecret.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -50,6 +53,18 @@ spec: spec: description: ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret. properties: + externalSecretMetadata: + description: The metadata of the external secrets to be created + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object externalSecretName: description: The name of the external secrets to be created defaults to the name of the ClusterExternalSecret type: string diff --git a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml index b811e88ca..9fbb676d7 100644 --- a/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/clustersecretstore.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -1496,6 +1499,24 @@ spec: - SecretsManager - ParameterStore type: string + sessionTags: + description: AWS STS assume role session tags + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + transitiveTagKeys: + description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore + items: + type: string + type: array required: - region - service @@ -1579,6 +1600,57 @@ spec: required: - vaultUrl type: object + conjur: + description: Conjur configures this store to sync secrets using conjur provider + properties: + auth: + properties: + apikey: + properties: + account: + type: string + apiKeyRef: + description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + userRef: + description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + required: + - account + - apiKeyRef + - userRef + type: object + required: + - apikey + type: object + caBundle: + type: string + url: + type: string + required: + - auth + - url + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: @@ -1626,6 +1698,7 @@ spec: - lower-snake - tf-var - dotnet-env + - lower-kebab type: string project: description: Doppler project (required if not using a Service Token) diff --git a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml index afe49a89c..900f4b647 100644 --- a/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/ecrauthorizationtoken.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml index a62b4b05a..4b29ad957 100644 --- a/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/externalsecret.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/fake.yaml b/charts/external-secrets/external-secrets/templates/crds/fake.yaml index 261a4a889..36c6aeab1 100644 --- a/charts/external-secrets/external-secrets/templates/crds/fake.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/fake.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml index b733f2692..2587be73f 100644 --- a/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/gcraccesstoken.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/password.yaml b/charts/external-secrets/external-secrets/templates/crds/password.yaml index 2b9e59c92..f6b5e8511 100644 --- a/charts/external-secrets/external-secrets/templates/crds/password.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/password.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml index 48f7f2946..6c0a603f3 100644 --- a/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/pushsecret.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml index a37d10969..b3ef58d59 100644 --- a/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/secretstore.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -1496,6 +1499,24 @@ spec: - SecretsManager - ParameterStore type: string + sessionTags: + description: AWS STS assume role session tags + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + transitiveTagKeys: + description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore + items: + type: string + type: array required: - region - service @@ -1579,6 +1600,57 @@ spec: required: - vaultUrl type: object + conjur: + description: Conjur configures this store to sync secrets using conjur provider + properties: + auth: + properties: + apikey: + properties: + account: + type: string + apiKeyRef: + description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + userRef: + description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + required: + - account + - apiKeyRef + - userRef + type: object + required: + - apikey + type: object + caBundle: + type: string + url: + type: string + required: + - auth + - url + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: @@ -1626,6 +1698,7 @@ spec: - lower-snake - tf-var - dotnet-env + - lower-kebab type: string project: description: Doppler project (required if not using a Service Token) diff --git a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml index 5933773a5..e02194c0c 100644 --- a/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml +++ b/charts/external-secrets/external-secrets/templates/crds/vaultdynamicsecret.yaml @@ -6,7 +6,10 @@ metadata: {{- with .Values.crds.annotations }} {{- toYaml . | nindent 4}} {{- end }} - controller-gen.kubebuilder.io/version: v0.11.4 + {{- if and .Values.crds.conversion.enabled .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} + controller-gen.kubebuilder.io/version: v0.12.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/charts/external-secrets/external-secrets/templates/validatingwebhook.yaml b/charts/external-secrets/external-secrets/templates/validatingwebhook.yaml index d1bc2efac..a365b3666 100644 --- a/charts/external-secrets/external-secrets/templates/validatingwebhook.yaml +++ b/charts/external-secrets/external-secrets/templates/validatingwebhook.yaml @@ -5,6 +5,13 @@ metadata: name: secretstore-validate labels: external-secrets.io/component: webhook + {{- with .Values.commonLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} webhooks: - name: "validate.secretstore.external-secrets.io" rules: @@ -44,6 +51,13 @@ metadata: name: externalsecret-validate labels: external-secrets.io/component: webhook + {{- with .Values.commonLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} + {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "external-secrets.fullname" . }}-webhook + {{- end }} webhooks: - name: "validate.externalsecret.external-secrets.io" rules: diff --git a/charts/external-secrets/external-secrets/templates/webhook-certificate.yaml b/charts/external-secrets/external-secrets/templates/webhook-certificate.yaml new file mode 100644 index 000000000..d8aff1a6d --- /dev/null +++ b/charts/external-secrets/external-secrets/templates/webhook-certificate.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.webhook.create .Values.webhook.certManager.enabled .Values.webhook.certManager.cert.create }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "external-secrets.fullname" . }}-webhook + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "external-secrets-webhook.labels" . | nindent 4 }} + external-secrets.io/component: webhook + {{- with .Values.webhook.certManager.cert.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + commonName: {{ include "external-secrets.fullname" . }}-webhook + dnsNames: + - {{ include "external-secrets.fullname" . }}-webhook + - {{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }} + - {{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}.svc + issuerRef: + {{- toYaml .Values.webhook.certManager.cert.issuerRef | nindent 4 }} + {{- with .Values.webhook.certManager.cert.duration }} + duration: {{ . | quote }} + {{- end }} + {{- with .Values.webhook.certManager.cert.renewBefore }} + renewBefore: {{ . | quote }} + {{- end }} + secretName: {{ include "external-secrets.fullname" . }}-webhook +{{- end }} diff --git a/charts/external-secrets/external-secrets/templates/webhook-secret.yaml b/charts/external-secrets/external-secrets/templates/webhook-secret.yaml index a0110b0ec..667a7b98b 100644 --- a/charts/external-secrets/external-secrets/templates/webhook-secret.yaml +++ b/charts/external-secrets/external-secrets/templates/webhook-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.webhook.create }} +{{- if and .Values.webhook.create (not .Values.webhook.certManager.enabled) }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index bf8c7190e..5fc2e6f32 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.8.3 - helm.sh/chart: external-secrets-0.8.3 + app.kubernetes.io/version: v0.9.0 + helm.sh/chart: external-secrets-0.9.0 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -33,7 +33,7 @@ should match snapshot of default values: - --service-namespace=NAMESPACE - --secret-name=RELEASE-NAME-external-secrets-webhook - --secret-namespace=NAMESPACE - image: ghcr.io/external-secrets/external-secrets:v0.8.3 + image: ghcr.io/external-secrets/external-secrets:v0.9.0 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap index e969aded0..6617a5e0b 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.8.3 - helm.sh/chart: external-secrets-0.8.3 + app.kubernetes.io/version: v0.9.0 + helm.sh/chart: external-secrets-0.9.0 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -28,7 +28,7 @@ should match snapshot of default values: containers: - args: - --concurrent=1 - image: ghcr.io/external-secrets/external-secrets:v0.8.3 + image: ghcr.io/external-secrets/external-secrets:v0.9.0 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 53ca18a0d..0d821c648 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.4 + controller-gen.kubebuilder.io/version: v0.12.0 name: secretstores.external-secrets.io spec: conversion: @@ -1504,6 +1504,24 @@ should match snapshot of default values: - SecretsManager - ParameterStore type: string + sessionTags: + description: AWS STS assume role session tags + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + transitiveTagKeys: + description: AWS STS assume role transitive session tags. Required when multiple rules are used with SecretStore + items: + type: string + type: array required: - region - service @@ -1587,6 +1605,57 @@ should match snapshot of default values: required: - vaultUrl type: object + conjur: + description: Conjur configures this store to sync secrets using conjur provider + properties: + auth: + properties: + apikey: + properties: + account: + type: string + apiKeyRef: + description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + userRef: + description: A reference to a specific 'key' within a Secret resource, In some instances, `key` is a required field. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + required: + - account + - apiKeyRef + - userRef + type: object + required: + - apikey + type: object + caBundle: + type: string + url: + type: string + required: + - auth + - url + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: @@ -1634,6 +1703,7 @@ should match snapshot of default values: - lower-snake - tf-var - dotnet-env + - lower-kebab type: string project: description: Doppler project (required if not using a Service Token) diff --git a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 4cad17db8..388bc4475 100644 --- a/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/charts/external-secrets/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.8.3 - helm.sh/chart: external-secrets-0.8.3 + app.kubernetes.io/version: v0.9.0 + helm.sh/chart: external-secrets-0.9.0 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -34,7 +34,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.8.3 + image: ghcr.io/external-secrets/external-secrets:v0.9.0 imagePullPolicy: IfNotPresent name: webhook ports: @@ -70,3 +70,16 @@ should match snapshot of default values: - name: certs secret: secretName: RELEASE-NAME-external-secrets-webhook + 2: | + apiVersion: v1 + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: external-secrets-webhook + app.kubernetes.io/version: v0.9.0 + external-secrets.io/component: webhook + helm.sh/chart: external-secrets-0.9.0 + name: RELEASE-NAME-external-secrets-webhook + namespace: NAMESPACE diff --git a/charts/external-secrets/external-secrets/tests/webhook_test.yaml b/charts/external-secrets/external-secrets/tests/webhook_test.yaml index 9c6eb695e..a81d8a499 100644 --- a/charts/external-secrets/external-secrets/tests/webhook_test.yaml +++ b/charts/external-secrets/external-secrets/tests/webhook_test.yaml @@ -1,10 +1,18 @@ suite: test webhook deployment templates: - webhook-deployment.yaml + - webhook-secret.yaml + - webhook-certificate.yaml + - validatingwebhook.yaml + - crds/externalsecret.yaml tests: - it: should match snapshot of default values asserts: - matchSnapshot: {} + templates: + - webhook-deployment.yaml + - webhook-secret.yaml + # webhook-certificate.yaml is not rendered by default - it: should set imagePullPolicy to Always set: webhook.image.pullPolicy: Always @@ -12,11 +20,13 @@ tests: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: Always + template: webhook-deployment.yaml - it: should imagePullPolicy to be default value IfNotPresent asserts: - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent + template: webhook-deployment.yaml - it: should override securityContext set: webhook.podSecurityContext: @@ -40,6 +50,7 @@ tests: runAsUser: 3000 seccompProfile: type: RuntimeDefault + template: webhook-deployment.yaml - it: should override hostNetwork set: webhook.hostNetwork: true @@ -47,3 +58,106 @@ tests: - equal: path: spec.template.spec.hostNetwork value: true + template: webhook-deployment.yaml + - it: should create a certificate CRD + set: + webhook.certManager.enabled: true + webhook.certManager.cert.duration: "10d" + webhook.certManager.cert.renewBefore: "5d" + asserts: + - equal: + path: metadata.name + value: "RELEASE-NAME-external-secrets-webhook" + - equal: + path: spec.secretName + value: "RELEASE-NAME-external-secrets-webhook" + - equal: + path: spec.commonName + value: "RELEASE-NAME-external-secrets-webhook" + - equal: + path: spec.dnsNames[0] + value: "RELEASE-NAME-external-secrets-webhook" + - equal: + path: spec.issuerRef.group + value: "cert-manager.io" + - equal: + path: spec.issuerRef.kind + value: "Issuer" + - equal: + path: spec.issuerRef.name + value: "my-issuer" + - equal: + path: spec.duration + value: "10d" + - equal: + path: spec.renewBefore + value: "5d" + - hasDocuments: + count: 1 + templates: + - webhook-certificate.yaml + - it: should not create the webhook secret + set: + webhook.certManager.enabled: true + asserts: + - hasDocuments: + count: 0 + template: webhook-secret.yaml + - it: should not create the secret nor the certificate + set: + webhook.certManager.enabled: true + webhook.certManager.cert.create: false + asserts: + - hasDocuments: + count: 0 + templates: + - webhook-secret.yaml + - webhook-certificate.yaml + - it: should + set: + webhook.certManager.enabled: true + asserts: + - equal: + path: metadata.name + value: "RELEASE-NAME-external-secrets-webhook" + - hasDocuments: + count: 1 + template: webhook-certificate.yaml + - it: should allow using a cluster issuer + set: + webhook.certManager.enabled: true + webhook.certManager.cert.issuerRef.kind: ClusterIssuer + webhook.certManager.cert.issuerRef.name: my-other-issuer + asserts: + - equal: + path: spec.issuerRef.kind + value: "ClusterIssuer" + - equal: + path: spec.issuerRef.name + value: "my-other-issuer" + templates: + - webhook-certificate.yaml + - it: should add annotations to the webhook + set: + webhook.create: true + webhook.certManager.enabled: true + webhook.certManager.addInjectorAnnotations: true + asserts: + - equal: + path: metadata.annotations["cert-manager.io/inject-ca-from"] + value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook" + templates: + - validatingwebhook.yaml + - crds/externalsecret.yaml + - it: should not add annotations to the webhook + set: + webhook.create: true + webhook.certManager.enabled: true + webhook.certManager.addInjectorAnnotations: false + asserts: + - isNull: + path: metadata.annotations["cert-manager.io/inject-ca-from"] + # value: "NAMESPACE/RELEASE-NAME-external-secrets-webhook" + templates: + - validatingwebhook.yaml + - crds/externalsecret.yaml diff --git a/charts/external-secrets/external-secrets/values.yaml b/charts/external-secrets/external-secrets/values.yaml index fa3cfc87f..5d99475b3 100644 --- a/charts/external-secrets/external-secrets/values.yaml +++ b/charts/external-secrets/external-secrets/values.yaml @@ -30,6 +30,9 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" +# -- Additional labels added to all helm chart resources. +commonLabels: {} + # -- If true, external-secrets will perform leader election between instances to ensure no more # than one instance of external-secrets operates at a time. leaderElect: false @@ -245,6 +248,40 @@ webhook: name: "" nodeSelector: {} + certManager: + # -- Enabling cert-manager support will disable the built in secret and + # switch to using cert-manager (installed separately) to automatically issue + # and renew the webhook certificate. This chart does not install + # cert-manager for you, See https://cert-manager.io/docs/ + enabled: false + # -- Automatically add the cert-manager.io/inject-ca-from annotation to the + # webhooks and CRDs. As long as you have the cert-manager CA Injector + # enabled, this will automatically setup your webhook's CA to the one used + # by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector + addInjectorAnnotations: true + cert: + # -- Create a certificate resource within this chart. See + # https://cert-manager.io/docs/usage/certificate/ + create: true + # -- For the Certificate created by this chart, setup the issuer. See + # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec + issuerRef: + group: cert-manager.io + kind: "Issuer" + name: "my-issuer" + # -- Set the requested duration (i.e. lifetime) of the Certificate. See + # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + duration: "" + # -- How long before the currently issued certificate’s expiry + # cert-manager should renew the certificate. See + # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + # Note that renewBefore should be greater than .webhook.lookaheadInterval + # since the webhook will check this far in advance that the certificate is + # valid. + renewBefore: "" + # -- Add extra annotations to the Certificate resource. + annotations: {} + tolerations: [] topologySpreadConstraints: [] diff --git a/charts/haproxy/haproxy/Chart.yaml b/charts/haproxy/haproxy/Chart.yaml index b5fe66da2..bf17a14e3 100644 --- a/charts/haproxy/haproxy/Chart.yaml +++ b/charts/haproxy/haproxy/Chart.yaml @@ -1,6 +1,6 @@ annotations: artifacthub.io/changes: | - - Use Ingress Controller 1.10.4 version for base image + - Add IPv4/IPv6 dualstack support (#194) catalog.cattle.io/certified: partner catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller catalog.cattle.io/kube-version: '>=1.22.0-0' @@ -21,4 +21,4 @@ name: haproxy sources: - https://github.com/haproxytech/kubernetes-ingress type: application -version: 1.30.6 +version: 1.31.0 diff --git a/charts/haproxy/haproxy/ci/daemonset-ipfamily-values.yaml b/charts/haproxy/haproxy/ci/daemonset-ipfamily-values.yaml new file mode 100644 index 000000000..cc8a97631 --- /dev/null +++ b/charts/haproxy/haproxy/ci/daemonset-ipfamily-values.yaml @@ -0,0 +1,5 @@ +controller: + kind: DaemonSet + service: + ipFamilies: [IPv4] + ipFamilyPolicy: SingleStack diff --git a/charts/haproxy/haproxy/ci/deployment-hpa-values.yaml b/charts/haproxy/haproxy/ci/deployment-hpa-values.yaml index 0c8326236..f3a570187 100644 --- a/charts/haproxy/haproxy/ci/deployment-hpa-values.yaml +++ b/charts/haproxy/haproxy/ci/deployment-hpa-values.yaml @@ -1,5 +1,4 @@ controller: - kind: Deployment autoscaling: enabled: true minReplicas: 1 diff --git a/charts/haproxy/haproxy/ci/deployment-ipfamily-values.yaml b/charts/haproxy/haproxy/ci/deployment-ipfamily-values.yaml new file mode 100644 index 000000000..6776d901d --- /dev/null +++ b/charts/haproxy/haproxy/ci/deployment-ipfamily-values.yaml @@ -0,0 +1,4 @@ +controller: + service: + ipFamilies: [IPv4] + ipFamilyPolicy: SingleStack diff --git a/charts/haproxy/haproxy/templates/controller-service.yaml b/charts/haproxy/haproxy/templates/controller-service.yaml index eb7877403..bcef8ce1c 100644 --- a/charts/haproxy/haproxy/templates/controller-service.yaml +++ b/charts/haproxy/haproxy/templates/controller-service.yaml @@ -91,6 +91,13 @@ spec: {{- if .Values.controller.service.sessionAffinity }} sessionAffinity: {{ .Values.controller.service.sessionAffinity }} {{- end }} +{{- if .Values.controller.service.ipFamilies }} + ipFamilies: +{{- toYaml .Values.controller.service.ipFamilies | nindent 4 }} +{{- end }} +{{- if .Values.controller.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.controller.service.ipFamilyPolicy | quote }} +{{- end }} externalIPs: {{- if .Values.controller.service.externalIPs }} {{ toYaml .Values.controller.service.externalIPs | indent 4 }} diff --git a/charts/haproxy/haproxy/values.yaml b/charts/haproxy/haproxy/values.yaml index 7989f6408..f7726220b 100644 --- a/charts/haproxy/haproxy/values.yaml +++ b/charts/haproxy/haproxy/values.yaml @@ -424,6 +424,12 @@ controller: ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ # clusterIP: "" + ## IPv4/IPv6 dual-stack + ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/ + ## + # ipFamilies: [IPv4, IPv6] + # ipFamilyPolicy: PreferDualStack + ## Service session affinity ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ # sessionAffinity: "" diff --git a/charts/hashicorp/vault/CHANGELOG.md b/charts/hashicorp/vault/CHANGELOG.md index 741c5ab81..f3c466f2c 100644 --- a/charts/hashicorp/vault/CHANGELOG.md +++ b/charts/hashicorp/vault/CHANGELOG.md @@ -1,5 +1,21 @@ ## Unreleased +## 0.25.0 (June 26, 2023) + +Changes: +* Latest Kubernetes version tested is now 1.27 +* server: Headless service ignores `server.service.publishNotReadyAddresses` setting and always sets it as `true` [GH-902](https://github.com/hashicorp/vault-helm/pull/902) +* `vault` updated to 1.14.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916) +* `vault-csi-provider` updated to 1.4.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916) + +Improvements: +* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862) +* injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798) +* Minimum kubernetes version for chart reverted to 1.20.0 to allow installation on clusters older than the oldest tested version [GH-916](https://github.com/hashicorp/vault-helm/pull/916) + +Bugs: +* server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886) + ## 0.24.1 (April 17, 2023) Bugs: diff --git a/charts/hashicorp/vault/Chart.yaml b/charts/hashicorp/vault/Chart.yaml index e511c9ac5..c9d356254 100644 --- a/charts/hashicorp/vault/Chart.yaml +++ b/charts/hashicorp/vault/Chart.yaml @@ -1,11 +1,11 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Hashicorp Vault - catalog.cattle.io/kube-version: '>= 1.22.0-0' + catalog.cattle.io/kube-version: '>= 1.20.0-0' catalog.cattle.io/release-name: vault charts.openshift.io/name: HashiCorp Vault apiVersion: v2 -appVersion: 1.13.1 +appVersion: 1.14.0 description: Official HashiCorp Vault Chart home: https://www.vaultproject.io icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png @@ -17,11 +17,11 @@ keywords: - management - automation - infrastructure -kubeVersion: '>= 1.22.0-0' +kubeVersion: '>= 1.20.0-0' name: vault sources: - https://github.com/hashicorp/vault - https://github.com/hashicorp/vault-helm - https://github.com/hashicorp/vault-k8s - https://github.com/hashicorp/vault-csi-provider -version: 0.24.1 +version: 0.25.0 diff --git a/charts/hashicorp/vault/templates/_helpers.tpl b/charts/hashicorp/vault/templates/_helpers.tpl index 4b6baf10e..dafac3787 100644 --- a/charts/hashicorp/vault/templates/_helpers.tpl +++ b/charts/hashicorp/vault/templates/_helpers.tpl @@ -849,6 +849,34 @@ Sets the injector toleration for pod placement {{- end }} {{- end -}} +{{/* +Sets the CSI provider nodeSelector for pod placement +*/}} +{{- define "csi.pod.nodeselector" -}} + {{- if .Values.csi.pod.nodeSelector }} + nodeSelector: + {{- $tp := typeOf .Values.csi.pod.nodeSelector }} + {{- if eq $tp "string" }} + {{ tpl .Values.csi.pod.nodeSelector . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.csi.pod.nodeSelector | nindent 8 }} + {{- end }} + {{- end }} +{{- end -}} +{{/* +Sets the CSI provider affinity for pod placement. +*/}} +{{- define "csi.pod.affinity" -}} + {{- if .Values.csi.pod.affinity }} + affinity: + {{ $tp := typeOf .Values.csi.pod.affinity }} + {{- if eq $tp "string" }} + {{- tpl .Values.csi.pod.affinity . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.csi.pod.affinity | nindent 8 }} + {{- end }} + {{ end }} +{{- end -}} {{/* Sets extra CSI provider pod annotations */}} diff --git a/charts/hashicorp/vault/templates/csi-daemonset.yaml b/charts/hashicorp/vault/templates/csi-daemonset.yaml index a32ef7c70..28e7cd070 100644 --- a/charts/hashicorp/vault/templates/csi-daemonset.yaml +++ b/charts/hashicorp/vault/templates/csi-daemonset.yaml @@ -45,6 +45,8 @@ spec: {{- end }} serviceAccountName: {{ template "vault.fullname" . }}-csi-provider {{- template "csi.pod.tolerations" . }} + {{- template "csi.pod.nodeselector" . }} + {{- template "csi.pod.affinity" . }} containers: - name: {{ include "vault.name" . }}-csi-provider {{ template "csi.resources" . }} diff --git a/charts/hashicorp/vault/templates/injector-deployment.yaml b/charts/hashicorp/vault/templates/injector-deployment.yaml index 7e0101a41..fbf32c093 100644 --- a/charts/hashicorp/vault/templates/injector-deployment.yaml +++ b/charts/hashicorp/vault/templates/injector-deployment.yaml @@ -109,6 +109,14 @@ spec: value: "{{ .Values.injector.agentDefaults.memRequest }}" - name: AGENT_INJECT_MEM_LIMIT value: "{{ .Values.injector.agentDefaults.memLimit }}" + {{- if .Values.injector.agentDefaults.ephemeralRequest }} + - name: AGENT_INJECT_EPHEMERAL_REQUEST + value: "{{ .Values.injector.agentDefaults.ephemeralRequest }}" + {{- end }} + {{- if .Values.injector.agentDefaults.ephemeralLimit }} + - name: AGENT_INJECT_EPHEMERAL_LIMIT + value: "{{ .Values.injector.agentDefaults.ephemeralLimit }}" + {{- end }} - name: AGENT_INJECT_DEFAULT_TEMPLATE value: "{{ .Values.injector.agentDefaults.template }}" - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE diff --git a/charts/hashicorp/vault/templates/server-headless-service.yaml b/charts/hashicorp/vault/templates/server-headless-service.yaml index c4eca7af7..42e1aa000 100644 --- a/charts/hashicorp/vault/templates/server-headless-service.yaml +++ b/charts/hashicorp/vault/templates/server-headless-service.yaml @@ -23,7 +23,7 @@ metadata: {{ template "vault.service.annotations" .}} spec: clusterIP: None - publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }} + publishNotReadyAddresses: true ports: - name: "{{ include "vault.scheme" . }}" port: {{ .Values.server.service.port }} diff --git a/charts/hashicorp/vault/values.openshift.yaml b/charts/hashicorp/vault/values.openshift.yaml index da71dcfb9..6e575e4d4 100644 --- a/charts/hashicorp/vault/values.openshift.yaml +++ b/charts/hashicorp/vault/values.openshift.yaml @@ -13,9 +13,9 @@ injector: agentImage: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" + tag: "1.14.0-ubi" server: image: repository: "registry.connect.redhat.com/hashicorp/vault" - tag: "1.13.1-ubi" + tag: "1.14.0-ubi" diff --git a/charts/hashicorp/vault/values.schema.json b/charts/hashicorp/vault/values.schema.json index 44980e169..ecb97dece 100644 --- a/charts/hashicorp/vault/values.schema.json +++ b/charts/hashicorp/vault/values.schema.json @@ -136,6 +136,13 @@ "pod": { "type": "object", "properties": { + "affinity": { + "type": [ + "null", + "object", + "string" + ] + }, "annotations": { "type": [ "object", @@ -145,6 +152,13 @@ "extraLabels": { "type": "object" }, + "nodeSelector": { + "type": [ + "null", + "object", + "string" + ] + }, "tolerations": { "type": [ "null", @@ -266,6 +280,12 @@ "memRequest": { "type": "string" }, + "ephemeralLimit": { + "type": "string" + }, + "ephemeralRequest": { + "type": "string" + }, "template": { "type": "string" }, @@ -1060,6 +1080,25 @@ } } }, + "serverTelemetry": { + "type": "object", + "properties": { + "prometheusRules": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "rules": { + "type": "array" + }, + "selectors": { + "type": "object" + } + } + } + } + }, "ui": { "type": "object", "properties": { diff --git a/charts/hashicorp/vault/values.yaml b/charts/hashicorp/vault/values.yaml index 9e35ac8bc..58eb8a221 100644 --- a/charts/hashicorp/vault/values.yaml +++ b/charts/hashicorp/vault/values.yaml @@ -73,7 +73,7 @@ injector: # required. agentImage: repository: "hashicorp/vault" - tag: "1.13.1" + tag: "1.14.0" # The default values for the injected Vault Agent containers. agentDefaults: @@ -83,6 +83,8 @@ injector: cpuRequest: "250m" memLimit: "128Mi" memRequest: "64Mi" + # ephemeralLimit: "128Mi" + # ephemeralRequest: "64Mi" # Default template type for secrets when no custom template is specified. # Possible values include: "json" and "map". @@ -372,7 +374,7 @@ server: image: repository: "hashicorp/vault" - tag: "1.13.1" + tag: "1.14.0" # Overrides the default Image Pull Policy pullPolicy: IfNotPresent @@ -521,7 +523,7 @@ server: livenessProbe: enabled: false path: "/v1/sys/health?standbyok=true" - # Port nuumber on which livenessProbe will be checked. + # Port number on which livenessProbe will be checked. port: 8200 # When a probe fails, Kubernetes will try failureThreshold times before giving up failureThreshold: 2 @@ -671,7 +673,9 @@ server: # or NodePort. #type: ClusterIP - # Do not wait for pods to be ready + # Do not wait for pods to be ready before including them in the services' + # targets. Does not apply to the headless service, which is used for + # cluster-internal communication. publishNotReadyAddresses: true # The externalTrafficPolicy can be set to either Cluster or Local @@ -997,7 +1001,7 @@ csi: image: repository: "hashicorp/vault-csi-provider" - tag: "1.3.0" + tag: "1.4.0" pullPolicy: IfNotPresent # volumes is a list of volumes made available to all containers. These are rendered @@ -1061,6 +1065,17 @@ csi: # in a PodSpec. tolerations: [] + # nodeSelector labels for csi pod assignment, formatted as a multi-line string or YAML map. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + # Example: + # nodeSelector: + # beta.kubernetes.io/arch: amd64 + nodeSelector: {} + + # Affinity Settings + # This should be either a multi-line string or YAML matching the PodSpec's affinity field. + affinity: {} + # Extra labels to attach to the vault-csi-provider pod # This should be a YAML map of the labels to apply to the csi provider pod extraLabels: {} @@ -1071,7 +1086,7 @@ csi: image: repository: "hashicorp/vault" - tag: "1.13.1" + tag: "1.14.0" pullPolicy: IfNotPresent logFormat: standard @@ -1198,7 +1213,7 @@ serverTelemetry: selectors: {} # Some example rules. - rules: {} + rules: [] # - alert: vault-HighResponseTime # annotations: # message: The response time of Vault is over 500ms on average over the last 5 minutes. diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml index a65624dd7..1aafa0145 100644 --- a/charts/kubecost/cost-analyzer/Chart.yaml +++ b/charts/kubecost/cost-analyzer/Chart.yaml @@ -7,7 +7,7 @@ annotations: catalog.cattle.io/featured: "2" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 -appVersion: 1.104.1 +appVersion: 1.104.2 dependencies: - condition: global.grafana.enabled name: grafana @@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni cloud costs. icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer -version: 1.104.1 +version: 1.104.2 diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index 32e946335..cce353827 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -764,7 +764,7 @@ spec: value: {{ (quote .Values.kubecostModel.outOfClusterPromMetricsEnabled) | default (quote false) }} - name: CACHE_WARMING_ENABLED value: {{ (quote .Values.kubecostModel.warmCache) | default (quote true) }} - - name: SAVINGS_CACHE_WARMING_ENABLED + - name: SAVINGS_ENABLED value: {{ (quote .Values.kubecostModel.warmSavingsCache) | default (quote true) }} - name: ETL_ENABLED value: {{ (quote .Values.kubecostModel.etl) | default (quote true) }} diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml index 2b656980e..fcce01b96 100644 --- a/charts/kuma/kuma/Chart.yaml +++ b/charts/kuma/kuma/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/namespace: kuma-system catalog.cattle.io/release-name: kuma apiVersion: v2 -appVersion: 2.2.2 +appVersion: 2.3.0 description: A Helm chart for the Kuma Control Plane home: https://github.com/kumahq/kuma icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg @@ -20,4 +20,4 @@ maintainers: name: nickolaev name: kuma type: application -version: 2.2.2 +version: 2.3.0 diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md index 81ca544b9..4f2c668ca 100644 --- a/charts/kuma/kuma/README.md +++ b/charts/kuma/kuma/README.md @@ -2,7 +2,7 @@ A Helm chart for the Kuma Control Plane -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.2.2](https://img.shields.io/badge/Version-2.2.2-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) **Homepage:** @@ -19,6 +19,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.environment | string | `"kubernetes"` | Environment that control plane is run in, useful when running universal global control plane on k8s | | controlPlane.extraLabels | object | `{}` | Labels to add to resources in addition to default labels | | controlPlane.logLevel | string | `"info"` | Kuma CP log level: one of off,info,debug | +| controlPlane.logOutputPath | string | `""` | Kuma CP log output path: Defaults to /dev/stdout | | controlPlane.mode | string | `"standalone"` | Kuma CP modes: one of standalone,zone,global | | controlPlane.zone | string | `nil` | Kuma CP zone, if running multizone | | controlPlane.kdsGlobalAddress | string | `""` | Only used in `zone` mode | @@ -27,8 +28,8 @@ A Helm chart for the Kuma Control Plane | controlPlane.autoscaling.enabled | bool | `false` | Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster | | controlPlane.autoscaling.minReplicas | int | `2` | The minimum CP pods to allow | | controlPlane.autoscaling.maxReplicas | int | `5` | The max CP pods to scale to | -| controlPlane.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used | -| controlPlane.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2beta, use metrics | +| controlPlane.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2, autoscaling/v1 is used | +| controlPlane.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2, use metrics | | controlPlane.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for the Kuma Control Plane pods | | controlPlane.tolerations | list | `[]` | Tolerations for the Kuma Control Plane pods | | controlPlane.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget | @@ -36,6 +37,8 @@ A Helm chart for the Kuma Control Plane | controlPlane.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["{{ include \"kuma.name\" . }}-control-plane"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Control Plane pods. This is rendered as a template, so you can reference other helm variables or includes. | | controlPlane.topologySpreadConstraints | string | `nil` | Topology spread constraints rule for the Kuma Control Plane pods. This is rendered as a template, so you can use variables to generate match labels. | | controlPlane.injectorFailurePolicy | string | `"Fail"` | Failure policy of the mutating webhook implemented by the Kuma Injector component | +| controlPlane.service.apiServer.http.nodePort | int | `30681` | Port on which Http api server Service is exposed on Node for service of type NodePort | +| controlPlane.service.apiServer.https.nodePort | int | `30682` | Port on which Https api server Service is exposed on Node for service of type NodePort | | controlPlane.service.enabled | bool | `true` | Whether to create a service resource. | | controlPlane.service.name | string | `nil` | Optionally override of the Kuma Control Plane Service's name | | controlPlane.service.type | string | `"ClusterIP"` | Service type of the Kuma Control Plane | @@ -50,7 +53,9 @@ A Helm chart for the Kuma Control Plane | controlPlane.globalZoneSyncService.type | string | `"LoadBalancer"` | Service type of the Global-zone sync | | controlPlane.globalZoneSyncService.loadBalancerIP | string | `nil` | Optionally specify IP to be used by cloud provider when configuring load balancer | | controlPlane.globalZoneSyncService.annotations | object | `{}` | Additional annotations to put on the Global Zone Sync Service | +| controlPlane.globalZoneSyncService.nodePort | int | `30685` | Port on which Global Zone Sync Service is exposed on Node for service of type NodePort | | controlPlane.globalZoneSyncService.port | int | `5685` | Port on which Global Zone Sync Service is exposed | +| controlPlane.globalZoneSyncService.protocol | string | `"grpc"` | Protocol of the Global Zone Sync service port | | controlPlane.defaults.skipMeshCreation | bool | `false` | Whether to skip creating the default Mesh | | controlPlane.automountServiceAccountToken | bool | `true` | Whether to automountServiceAccountToken for cp. Optionally set to false | | controlPlane.resources | object | `{"limits":{"memory":"256Mi"},"requests":{"cpu":"500m","memory":"256Mi"}}` | Optionally override the resource spec | @@ -68,6 +73,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.tls.kdsZoneClient.secretName | string | `""` | Name of the K8s Secret resource that contains ca.crt which was used to sign the certificate of KDS Global Server. If you set this and don't set create=true, you have to create the secret manually. | | controlPlane.tls.kdsZoneClient.create | bool | `false` | Whether to create the TLS secret in helm. | | controlPlane.tls.kdsZoneClient.cert | string | `""` | CA bundle that was used to sign the certificate of KDS Global Server. | +| controlPlane.tls.kdsZoneClient.skipVerify | bool | `false` | If true, TLS cert of the server is not verified. | | controlPlane.image.pullPolicy | string | `"IfNotPresent"` | Kuma CP ImagePullPolicy | | controlPlane.image.repository | string | `"kuma-cp"` | Kuma CP image repository | | controlPlane.image.tag | string | `nil` | Kuma CP Image tag. When not specified, the value is copied from global.tag | @@ -90,6 +96,7 @@ A Helm chart for the Kuma Control Plane | cni.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the CNI pods | | cni.tolerations | list | `[]` | Tolerations for the CNI pods | | cni.podAnnotations | object | `{}` | Additional pod annotations | +| cni.namespace | string | `"kube-system"` | Set the CNI namespace | | cni.image.repository | string | `"kuma-cni"` | CNI image repository | | cni.image.tag | string | `nil` | CNI image tag - defaults to .Chart.AppVersion | | cni.image.imagePullPolicy | string | `"IfNotPresent"` | CNI image pull policy | @@ -102,7 +109,7 @@ A Helm chart for the Kuma Control Plane | cni.resources.requests.memory | string | `"100Mi"` | | | cni.resources.limits.memory | string | `"100Mi"` | | | cni.podSecurityContext | object | `{}` | Security context at the pod level for cni | -| cni.containerSecurityContext | object | `{}` | Security context at the container level for cni | +| cni.containerSecurityContext | object | `{"readOnlyRootFilesystem":true,"runAsGroup":0,"runAsNonRoot":false,"runAsUser":0}` | Security context at the container level for cni | | dataPlane.image.repository | string | `"kuma-dp"` | The Kuma DP image repository | | dataPlane.image.pullPolicy | string | `"IfNotPresent"` | Kuma DP ImagePullPolicy | | dataPlane.image.tag | string | `nil` | Kuma DP Image Tag. When not specified, the value is copied from global.tag | @@ -118,8 +125,8 @@ A Helm chart for the Kuma Control Plane | ingress.autoscaling.enabled | bool | `false` | Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster | | ingress.autoscaling.minReplicas | int | `2` | The minimum CP pods to allow | | ingress.autoscaling.maxReplicas | int | `5` | The max CP pods to scale to | -| ingress.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used | -| ingress.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2beta, use metrics | +| ingress.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2, autoscaling/v1 is used | +| ingress.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2, use metrics | | ingress.service.enabled | bool | `true` | Whether to create a Service resource. | | ingress.service.type | string | `"LoadBalancer"` | Service type of the Ingress | | ingress.service.loadBalancerIP | string | `nil` | Optionally specify IP to be used by cloud provider when configuring load balancer | @@ -143,8 +150,8 @@ A Helm chart for the Kuma Control Plane | egress.autoscaling.enabled | bool | `false` | Whether to enable Horizontal Pod Autoscaling, which requires the [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) in the cluster | | egress.autoscaling.minReplicas | int | `2` | The minimum CP pods to allow | | egress.autoscaling.maxReplicas | int | `5` | The max CP pods to scale to | -| egress.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used | -| egress.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2beta, use metrics | +| egress.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2, autoscaling/v1 is used | +| egress.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2, use metrics | | egress.resources.requests.cpu | string | `"50m"` | | | egress.resources.requests.memory | string | `"64Mi"` | | | egress.resources.limits.cpu | string | `"1000m"` | | @@ -184,6 +191,7 @@ A Helm chart for the Kuma Control Plane | experimental.ebpf.cgroupPath | string | `"/sys/fs/cgroup"` | Host's cgroup2 path | | experimental.ebpf.tcAttachIface | string | `""` | Name of the network interface which TC programs should be attached to, we'll try to automatically determine it if empty | | experimental.ebpf.programsSourcePath | string | `"/kuma/ebpf"` | Path where compiled eBPF programs which will be installed can be found | +| experimental.deltaKds | bool | `false` | If true, it uses new API for resource synchronization | | legacy.transparentProxy | bool | `false` | If true, use the legacy transparent proxy engine | | legacy.cni.enabled | bool | `false` | If true, it installs legacy version of the CNI | | legacy.cni.image.registry | string | `"docker.io/kumahq"` | CNI v1 image registry | diff --git a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml index 5990e8245..196b7c1db 100644 --- a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml +++ b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: circuitbreakers.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml index 41da5df68..20849b10b 100644 --- a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml +++ b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: containerpatches.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml index 5d22404d3..7e892d597 100644 --- a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: dataplaneinsights.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml index 72c1b9f3d..82cfefe31 100644 --- a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: dataplanes.kuma.io spec: group: kuma.io @@ -17,7 +16,26 @@ spec: singular: dataplane scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - description: Service tag of the first inbound + jsonPath: .spec.networking.inbound[0].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the second inbound + jsonPath: .spec.networking.inbound[1].tags['kuma\.io/service'] + name: kuma.io/service + type: string + - description: Service tag of the third inbound + jsonPath: .spec.networking.inbound[2].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + - description: Service tag of the fourth inbound + jsonPath: .spec.networking.inbound[3].tags['kuma\.io/service'] + name: kuma.io/service + priority: 1 + type: string + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -43,3 +61,4 @@ spec: type: object served: true storage: true + subresources: {} diff --git a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml index 0cf686d37..eed56190b 100644 --- a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml +++ b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: externalservices.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml index 9e0787cc7..ba4b468d5 100644 --- a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml +++ b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: faultinjections.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml index a99e65399..ca183c9b7 100644 --- a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml +++ b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: healthchecks.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml index 6cbb56292..a38c61452 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshaccesslogs.kuma.io spec: group: kuma.io @@ -69,6 +68,13 @@ spec: type: boolean plain: type: string + type: + enum: + - Plain + - Json + type: string + required: + - type type: object path: description: Path to a file that logs will be @@ -123,10 +129,25 @@ spec: type: boolean plain: type: string + type: + enum: + - Plain + - Json + type: string + required: + - type type: object required: - address type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type type: object type: array type: object @@ -141,7 +162,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify @@ -175,7 +196,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -225,6 +246,13 @@ spec: type: boolean plain: type: string + type: + enum: + - Plain + - Json + type: string + required: + - type type: object path: description: Path to a file that logs will be @@ -279,10 +307,25 @@ spec: type: boolean plain: type: string + type: + enum: + - Plain + - Json + type: string + required: + - type type: object required: - address type: object + type: + enum: + - Tcp + - File + - OpenTelemetry + type: string + required: + - type type: object type: array type: object @@ -297,7 +340,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml index 85563711c..6cf06361d 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshcircuitbreakers.kuma.io spec: group: kuma.io @@ -304,7 +303,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify @@ -338,7 +337,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -622,7 +621,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshes.yaml b/charts/kuma/kuma/crds/kuma.io_meshes.yaml index fb8050368..8e5f84539 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshes.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml index b21d4a0f8..b8f55fbb2 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshfaultinjections.kuma.io spec: group: kuma.io @@ -130,7 +129,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify @@ -164,7 +163,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml index 6a67aa18b..4b2958a61 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshgatewayinstances.kuma.io spec: group: kuma.io @@ -138,7 +137,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serviceTemplate: diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml index 560588a1d..032cffecb 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshgatewayroutes.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml index 38af9f6db..98f98f574 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshgateways.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml index 9f435206d..1ce431463 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshhealthchecks.kuma.io spec: group: kuma.io @@ -48,7 +47,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -273,7 +272,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml index 3b9811f77..d75796690 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshhttproutes.kuma.io spec: group: kuma.io @@ -48,7 +47,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -81,6 +80,8 @@ spec: properties: backendRefs: items: + description: BackendRef defines where to forward + traffic. properties: kind: description: Kind of the referenced resource @@ -89,7 +90,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use @@ -182,7 +183,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future @@ -366,6 +367,8 @@ spec: type: array type: object matches: + description: Matches describes how to match HTTP requests + this rule should be applied to. items: properties: headers: @@ -418,7 +421,7 @@ spec: type: enum: - Exact - - Prefix + - PathPrefix - RegularExpression type: string value: @@ -454,6 +457,7 @@ spec: type: object type: array type: object + minItems: 1 type: array required: - default @@ -471,7 +475,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml index fa23c4972..5391c4b88 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshinsights.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml b/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml index 05efec16d..d4861794d 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshloadbalancingstrategies.kuma.io spec: group: kuma.io @@ -49,7 +48,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -385,7 +384,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml index 10fa74e21..c6a223035 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshproxypatches.kuma.io spec: group: kuma.io @@ -478,7 +477,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross diff --git a/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml index 8a0aa46fc..84c03219e 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshratelimits.kuma.io spec: group: kuma.io @@ -168,7 +167,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify @@ -202,7 +201,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross diff --git a/charts/kuma/kuma/crds/kuma.io_meshretries.yaml b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml index 1acf4ae7e..a136c8fa0 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshretries.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshretries.kuma.io spec: group: kuma.io @@ -48,7 +47,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -367,7 +366,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml new file mode 100644 index 000000000..11b589189 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshtcproutes.yaml @@ -0,0 +1,165 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.0 + name: meshtcproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTCPRoute + listKind: MeshTCPRouteList + plural: meshtcproutes + singular: meshtcproute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTCPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in-place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + description: BackendRef defines where to forward + traffic. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + default: 1 + minimum: 0 + type: integer + type: object + minItems: 1 + type: array + required: + - backendRefs + type: object + required: + - default + type: object + maxItems: 1 + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshHTTPRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + minItems: 1 + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml index 9a02dfa36..c49cf77da 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshtimeouts.kuma.io spec: group: kuma.io @@ -99,7 +98,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify @@ -133,7 +132,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross @@ -213,7 +212,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify diff --git a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml index e7ecb2d6d..c6561b212 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshtraces.kuma.io spec: group: kuma.io @@ -79,6 +78,12 @@ spec: required: - endpoint type: object + type: + enum: + - Zipkin + - Datadog + - OpenTelemetry + type: string zipkin: description: Zipkin backend configuration. properties: @@ -103,6 +108,8 @@ spec: required: - url type: object + required: + - type type: object type: array sampling: @@ -188,7 +195,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross diff --git a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml index 2b719f883..83e1920c2 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: meshtrafficpermissions.kuma.io spec: group: kuma.io @@ -66,7 +65,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify @@ -100,7 +99,7 @@ spec: - MeshSubset - MeshService - MeshServiceSubset - - MeshGatewayRoute + - MeshHTTPRoute type: string mesh: description: Mesh is reserved for future use to identify cross diff --git a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml index 864d96f5e..6b05719d8 100644 --- a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml +++ b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: proxytemplates.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml index 82d4c8c61..2bd6dcacd 100644 --- a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml +++ b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: ratelimits.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_retries.yaml b/charts/kuma/kuma/crds/kuma.io_retries.yaml index 0b7de7950..01cb88902 100644 --- a/charts/kuma/kuma/crds/kuma.io_retries.yaml +++ b/charts/kuma/kuma/crds/kuma.io_retries.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: retries.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml index a7f4f40de..a85e134ce 100644 --- a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: serviceinsights.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml index b3053bfd1..a04dd9d6f 100644 --- a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml +++ b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: timeouts.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml index db227621c..2e1b5e864 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: trafficlogs.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml index a4a75fef5..820cf2b13 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: trafficpermissions.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml index 30a130203..b2ce22ebf 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: trafficroutes.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml index 5bec94b28..24bedcbe9 100644 --- a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml +++ b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: traffictraces.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml index 3d1fb6f0b..19e7be87c 100644 --- a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml +++ b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: virtualoutbounds.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml index 65d43e8a5..780d25682 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: zoneegresses.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml index 9fb06a25d..e1221ab49 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: zoneegressinsights.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml index 38a0f6b1b..c91cd56cb 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: zoneingresses.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml index 6bf360145..72a3a304f 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: zoneingressinsights.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml index 7bab4860b..92cf14ad6 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: zoneinsights.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/crds/kuma.io_zones.yaml b/charts/kuma/kuma/crds/kuma.io_zones.yaml index 6bae63852..09cb5d9c5 100644 --- a/charts/kuma/kuma/crds/kuma.io_zones.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zones.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: zones.kuma.io spec: group: kuma.io diff --git a/charts/kuma/kuma/templates/_helpers.tpl b/charts/kuma/kuma/templates/_helpers.tpl index 032068e5d..9b40b01dd 100644 --- a/charts/kuma/kuma/templates/_helpers.tpl +++ b/charts/kuma/kuma/templates/_helpers.tpl @@ -172,6 +172,9 @@ returns: formatted image string {{- define "kuma.parentEnv" -}} {{- end -}} +{{- define "kuma.parentSecrets" -}} +{{- end -}} + {{- define "kuma.defaultEnv" -}} {{ if (and (eq .Values.controlPlane.environment "universal") (not (eq .Values.controlPlane.mode "global"))) }} {{ fail "Currently you can only run universal mode on kubernetes in a global mode, this limitation might be lifted in the future" }} @@ -183,6 +186,14 @@ returns: formatted image string {{ if eq .Values.controlPlane.mode "zone" }} {{ if empty .Values.controlPlane.zone }} {{ fail "Can't have controlPlane.zone to be empty when controlPlane.mode=='zone'" }} + {{ else }} + {{ if gt (len .Values.controlPlane.zone) 253 }} + {{ fail "controlPlane.zone must be no more than 253 characters" }} + {{ else }} + {{ if not (regexMatch "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" .Values.controlPlane.zone) }} + {{ fail "controlPlane.zone must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" }} + {{ end }} + {{ end }} {{ end }} {{ if empty .Values.controlPlane.kdsGlobalAddress }} {{ fail "controlPlane.kdsGlobalAddress can't be empty when controlPlane.mode=='zone', needs to be the global control-plane address" }} @@ -295,6 +306,18 @@ env: - name: KUMA_RUNTIME_KUBERNETES_INJECTOR_EBPF_PROGRAMS_SOURCE_PATH value: {{ .Values.experimental.ebpf.programsSourcePath }} {{- end }} +{{- if .Values.experimental.deltaKds }} +- name: KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED + value: "true" +{{- end }} +{{- if .Values.controlPlane.tls.kdsZoneClient.skipVerify }} +- name: KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY + value: "true" +{{- end }} +{{- end }} + +{{- define "kuma.controlPlane.tls.general.caSecretName" -}} +{{ .Values.controlPlane.tls.general.caSecretName | default .Values.controlPlane.tls.general.secretName | default (printf "%s-tls-cert" (include "kuma.name" .)) | quote }} {{- end }} {{- define "kuma.universal.defaultEnv" -}} diff --git a/charts/kuma/kuma/templates/cni-daemonset.yaml b/charts/kuma/kuma/templates/cni-daemonset.yaml index 3ed4027af..db50240fd 100644 --- a/charts/kuma/kuma/templates/cni-daemonset.yaml +++ b/charts/kuma/kuma/templates/cni-daemonset.yaml @@ -3,11 +3,9 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: {{ include "kuma.name" . }}-cni-node - namespace: kube-system + namespace: {{ .Values.cni.namespace }} annotations: - ignore-check.kube-linter.io/host-network: "The containers modify the host's network namespace" - ignore-check.kube-linter.io/no-read-only-root-fs: "The containers modify the filesystem" - ignore-check.kube-linter.io/run-as-non-root: "The containers modify /proc" + ignore-check.kube-linter.io/run-as-non-root: "The container installs a CNI plugin" labels: {{- include "kuma.cniLabels" . | nindent 4 }} spec: selector: @@ -31,7 +29,7 @@ spec: # marks the pod as a critical add-on, ensuring it gets # priority scheduling and that its resources are reserved # if it ever gets evicted. - priorityClassName: system-cluster-critical + priorityClassName: system-node-critical {{- with .Values.cni.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} @@ -40,7 +38,6 @@ spec: tolerations: {{ toYaml . | nindent 8 }} {{- end }} - hostNetwork: true tolerations: # Make sure kuma-cni-node gets scheduled on all nodes. - effect: NoSchedule @@ -54,10 +51,8 @@ spec: # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. terminationGracePeriodSeconds: 5 - {{- if .Values.cni.podSecurityContext }} securityContext: - {{ toYaml .Values.cni.podSecurityContext | trim | nindent 8 }} - {{- end }} + {{- toYaml .Values.cni.podSecurityContext | trim | nindent 8 }} containers: - name: install-cni {{- if not .Values.legacy.cni.enabled }} @@ -97,14 +92,10 @@ spec: command: [ "/bin/sh", "-c", "--" ] args: [ "sleep {{.Values.cni.delayStartupSeconds}} && exec /install-cni.sh" ] {{- end }} - {{- if .Values.experimental.ebpf.enabled }} - securityContext: - privileged: true - {{- else }} - {{- if .Values.cni.containerSecurityContext }} securityContext: {{- toYaml .Values.cni.containerSecurityContext | trim | nindent 12 }} - {{- end }} + {{- if .Values.experimental.ebpf.enabled }} + privileged: true {{- end }} {{- if not .Values.experimental.ebpf.enabled }} env: @@ -141,6 +132,8 @@ spec: name: host-var-run mountPropagation: Bidirectional {{- end }} + - name: tmp + mountPath: /tmp volumes: # Used to install CNI. - name: cni-bin-dir @@ -160,4 +153,6 @@ spec: path: /proc name: host-proc {{- end }} + - name: tmp + emptyDir: {} {{- end }} diff --git a/charts/kuma/kuma/templates/cp-deployment.yaml b/charts/kuma/kuma/templates/cp-deployment.yaml index ea93dc572..d927c595f 100644 --- a/charts/kuma/kuma/templates/cp-deployment.yaml +++ b/charts/kuma/kuma/templates/cp-deployment.yaml @@ -25,6 +25,9 @@ {{- end }} {{- $envVarsCopy := deepCopy .Values.controlPlane.envVars }} {{- $mergedEnv := merge $envVarsCopy $defaultEnvDict }} +{{- $defaultSecrets := include "kuma.parentSecrets" . | fromYaml }} +{{- $extraSecrets := .Values.controlPlane.extraSecrets }} +{{- $mergedSecrets := merge $extraSecrets $defaultSecrets }} apiVersion: apps/v1 kind: Deployment @@ -148,6 +151,7 @@ spec: args: - run - --log-level={{ .Values.controlPlane.logLevel }} + - --log-output-path={{ .Values.controlPlane.logOutputPath }} - --config-file=/etc/kuma.io/kuma-control-plane/config.yaml ports: - containerPort: 5680 @@ -240,10 +244,11 @@ spec: mountPath: {{ $extraConfigMap.mountPath }} readOnly: {{ $extraConfigMap.readOnly }} {{- end }} - {{- range $extraSecret := .Values.controlPlane.extraSecrets }} - - name: {{ $extraSecret.name }} - mountPath: {{ $extraSecret.mountPath }} - readOnly: {{ $extraSecret.readOnly }} + {{- range $mergedSecret := $mergedSecrets }} + - name: {{ $mergedSecret.name }} + mountPath: {{ $mergedSecret.mountPath }} + subPath: {{ $mergedSecret.subPath }} + readOnly: {{ $mergedSecret.readOnly }} {{- end }} - name: tmp mountPath: /tmp @@ -322,10 +327,10 @@ spec: configMap: name: {{ $extraConfigMap.name }} {{- end }} - {{- range $extraSecret := .Values.controlPlane.extraSecrets }} - - name: {{ $extraSecret.name }} + {{- range $mergedSecret := $mergedSecrets }} + - name: {{ $mergedSecret.name }} secret: - secretName: {{ $extraSecret.name }} + secretName: {{ $mergedSecret.name }} {{- end }} - name: tmp emptyDir: {} diff --git a/charts/kuma/kuma/templates/cp-global-sync-service.yaml b/charts/kuma/kuma/templates/cp-global-sync-service.yaml index 4a99d2a18..2ca90b482 100644 --- a/charts/kuma/kuma/templates/cp-global-sync-service.yaml +++ b/charts/kuma/kuma/templates/cp-global-sync-service.yaml @@ -16,10 +16,10 @@ spec: {{- end }} ports: - port: {{ .Values.controlPlane.globalZoneSyncService.port }} - appProtocol: grpc - {{- if eq .Values.controlPlane.globalZoneSyncService.type "NodePort" }} - nodePort: 30685 - {{- end }} + appProtocol: {{ .Values.controlPlane.globalZoneSyncService.protocol }} + {{- if and (eq .Values.controlPlane.globalZoneSyncService.type "NodePort") .Values.controlPlane.globalZoneSyncService.nodePort }} + nodePort: {{ .Values.controlPlane.globalZoneSyncService.nodePort }} + {{- end }} name: global-zone-sync selector: app: {{ include "kuma.name" . }}-control-plane diff --git a/charts/kuma/kuma/templates/cp-hpa.yaml b/charts/kuma/kuma/templates/cp-hpa.yaml index 64ac8d7a0..dc4981020 100644 --- a/charts/kuma/kuma/templates/cp-hpa.yaml +++ b/charts/kuma/kuma/templates/cp-hpa.yaml @@ -1,6 +1,6 @@ {{- if .Values.controlPlane.autoscaling.enabled }} -{{ if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} -apiVersion: "autoscaling/v2beta2" +{{ if .Capabilities.APIVersions.Has "autoscaling/v2" }} +apiVersion: "autoscaling/v2" {{ else }} apiVersion: "autoscaling/v1" {{ end }} @@ -16,7 +16,7 @@ spec: name: {{ include "kuma.name" . }}-control-plane minReplicas: {{ .Values.controlPlane.autoscaling.minReplicas }} maxReplicas: {{ .Values.controlPlane.autoscaling.maxReplicas }} - {{ if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} + {{ if .Capabilities.APIVersions.Has "autoscaling/v2" }} metrics: {{- toYaml .Values.controlPlane.autoscaling.metrics | nindent 4 }} {{ else }} targetCPUUtilizationPercentage: {{ .Values.controlPlane.autoscaling.targetCPUUtilizationPercentage }} diff --git a/charts/kuma/kuma/templates/cp-service.yaml b/charts/kuma/kuma/templates/cp-service.yaml index d82880c7b..ab05755c8 100644 --- a/charts/kuma/kuma/templates/cp-service.yaml +++ b/charts/kuma/kuma/templates/cp-service.yaml @@ -20,22 +20,28 @@ spec: - port: 5681 name: http-api-server appProtocol: http + {{- if and (eq .Values.controlPlane.service.type "NodePort") .Values.controlPlane.service.apiServer.http.nodePort }} + nodePort: {{ .Values.controlPlane.service.apiServer.http.nodePort }} + {{- end }} - port: 5682 name: https-api-server - appProtocol: http + appProtocol: https + {{- if and (eq .Values.controlPlane.service.type "NodePort") .Values.controlPlane.service.apiServer.https.nodePort }} + nodePort: {{ .Values.controlPlane.service.apiServer.https.nodePort }} + {{- end }} {{- if ne .Values.controlPlane.environment "universal" }} - port: 443 name: https-admission-server targetPort: {{ .Values.controlPlane.admissionServerPort | default "5443" }} - appProtocol: http + appProtocol: https {{- end }} {{- if ne .Values.controlPlane.mode "global" }} - port: 5676 name: mads-server - appProtocol: http + appProtocol: https - port: 5678 name: dp-server - appProtocol: http + appProtocol: https {{- end }} selector: app: {{ include "kuma.name" . }}-control-plane diff --git a/charts/kuma/kuma/templates/egress-deployment.yaml b/charts/kuma/kuma/templates/egress-deployment.yaml index e3265b7ce..c282203d7 100644 --- a/charts/kuma/kuma/templates/egress-deployment.yaml +++ b/charts/kuma/kuma/templates/egress-deployment.yaml @@ -104,7 +104,7 @@ spec: volumes: - name: control-plane-ca secret: - secretName: {{.Values.controlPlane.tls.general.caSecretName | default (printf "%s-tls-cert" (include "kuma.name" .)) | quote }} + secretName: {{ include "kuma.controlPlane.tls.general.caSecretName" . }} items: - key: ca.crt path: ca.crt diff --git a/charts/kuma/kuma/templates/egress-hpa.yaml b/charts/kuma/kuma/templates/egress-hpa.yaml index 9753c3164..8d4284f41 100644 --- a/charts/kuma/kuma/templates/egress-hpa.yaml +++ b/charts/kuma/kuma/templates/egress-hpa.yaml @@ -1,6 +1,6 @@ {{- if .Values.egress.autoscaling.enabled }} -{{ if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} -apiVersion: "autoscaling/v2beta2" +{{ if .Capabilities.APIVersions.Has "autoscaling/v2" }} +apiVersion: "autoscaling/v2" {{ else }} apiVersion: "autoscaling/v1" {{ end }} @@ -16,7 +16,7 @@ spec: name: {{ include "kuma.name" . }}-egress minReplicas: {{ .Values.egress.autoscaling.minReplicas }} maxReplicas: {{ .Values.egress.autoscaling.maxReplicas }} - {{ if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} + {{ if .Capabilities.APIVersions.Has "autoscaling/v2" }} metrics: {{- toYaml .Values.egress.autoscaling.metrics | nindent 4 }} {{ else }} targetCPUUtilizationPercentage: {{ .Values.egress.autoscaling.targetCPUUtilizationPercentage }} diff --git a/charts/kuma/kuma/templates/ingress-deployment.yaml b/charts/kuma/kuma/templates/ingress-deployment.yaml index 82c5ea3ad..b301c8f4e 100644 --- a/charts/kuma/kuma/templates/ingress-deployment.yaml +++ b/charts/kuma/kuma/templates/ingress-deployment.yaml @@ -108,7 +108,7 @@ spec: volumes: - name: control-plane-ca secret: - secretName: {{.Values.controlPlane.tls.general.caSecretName | default (printf "%s-tls-cert" (include "kuma.name" .)) | quote }} + secretName: {{ include "kuma.controlPlane.tls.general.caSecretName" . }} items: - key: ca.crt path: ca.crt diff --git a/charts/kuma/kuma/templates/ingress-hpa.yaml b/charts/kuma/kuma/templates/ingress-hpa.yaml index 1d49f1c60..4aaeabe67 100644 --- a/charts/kuma/kuma/templates/ingress-hpa.yaml +++ b/charts/kuma/kuma/templates/ingress-hpa.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.autoscaling.enabled }} -{{ if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} -apiVersion: "autoscaling/v2beta2" +{{ if .Capabilities.APIVersions.Has "autoscaling/v2" }} +apiVersion: "autoscaling/v2" {{ else }} apiVersion: "autoscaling/v1" {{ end }} @@ -16,7 +16,7 @@ spec: name: {{ include "kuma.name" . }}-ingress minReplicas: {{ .Values.ingress.autoscaling.minReplicas }} maxReplicas: {{ .Values.ingress.autoscaling.maxReplicas }} - {{ if .Capabilities.APIVersions.Has "autoscaling/v2beta2" }} + {{ if .Capabilities.APIVersions.Has "autoscaling/v2" }} metrics: {{- toYaml .Values.ingress.autoscaling.metrics | nindent 4 }} {{ else }} targetCPUUtilizationPercentage: {{ .Values.ingress.autoscaling.targetCPUUtilizationPercentage }} diff --git a/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml b/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml index 3830f07a6..162ee5e37 100644 --- a/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml +++ b/charts/kuma/kuma/templates/pre-upgrade-install-crds-job.yaml @@ -84,7 +84,7 @@ data: fi save_crds.sh: | set -e - + crds="$(kumactl install crds --no-config {{ if .Values.experimental.gatewayAPI }}--experimental-gatewayapi{{end}})" if [ -n "${crds}" ]; then @@ -133,8 +133,7 @@ spec: limits: cpu: "100m" memory: "256Mi" - command: - - '/kuma/scripts/install_crds.sh' + command: ["/kuma/scripts/install_crds.sh"] volumeMounts: - mountPath: /kuma/crds name: crds @@ -160,8 +159,8 @@ spec: - mountPath: /kuma/scripts name: scripts readOnly: true - args: - - '/kuma/scripts/save_crds.sh' + command: ["sh", "-c"] + args: ["/kuma/scripts/save_crds.sh"] volumes: - name: scripts configMap: diff --git a/charts/kuma/kuma/values.yaml b/charts/kuma/kuma/values.yaml index 2509d4d9b..0e614861d 100644 --- a/charts/kuma/kuma/values.yaml +++ b/charts/kuma/kuma/values.yaml @@ -27,6 +27,9 @@ controlPlane: # -- Kuma CP log level: one of off,info,debug logLevel: "info" + # -- Kuma CP log output path: Defaults to /dev/stdout + logOutputPath: "" + # -- Kuma CP modes: one of standalone,zone,global mode: "standalone" @@ -52,9 +55,9 @@ controlPlane: # -- The max CP pods to scale to maxReplicas: 5 - # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used targetCPUUtilizationPercentage: 80 - # -- For clusters that do support autoscaling/v2beta, use metrics + # -- For clusters that do support autoscaling/v2, use metrics metrics: - type: Resource resource: @@ -108,6 +111,14 @@ controlPlane: injectorFailurePolicy: Fail service: + apiServer: + http: + # -- Port on which Http api server Service is exposed on Node for service of type NodePort + nodePort: 30681 + https: + # -- Port on which Https api server Service is exposed on Node for service of type NodePort + nodePort: 30682 + # -- Whether to create a service resource. enabled: true @@ -147,8 +158,12 @@ controlPlane: loadBalancerIP: # -- Additional annotations to put on the Global Zone Sync Service annotations: { } + # -- Port on which Global Zone Sync Service is exposed on Node for service of type NodePort + nodePort: 30685 # -- Port on which Global Zone Sync Service is exposed port: 5685 + # -- Protocol of the Global Zone Sync service port + protocol: grpc defaults: # -- Whether to skip creating the default Mesh @@ -220,6 +235,8 @@ controlPlane: create: false # -- CA bundle that was used to sign the certificate of KDS Global Server. cert: "" + # -- If true, TLS cert of the server is not verified. + skipVerify: false image: # -- Kuma CP ImagePullPolicy @@ -303,6 +320,8 @@ cni: tolerations: [] # -- Additional pod annotations podAnnotations: { } + # -- Set the CNI namespace + namespace: kube-system image: # -- CNI image repository @@ -334,27 +353,13 @@ cni: # -- Security context at the pod level for cni podSecurityContext: {} -# # The values below are examples. More values can be added as needed, since the field resolves as free form. -# runAsNonRoot: true -# runAsUser: 1000 -# runAsGroup: 3000 -# fsGroup: 2000 -# fsGroupChangePolicy: -# # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core # -- Security context at the container level for cni - containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence -# # The values below are examples. More values can be added as needed, since the field resolves as free form. -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - all -# readOnlyRootFilesystem: true -# privileged: false -# runAsNonRoot: true -# runAsUser: 1000 -# runAsGroup: 3000 -# # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core + containerSecurityContext: + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 dataPlane: image: @@ -411,9 +416,9 @@ ingress: # -- The max CP pods to scale to maxReplicas: 5 - # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used targetCPUUtilizationPercentage: 80 - # -- For clusters that do support autoscaling/v2beta, use metrics + # -- For clusters that do support autoscaling/v2, use metrics metrics: - type: Resource resource: @@ -509,9 +514,9 @@ egress: # -- The max CP pods to scale to maxReplicas: 5 - # -- For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used + # -- For clusters that don't support autoscaling/v2, autoscaling/v1 is used targetCPUUtilizationPercentage: 80 - # -- For clusters that do support autoscaling/v2beta, use metrics + # -- For clusters that do support autoscaling/v2, use metrics metrics: - type: Resource resource: @@ -652,6 +657,8 @@ experimental: tcAttachIface: "" # -- Path where compiled eBPF programs which will be installed can be found programsSourcePath: /kuma/ebpf + # -- If true, it uses new API for resource synchronization + deltaKds: false legacy: # -- If true, use the legacy transparent proxy engine @@ -701,6 +708,7 @@ plugins: meshproxypatches: {} meshratelimits: {} meshretries: {} + meshtcproutes: {} meshtimeouts: {} meshtraces: {} meshtrafficpermissions: {} diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index cea642e4c..a44985a04 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: nats apiVersion: v2 -appVersion: 2.9.18 +appVersion: 2.9.19 description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. home: http://github.com/nats-io/k8s @@ -18,4 +18,4 @@ maintainers: name: The NATS Authors url: https://github.com/nats-io name: nats -version: 0.19.15 +version: 0.19.16 diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index 7c26fdbf5..2d7e643f1 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -6,7 +6,7 @@ nats: image: repository: nats - tag: 2.9.18-alpine + tag: 2.9.19-alpine pullPolicy: IfNotPresent # registry: docker.io diff --git a/charts/new-relic/nri-bundle/Chart.lock b/charts/new-relic/nri-bundle/Chart.lock index 0aab180e4..91a520535 100644 --- a/charts/new-relic/nri-bundle/Chart.lock +++ b/charts/new-relic/nri-bundle/Chart.lock @@ -1,16 +1,16 @@ dependencies: - name: newrelic-infrastructure repository: https://newrelic.github.io/nri-kubernetes - version: 3.20.0 + version: 3.20.1 - name: nri-prometheus repository: https://newrelic.github.io/nri-prometheus - version: 2.1.16 + version: 2.1.17 - name: newrelic-prometheus-agent repository: https://newrelic.github.io/newrelic-prometheus-configurator version: 1.2.2 - name: nri-metadata-injection repository: https://newrelic.github.io/k8s-metadata-injection - version: 4.3.1 + version: 4.3.2 - name: newrelic-k8s-metrics-adapter repository: https://newrelic.github.io/newrelic-k8s-metrics-adapter version: 1.2.1 @@ -19,18 +19,18 @@ dependencies: version: 4.23.0 - name: nri-kube-events repository: https://newrelic.github.io/nri-kube-events - version: 3.1.0 + version: 3.1.2 - name: newrelic-logging repository: https://newrelic.github.io/helm-charts version: 1.14.2 - name: newrelic-pixie repository: https://newrelic.github.io/helm-charts - version: 2.1.1 + version: 2.1.2 - name: pixie-operator-chart repository: https://pixie-operator-charts.storage.googleapis.com version: 0.1.4 - name: newrelic-infra-operator repository: https://newrelic.github.io/newrelic-infra-operator - version: 2.2.1 -digest: sha256:c67084b781f3a0a9002d9420c65b52ae375d836810f5c6cb26b78bd52f556e5d -generated: "2023-06-21T20:45:09.905627656Z" + version: 2.2.2 +digest: sha256:b8faa679e0468c47730eed1d5a819add368db64a71da298cd8960d981ee16f9f +generated: "2023-06-23T21:08:01.803816734Z" diff --git a/charts/new-relic/nri-bundle/Chart.yaml b/charts/new-relic/nri-bundle/Chart.yaml index 7e1a94310..83c26d84f 100644 --- a/charts/new-relic/nri-bundle/Chart.yaml +++ b/charts/new-relic/nri-bundle/Chart.yaml @@ -7,11 +7,11 @@ dependencies: - condition: infrastructure.enabled,newrelic-infrastructure.enabled name: newrelic-infrastructure repository: file://./charts/newrelic-infrastructure - version: 3.20.0 + version: 3.20.1 - condition: prometheus.enabled,nri-prometheus.enabled name: nri-prometheus repository: file://./charts/nri-prometheus - version: 2.1.16 + version: 2.1.17 - condition: newrelic-prometheus-agent.enabled name: newrelic-prometheus-agent repository: file://./charts/newrelic-prometheus-agent @@ -19,7 +19,7 @@ dependencies: - condition: webhook.enabled,nri-metadata-injection.enabled name: nri-metadata-injection repository: file://./charts/nri-metadata-injection - version: 4.3.1 + version: 4.3.2 - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled name: newrelic-k8s-metrics-adapter repository: file://./charts/newrelic-k8s-metrics-adapter @@ -31,7 +31,7 @@ dependencies: - condition: kubeEvents.enabled,nri-kube-events.enabled name: nri-kube-events repository: file://./charts/nri-kube-events - version: 3.1.0 + version: 3.1.2 - condition: logging.enabled,newrelic-logging.enabled name: newrelic-logging repository: file://./charts/newrelic-logging @@ -39,7 +39,7 @@ dependencies: - condition: newrelic-pixie.enabled name: newrelic-pixie repository: file://./charts/newrelic-pixie - version: 2.1.1 + version: 2.1.2 - alias: pixie-chart condition: pixie-chart.enabled name: pixie-operator-chart @@ -48,7 +48,7 @@ dependencies: - condition: newrelic-infra-operator.enabled name: newrelic-infra-operator repository: file://./charts/newrelic-infra-operator - version: 2.2.1 + version: 2.2.2 description: Groups together the individual charts for the New Relic Kubernetes solution for a more comfortable deployment. home: https://github.com/newrelic/helm-charts @@ -89,4 +89,4 @@ sources: - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator -version: 5.0.20 +version: 5.0.22 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml index a2386ee77..2fe6027e6 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.10.1 +appVersion: 0.10.2 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -32,4 +32,4 @@ name: newrelic-infra-operator sources: - https://github.com/newrelic/newrelic-infra-operator - https://github.com/newrelic/newrelic-infra-operator/tree/main/charts/newrelic-infra-operator -version: 2.2.1 +version: 2.2.2 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml index 676d12c6d..021bf9d42 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infra-operator/values.yaml @@ -140,7 +140,7 @@ config: # @default -- See `values.yaml` image: repository: newrelic/infrastructure-k8s - tag: 2.13.7-unprivileged + tag: 2.13.10-unprivileged pullPolicy: IfNotPresent # -- configSelectors is the way to configure resource requirements and extra envVars of the injected sidecar container. diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml index a0fc1e4e2..5748a7a52 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 3.15.0 +appVersion: 3.15.1 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kubernetes/ - https://github.com/newrelic/nri-kubernetes/tree/main/charts/newrelic-infrastructure - https://github.com/newrelic/infrastructure-agent/ -version: 3.20.0 +version: 3.20.1 diff --git a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml index ab149bb74..5954b5934 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-infrastructure/values.yaml @@ -23,14 +23,14 @@ images: forwarder: registry: "" repository: newrelic/k8s-events-forwarder - tag: 1.43.0 + tag: 1.43.1 pullPolicy: IfNotPresent # -- Image for the New Relic Infrastructure Agent plus integrations. # @default -- See `values.yaml` agent: registry: "" repository: newrelic/infrastructure-bundle - tag: 3.2.7 + tag: 3.2.9 pullPolicy: IfNotPresent # -- Image for the New Relic Kubernetes integration. # @default -- See `values.yaml` diff --git a/charts/new-relic/nri-bundle/charts/newrelic-pixie/Chart.yaml b/charts/new-relic/nri-bundle/charts/newrelic-pixie/Chart.yaml index fecc29371..79a72b7a7 100644 --- a/charts/new-relic/nri-bundle/charts/newrelic-pixie/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/newrelic-pixie/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 2.1.3 +appVersion: 2.1.4 description: A Helm chart for the New Relic Pixie integration. home: https://hub.docker.com/u/newrelic icon: https://newrelic.com/assets/newrelic/source/NewRelic-logo-square.svg @@ -20,4 +20,4 @@ maintainers: name: newrelic-pixie sources: - https://github.com/newrelic/ -version: 2.1.1 +version: 2.1.2 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml index 839ae3273..ebc052482 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.1.0 +appVersion: 2.1.2 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -35,4 +35,4 @@ sources: - https://github.com/newrelic/nri-kube-events/ - https://github.com/newrelic/nri-kube-events/tree/main/charts/nri-kube-events - https://github.com/newrelic/infrastructure-agent/ -version: 3.1.0 +version: 3.1.2 diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md index e8e8cac35..bf0e0faf9 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/README.md @@ -1,6 +1,6 @@ # nri-kube-events -![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 3.1.2](https://img.shields.io/badge/Version-3.1.2-informational?style=flat-square) ![AppVersion: 2.1.2](https://img.shields.io/badge/AppVersion-2.1.2-informational?style=flat-square) A Helm chart to deploy the New Relic Kube Events router diff --git a/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml b/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml index 126b87a74..edd5d5c12 100644 --- a/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-kube-events/values.yaml @@ -27,7 +27,7 @@ images: agent: registry: repository: newrelic/k8s-events-forwarder - tag: 1.42.1 + tag: 1.43.1 pullPolicy: IfNotPresent # -- The secrets that are needed to pull images from a custom registry. pullSecrets: [] diff --git a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml index 7f648eda3..ba9fca4be 100644 --- a/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-metadata-injection/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.10.1 +appVersion: 1.10.2 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -34,4 +34,4 @@ name: nri-metadata-injection sources: - https://github.com/newrelic/k8s-metadata-injection - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection -version: 4.3.1 +version: 4.3.2 diff --git a/charts/new-relic/nri-bundle/charts/nri-prometheus/Chart.yaml b/charts/new-relic/nri-bundle/charts/nri-prometheus/Chart.yaml index f44c6d3c1..46d4d796a 100644 --- a/charts/new-relic/nri-bundle/charts/nri-prometheus/Chart.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-prometheus/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.18.0 +appVersion: 2.18.4 dependencies: - name: common-library repository: https://helm-charts.newrelic.com @@ -32,4 +32,4 @@ name: nri-prometheus sources: - https://github.com/newrelic/nri-prometheus - https://github.com/newrelic/nri-prometheus/tree/main/charts/nri-prometheus -version: 2.1.16 +version: 2.1.17 diff --git a/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/configmap_test.yaml b/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/configmap_test.yaml index 78a12726f..ae7d921fe 100644 --- a/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/configmap_test.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/configmap_test.yaml @@ -9,7 +9,7 @@ tests: cluster: my-cluster-name asserts: - equal: - path: data.config\.yaml + path: data["config.yaml"] value: |- cluster_name: my-cluster-name audit: false @@ -28,7 +28,7 @@ tests: lowDataMode: true asserts: - equal: - path: data.config\.yaml + path: data["config.yaml"] value: |- cluster_name: my-cluster-name audit: false @@ -61,7 +61,7 @@ tests: container_name: containerName asserts: - equal: - path: data.config\.yaml + path: data["config.yaml"] value: |- cluster_name: my-cluster-name audit: false diff --git a/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/deployment_test.yaml b/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/deployment_test.yaml index 3c280b554..cb6f90340 100644 --- a/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/deployment_test.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/deployment_test.yaml @@ -13,11 +13,11 @@ tests: cluster: test asserts: - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/instance] + path: spec.template.metadata.labels["app.kubernetes.io/instance"] value: release template: templates/deployment.yaml - equal: - path: spec.template.metadata.labels.[app.kubernetes.io/name] + path: spec.template.metadata.labels["app.kubernetes.io/name"] value: nri-prometheus template: templates/deployment.yaml - equal: @@ -26,7 +26,7 @@ tests: app.kubernetes.io/name: nri-prometheus template: templates/deployment.yaml - isNotEmpty: - path: spec.template.metadata.annotations.[checksum/config] + path: spec.template.metadata.annotations["checksum/config"] template: templates/deployment.yaml - it: adds METRIC_API_URL when nrStaging is true. diff --git a/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/labels_test.yaml b/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/labels_test.yaml index 3f9f29a27..2b6cb53bb 100644 --- a/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/labels_test.yaml +++ b/charts/new-relic/nri-bundle/charts/nri-prometheus/tests/labels_test.yaml @@ -18,15 +18,15 @@ tests: cluster: test asserts: - equal: - path: metadata.labels.[app.kubernetes.io/instance] + path: metadata.labels["app.kubernetes.io/instance"] value: release - equal: - path: metadata.labels.[app.kubernetes.io/managed-by] + path: metadata.labels["app.kubernetes.io/managed-by"] value: Helm - equal: - path: metadata.labels.[app.kubernetes.io/name] + path: metadata.labels["app.kubernetes.io/name"] value: nri-prometheus - isNotEmpty: - path: metadata.labels.[app.kubernetes.io/version] + path: metadata.labels["app.kubernetes.io/version"] - isNotEmpty: - path: metadata.labels.[helm.sh/chart] + path: metadata.labels["helm.sh/chart"] diff --git a/charts/redpanda/redpanda/Chart.lock b/charts/redpanda/redpanda/Chart.lock index 0e01f84e7..8c262d2f5 100644 --- a/charts/redpanda/redpanda/Chart.lock +++ b/charts/redpanda/redpanda/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.redpanda.com version: 0.6.6 digest: sha256:af20a82c5cb646895892b783bdcfc50ca41f3f67ec14606c40236969c6a166e4 -generated: "2023-06-22T15:05:08.850034033Z" +generated: "2023-06-23T22:15:54.816600035Z" diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 5c16b2884..932cf9d51 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -33,4 +33,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 4.0.45 +version: 4.0.47 diff --git a/charts/redpanda/redpanda/templates/configmap.yaml b/charts/redpanda/redpanda/templates/configmap.yaml index 93b73da0d..14e0260d7 100644 --- a/charts/redpanda/redpanda/templates/configmap.yaml +++ b/charts/redpanda/redpanda/templates/configmap.yaml @@ -118,7 +118,7 @@ data: superusers: {{ toJson $users }} {{- end }} {{- with (dig "cluster" dict .Values.config) }} - {{- range $key, $element := .}} + {{- range $key, $element := . }} {{- if or (eq (typeOf $element) "bool") $element }} {{ $key }}: {{ $element | toYaml }} {{- end }} @@ -429,6 +429,9 @@ data: {{- /* END LISTENERS */}} rpk: +{{- with (dig "rpk" dict .Values.config) }} + {{- . | toYaml | nindent 6}} +{{- end }} enable_usage_stats: {{ .Values.logging.usageStats.enabled }} overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }} enable_memory_locking: {{ dig "memory" "enable_memory_locking" false .Values.resources }} diff --git a/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml b/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml index df5637103..8b5d43bd6 100644 --- a/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-loadbalancer-tls.yaml @@ -30,7 +30,7 @@ metadata: "helm.sh/hook": test "helm.sh/hook-delete-policy": before-hook-creation spec: - serviceAccountName: redpanda-user + serviceAccountName: test-loadbalancer-tls-redpanda restartPolicy: Never securityContext: runAsUser: 65535 @@ -149,4 +149,48 @@ spec: secretName: {{ template "cert-secret-name" $r }} {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-loadbalancer-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: test-loadbalancer-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-loadbalancer-tls-redpanda +subjects: + - kind: ServiceAccount + name: test-loadbalancer-tls-redpanda + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: test-loadbalancer-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +rules: + - apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + {{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml b/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml index 9a2820671..8dfe704a6 100644 --- a/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-nodeport-tls.yaml @@ -30,7 +30,7 @@ metadata: "helm.sh/hook": test "helm.sh/hook-delete-policy": before-hook-creation spec: - serviceAccountName: redpanda-user + serviceAccountName: test-nodeport-tls-redpanda restartPolicy: Never securityContext: runAsUser: 65535 @@ -150,4 +150,48 @@ spec: secretName: {{ template "cert-secret-name" $r }} {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: test-nodeport-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: test-nodeport-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: test-nodeport-tls-redpanda +subjects: + - kind: ServiceAccount + name: test-nodeport-tls-redpanda + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: test-nodeport-tls-redpanda + annotations: + helm.sh/hook-weight: "-100" + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation +rules: + - apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + {{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index cebce578d..3b2f6dcbc 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -1146,6 +1146,9 @@ }, "node": { "type": "object" + }, + "rpk": { + "type": "object" } } } diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index 33087bbd2..e3b196f60 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -765,6 +765,8 @@ listeners: # For descriptions of these properties, # see the [configuration documentation](https://docs.redpanda.com/docs/cluster-administration/configuration/). config: + rpk: {} + # additional_start_flags: # List of flags to pass to rpk, e.g., ` "--idle-poll-time-us=0"` cluster: {} # auto_create_topics_enabled: true # Allow topic auto creation # transaction_coordinator_replication: 1 # Replication factor for a transaction coordinator topic diff --git a/charts/sysdig/sysdig/CHANGELOG.md b/charts/sysdig/sysdig/CHANGELOG.md index 00e3d5cfb..7b23bf80f 100644 --- a/charts/sysdig/sysdig/CHANGELOG.md +++ b/charts/sysdig/sysdig/CHANGELOG.md @@ -10,6 +10,12 @@ Manual edits are supported only below '## Change Log' and should be used exclusively to fix incorrect entries and not to add new ones. ## Change Log +# v1.15.93 +### Chores +* **sysdig, node-analyzer** [706d562f](https://github.com/sysdiglabs/charts/commit/706d562f3d473f88fd1d257974cd3a127d672a2a): bump sysdig/vuln-runtime-scanner to v1.5.1 ([#1187](https://github.com/sysdiglabs/charts/issues/1187)) + + * Runtimescanner bumped to 1.5.1 +- Fix for CVE-2023-2253 # v1.15.92 ### Chores * **sysdig, node-analyzer** [f9c8e102](https://github.com/sysdiglabs/charts/commit/f9c8e1028b4b4e79aba10e72f762f14956d54273): bump sysdig/vuln-runtime-scanner to v1.5 ([#1160](https://github.com/sysdiglabs/charts/issues/1160)) diff --git a/charts/sysdig/sysdig/Chart.yaml b/charts/sysdig/sysdig/Chart.yaml index 09702e1e3..ea821d754 100644 --- a/charts/sysdig/sysdig/Chart.yaml +++ b/charts/sysdig/sysdig/Chart.yaml @@ -29,4 +29,4 @@ name: sysdig sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig -version: 1.15.92 +version: 1.15.93 diff --git a/charts/sysdig/sysdig/README.md b/charts/sysdig/sysdig/README.md index 846d447ad..0bb5aae81 100644 --- a/charts/sysdig/sysdig/README.md +++ b/charts/sysdig/sysdig/README.md @@ -194,7 +194,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | `nodeAnalyzer.runtimeScanner.deploy` | Deploy the Runtime Scanner | `false` | | `nodeAnalyzer.runtimeScanner.extraMounts` | Specify a container engine custom socket path (docker, containerd, CRI-O) | | | `nodeAnalyzer.runtimeScanner.image.repository` | The image repository to pull the Runtime Scanner from | `sysdig/vuln-runtime-scanner` | -| `nodeAnalyzer.runtimeScanner.image.tag` | The image tag to pull the Runtime Scanner | `1.5` | +| `nodeAnalyzer.runtimeScanner.image.tag` | The image tag to pull the Runtime Scanner | `1.5.1` | | `nodeAnalyzer.runtimeScanner.image.digest` | The image digest to pull | ` ` | | `nodeAnalyzer.runtimeScanner.image.pullPolicy` | The image pull policy for the Runtime Scanner | `IfNotPresent` | | `nodeAnalyzer.runtimeScanner.resources.requests.cpu` | Runtime Scanner CPU requests per node | `250m` | diff --git a/charts/sysdig/sysdig/RELEASE-NOTES.md b/charts/sysdig/sysdig/RELEASE-NOTES.md index 7da3e1505..fe943f162 100644 --- a/charts/sysdig/sysdig/RELEASE-NOTES.md +++ b/charts/sysdig/sysdig/RELEASE-NOTES.md @@ -1,10 +1,9 @@ # What's Changed ### Chores -- **sysdig, node-analyzer** [f9c8e102](https://github.com/sysdiglabs/charts/commit/f9c8e1028b4b4e79aba10e72f762f14956d54273): bump sysdig/vuln-runtime-scanner to v1.5 ([#1160](https://github.com/sysdiglabs/charts/issues/1160)) +- **sysdig, node-analyzer** [706d562f](https://github.com/sysdiglabs/charts/commit/706d562f3d473f88fd1d257974cd3a127d672a2a): bump sysdig/vuln-runtime-scanner to v1.5.1 ([#1187](https://github.com/sysdiglabs/charts/issues/1187)) - * * Runtimescanner bumped to 1.5 - * Updated the analyzer to inspects also vendor paths - * Added support to apply image based accepts for all versions of the image, that image in a specific registry & repository, as well as a contain string for customized subsets of the environment + * Runtimescanner bumped to 1.5.1 +- Fix for CVE-2023-2253 -#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.8.21...sysdig-1.15.92 +#### Full diff: https://github.com/sysdiglabs/charts/compare/sysdig-deploy-1.8.27...sysdig-1.15.93 diff --git a/charts/sysdig/sysdig/values.yaml b/charts/sysdig/sysdig/values.yaml index beef3ea97..3bfb6f1a9 100644 --- a/charts/sysdig/sysdig/values.yaml +++ b/charts/sysdig/sysdig/values.yaml @@ -505,7 +505,7 @@ nodeAnalyzer: deploy: false image: repository: sysdig/vuln-runtime-scanner - tag: 1.5 + tag: 1.5.1 digest: pullPolicy: IfNotPresent diff --git a/charts/weka/csi-wekafsplugin/CHANGELOG.md b/charts/weka/csi-wekafsplugin/CHANGELOG.md index ebaf0bb83..3fb48cbb3 100644 --- a/charts/weka/csi-wekafsplugin/CHANGELOG.md +++ b/charts/weka/csi-wekafsplugin/CHANGELOG.md @@ -1,17 +1,17 @@ ## What's Changed -### New features -* feat(CSI-67): sign helm chart by @dontbreakit in https://github.com/weka/csi-wekafs/pull/116 +### Bug fixes +* fix(CSI-75): compatibilityMap has duplicate parameter for same functionality https://github.com/weka/csi-wekafs/pull/120 +* fix(CSI-76): filtering Rest API allowed only from 4.1 but should be from 4.0 https://github.com/weka/csi-wekafs/pull/120 +* fix(CSI-110): CSI does not propagate error when failing to init API client from secrets https://github.com/weka/csi-wekafs/pull/120 +* fix(CSI-112): panic when creating CSI snapshot-based volume and failing to initialize API client https://github.com/weka/csi-wekafs/pull/120 +* fix(CSI-113) plugin incorrectly handles secret with API endpoints separated by newline rather than comma https://github.com/weka/csi-wekafs/pull/120 -### Security -* fix(CSI-109): update registry.k8s.io/sig-storage/csi-snapshotter to v6.2.2 by @renovate in https://github.com/weka/csi-wekafs/pull/113 -* update Golang dependencies for the csi binary - * fix(deps): update module golang.org/x/sync to v0.3.0 by @renovate in https://github.com/weka/csi-wekafs/pull/105 - * fix(deps): update module k8s.io/apimachinery to v0.27.3 by @renovate in https://github.com/weka/csi-wekafs/pull/106 - * fix(deps): update module github.com/prometheus/client_golang to v1.16.0 by @renovate in https://github.com/weka/csi-wekafs/pull/107 - * fix(deps): update module google.golang.org/grpc to v1.56.1 by @renovate in https://github.com/weka/csi-wekafs/pull/108 - * fix(deps): update module github.com/kubernetes-csi/csi-lib-utils to v0.14.0 by @renovate in https://github.com/weka/csi-wekafs/pull/117 +### Miscellaneous +* fix(CSI-111): Replace deprecated ioutil.ReadFile / WriteFile https://github.com/weka/csi-wekafs/pull/120 +* docs(CSI-115): document incorrectly states version of Weka for snapshot quotas https://github.com/weka/csi-wekafs/pull/123 +**Full Changelog**: https://github.com/weka/csi-wekafs/compare/v2.1.0...v2.1.1 diff --git a/charts/weka/csi-wekafsplugin/Chart.yaml b/charts/weka/csi-wekafsplugin/Chart.yaml index f7351256b..2c53f9234 100644 --- a/charts/weka/csi-wekafsplugin/Chart.yaml +++ b/charts/weka/csi-wekafsplugin/Chart.yaml @@ -1,6 +1,6 @@ annotations: artifacthub.io/category: storage - artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "false" artifacthub.io/signKey: | @@ -11,7 +11,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.18.0' catalog.cattle.io/release-name: csi-wekafsplugin apiVersion: v2 -appVersion: v2.1.0 +appVersion: 2.1.1 description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) plugin for WekaFS - the world fastest filesystem home: https://github.com/weka/csi-wekafs @@ -27,6 +27,6 @@ maintainers: url: https://weka.io name: csi-wekafsplugin sources: -- https://github.com/weka/csi-wekafs/tree/v2.1.0 +- https://github.com/weka/csi-wekafs/tree/2.1.1 type: application -version: 2.1.0 +version: 2.1.1 diff --git a/charts/weka/csi-wekafsplugin/README.md b/charts/weka/csi-wekafsplugin/README.md index 815b513d7..e15897393 100644 --- a/charts/weka/csi-wekafsplugin/README.md +++ b/charts/weka/csi-wekafsplugin/README.md @@ -3,7 +3,7 @@ Helm chart for Deployment of WekaIO Container Storage Interface (CSI) plugin for [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/csi-wekafs)](https://artifacthub.io/packages/search?repo=csi-wekafs) -![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.1.0](https://img.shields.io/badge/AppVersion-v2.1.0-informational?style=flat-square) +![Version: 2.1.1](https://img.shields.io/badge/Version-2.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.1](https://img.shields.io/badge/AppVersion-2.1.1-informational?style=flat-square) ## Homepage https://github.com/weka/csi-wekafs @@ -56,7 +56,7 @@ Kubernetes: `>=1.18.0` |-----|------|---------|-------------| | dynamicProvisionPath | string | `"csi-volumes"` | Directory in root of file system where dynamic volumes are provisioned | | csiDriverName | string | `"csi.weka.io"` | Name of the driver (and provisioner) | -| csiDriverVersion | string | `"2.1.0"` | CSI driver version | +| csiDriverVersion | string | `"2.1.1"` | CSI driver version | | images.livenessprobesidecar | string | `"registry.k8s.io/sig-storage/livenessprobe:v2.10.0"` | CSI liveness probe sidecar image URL | | images.attachersidecar | string | `"registry.k8s.io/sig-storage/csi-attacher:v4.3.0"` | CSI attacher sidecar image URL | | images.provisionersidecar | string | `"registry.k8s.io/sig-storage/csi-provisioner:v3.5.0"` | CSI provisioner sidecar image URL | @@ -64,7 +64,7 @@ Kubernetes: `>=1.18.0` | images.resizersidecar | string | `"registry.k8s.io/sig-storage/csi-resizer:v1.8.0"` | CSI resizer sidecar image URL | | images.snapshottersidecar | string | `"registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2"` | CSI snapshotter sidecar image URL | | images.csidriver | string | `"quay.io/weka.io/csi-wekafs"` | CSI driver main image URL | -| images.csidriverTag | string | `"2.1.0"` | CSI driver tag | +| images.csidriverTag | string | `"2.1.1"` | CSI driver tag | | globalPluginTolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"}]` | Tolerations for all CSI driver components | | controllerPluginTolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"}]` | Tolerations for CSI controller component only (by default same as global) | | nodePluginTolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master","operator":"Exists"}]` | Tolerations for CSI node component only (by default same as global) | diff --git a/charts/weka/csi-wekafsplugin/values.yaml b/charts/weka/csi-wekafsplugin/values.yaml index df102f978..fbed118ec 100644 --- a/charts/weka/csi-wekafsplugin/values.yaml +++ b/charts/weka/csi-wekafsplugin/values.yaml @@ -5,7 +5,7 @@ dynamicProvisionPath: "csi-volumes" # -- Name of the driver (and provisioner) csiDriverName: "csi.weka.io" # -- CSI driver version -csiDriverVersion: &csiDriverVersion 2.1.0 +csiDriverVersion: &csiDriverVersion 2.1.1 images: # -- CSI liveness probe sidecar image URL livenessprobesidecar: registry.k8s.io/sig-storage/livenessprobe:v2.10.0 diff --git a/index.yaml b/index.yaml index 432f47b91..18b9d4830 100644 --- a/index.yaml +++ b/index.yaml @@ -1182,6 +1182,45 @@ entries: - assets/ambassador/ambassador-6.7.1100.tgz version: 6.7.1100 argo-cd: + - annotations: + artifacthub.io/changes: | + - kind: added + description: Add `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL` and `ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT` env vars to argo-notifications Deployment + artifacthub.io/signKey: | + fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 + url: https://argoproj.github.io/argo-helm/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.23.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.7.6 + created: "2023-06-26T15:55:24.450506798Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.23.0 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: a240ffe8cb82033f0271f481dc76293e21cf931bb4f32d4e094f722b8b03e65b + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.23.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.36.10.tgz + version: 5.36.10 - annotations: artifacthub.io/changes: | - kind: changed @@ -10118,8 +10157,8 @@ entries: catalog.cattle.io/featured: "2" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 - appVersion: 1.104.1 - created: "2023-06-16T16:58:39.645534836Z" + appVersion: 1.104.2 + created: "2023-06-26T15:55:46.441313541Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -10135,7 +10174,38 @@ entries: version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. - digest: 13853df90cf15710c11a3390c159d2baae49f8e09a6c8fd5d7b90cc9c4a4ad3c + digest: 3bc3d225e70014366a73673d1d66713519e0288437001a88aca551ae28ed77d2 + icon: https://partner-charts.rancher.io/assets/logos/kubecost.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-1.104.2.tgz + version: 1.104.2 + - annotations: + artifacthub.io/links: | + - name: Homepage + url: https://www.kubecost.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kubecost + catalog.cattle.io/release-name: cost-analyzer + apiVersion: v2 + appVersion: 1.104.1 + created: "2023-06-26T15:55:31.10115179Z" + dependencies: + - condition: global.grafana.enabled + name: grafana + repository: file://./charts/grafana + version: ~1.17.2 + - condition: global.prometheus.enabled + name: prometheus + repository: file://./charts/prometheus + version: ~11.0.2 + - condition: global.thanos.enabled + name: thanos + repository: file://./charts/thanos + version: ~0.29.0 + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: c752e7bd0e26226300fb2074f8ed36dea825a948fd2408efd2f87a5b1f547a22 icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer urls: @@ -11011,6 +11081,31 @@ entries: - assets/crate/crate-operator-2.16.0.tgz version: 2.16.0 csi-isilon: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerScale + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0' + catalog.cattle.io/release-name: isilon + apiVersion: v2 + appVersion: 2.7.0 + created: "2023-06-26T15:55:28.580962579Z" + description: 'PowerScale CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as an Isilon + StorageClass. ' + digest: ad61af38be282a8f453f104025e4757c5ff6125778268809df589d5b19396b28 + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.21.0 < 1.28.0' + maintainers: + - name: DellEMC + name: csi-isilon + sources: + - https://github.com/dell/csi-isilon + urls: + - assets/dell/csi-isilon-2.7.0.tgz + version: 2.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerScale @@ -11037,6 +11132,38 @@ entries: - assets/dell/csi-isilon-2.6.1.tgz version: 2.6.1 csi-powermax: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerMax + catalog.cattle.io/kube-version: '>= 1.23.0 < 1.28.0' + catalog.cattle.io/release-name: csi-powermax + apiVersion: v2 + appVersion: 2.7.0 + created: "2023-06-26T15:55:28.583974889Z" + dependencies: + - condition: required + name: csireverseproxy + repository: file://./charts/csireverseproxy + version: 2.6.0 + description: 'PowerMax CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a PowerMax + StorageClass. ' + digest: 894fa0669a1e8f6bff0f4e88826787ff4279beb1c9d1f95f3f88cfb56860547f + home: https://github.com/dell/csi-powermax + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.23.0 < 1.28.0' + maintainers: + - name: DellEMC + name: csi-powermax + sources: + - https://github.com/dell/csi-powermax + type: application + urls: + - assets/dell/csi-powermax-2.7.0.tgz + version: 2.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerMax @@ -11069,6 +11196,32 @@ entries: - assets/dell/csi-powermax-2.6.0.tgz version: 2.6.0 csi-powerstore: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerStore + catalog.cattle.io/kube-version: '>= 1.22.0 < 1.28.0' + catalog.cattle.io/release-name: powerstore + apiVersion: v2 + appVersion: 2.7.0 + created: "2023-06-26T15:55:28.588964537Z" + description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a PowerStore + StorageClass. ' + digest: 73248d26d4538f317f97293d9d295a7ebda677d96b3bc75be7509e8abbf502c8 + home: https://github.com/dell/csi-powerstore + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.22.0 < 1.28.0' + maintainers: + - name: DellEMC + name: csi-powerstore + sources: + - https://github.com/dell/csi-powerstore + urls: + - assets/dell/csi-powerstore-2.7.0.tgz + version: 2.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerStore @@ -11174,6 +11327,31 @@ entries: - assets/dell/csi-powerstore-2.4.0.tgz version: 2.4.0 csi-unity: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI Unity + catalog.cattle.io/kube-version: '>= 1.24.0 < 1.28.0' + catalog.cattle.io/release-name: unity + apiVersion: v1 + appVersion: 2.7.0 + created: "2023-06-26T15:55:28.592558687Z" + description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a Unity + XT StorageClass. ' + digest: e77ff590acb0cc1dac8e53a180d0bbf3faa6a1b9091060b52ec8860253997b0f + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.24.0 < 1.28.0' + maintainers: + - name: DellEMC + name: csi-unity + sources: + - https://github.com/dell/csi-unity + urls: + - assets/dell/csi-unity-2.7.0.tgz + version: 2.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI Unity @@ -11252,6 +11430,32 @@ entries: - assets/dell/csi-unity-2.4.0.tgz version: 2.4.0 csi-vxflexos: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dell CSI PowerFlex + catalog.cattle.io/kube-version: '>= 1.21.0 < 1.28.0' + catalog.cattle.io/namespace: vxflexos + catalog.cattle.io/release-name: vxflexos + apiVersion: v2 + appVersion: 2.7.0 + created: "2023-06-26T15:55:28.597966564Z" + description: 'VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration. + This chart includes everything required to provision via CSI as well as a VxFlex + OS StorageClass. ' + digest: 0592a81f6d5cba0aecd0acaf7f6b25144bcb7db082f536613c7eb0ec4e8ce821 + icon: https://partner-charts.rancher.io/assets/logos/dell.png + keywords: + - csi + - storage + kubeVersion: '>= 1.21.0 < 1.28.0' + maintainers: + - name: DellEMC + name: csi-vxflexos + sources: + - https://github.com/dell/csi-vxflexos + urls: + - assets/dell/csi-vxflexos-2.7.0.tgz + version: 2.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dell CSI PowerFlex @@ -11378,6 +11582,42 @@ entries: - assets/dell/csi-vxflexos-2.1.0.tgz version: 2.1.0 csi-wekafsplugin: + - annotations: + artifacthub.io/category: storage + artifacthub.io/containsSecurityUpdates: "false" + artifacthub.io/license: Apache-2.0 + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: BA9F2D31BE9193E01FA17450BCE0A5CF67AC0C59 + url: https://weka.github.io/csi-wekafs/csi-public.gpg + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WekaFS CSI Driver + catalog.cattle.io/kube-version: '>=1.18.0' + catalog.cattle.io/release-name: csi-wekafsplugin + apiVersion: v2 + appVersion: 2.1.1 + created: "2023-06-26T15:55:48.763547932Z" + description: Helm chart for Deployment of WekaIO Container Storage Interface (CSI) + plugin for WekaFS - the world fastest filesystem + digest: e701e6f965f2791a0d59fce8f81078b64e47b3e3d4604fe6e72348cab524f4f5 + home: https://github.com/weka/csi-wekafs + icon: https://weka.github.io/csi-wekafs/logo.png + keywords: + - storage + - filesystem + - HPC + kubeVersion: '>=1.18.0' + maintainers: + - email: csi@weka.io + name: WekaIO, Inc. + url: https://weka.io + name: csi-wekafsplugin + sources: + - https://github.com/weka/csi-wekafs/tree/2.1.1 + type: application + urls: + - assets/weka/csi-wekafsplugin-2.1.1.tgz + version: 2.1.1 - annotations: artifacthub.io/category: storage artifacthub.io/containsSecurityUpdates: "true" @@ -13259,6 +13499,39 @@ entries: - assets/datadog/datadog-2.4.200.tgz version: 2.4.200 datadog-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog Operator + catalog.cattle.io/release-name: datadog-operator + apiVersion: v2 + appVersion: 1.0.3 + created: "2023-06-26T15:55:28.576202547Z" + dependencies: + - alias: datadogCRDs + condition: installCRDs + name: datadog-crds + repository: file://./charts/datadog-crds + tags: + - install-crds + version: =1.0.1 + description: Datadog Operator + digest: a3e8a45c58d8b841355c7dcdea6de049f0b8757aaffb8e40bbff1799f81a2e6f + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog-operator + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-operator-1.0.4.tgz + version: 1.0.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog Operator @@ -14185,6 +14458,30 @@ entries: - assets/elastic/elasticsearch-7.17.3.tgz version: 7.17.3 external-secrets: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: External Secrets Operator + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/release-name: external-secrets + apiVersion: v2 + appVersion: v0.9.0 + created: "2023-06-26T15:55:28.731445071Z" + description: External secret management for Kubernetes + digest: e1e28a744f4b5ba4991708cdc2bfac26b3b54d0699591f099f161d139b75dece + home: https://github.com/external-secrets/external-secrets + icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png + keywords: + - kubernetes-external-secrets + - secrets + kubeVersion: '>= 1.19.0-0' + maintainers: + - email: kellinmcavoy@gmail.com + name: mcavoyk + name: external-secrets + type: application + urls: + - assets/external-secrets/external-secrets-0.9.0.tgz + version: 0.9.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: External Secrets Operator @@ -16362,6 +16659,34 @@ entries: - assets/gopaddle/gopaddle-4.2.5.tgz version: 4.2.5 haproxy: + - annotations: + artifacthub.io/changes: | + - Add IPv4/IPv6 dualstack support (#194) + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: haproxy + apiVersion: v2 + appVersion: 1.10.4 + created: "2023-06-26T15:55:29.009588263Z" + description: A Helm chart for HAProxy Kubernetes Ingress Controller + digest: af839aa4bbc154feb4675143c5f737c0b1850d37389472fcc9e4ee36e14a4792 + home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress + icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png + keywords: + - ingress + - haproxy + kubeVersion: '>=1.22.0-0' + maintainers: + - email: dkorunic@haproxy.com + name: Dinko Korunic + name: haproxy + sources: + - https://github.com/haproxytech/kubernetes-ingress + type: application + urls: + - assets/haproxy/haproxy-1.31.0.tgz + version: 1.31.0 - annotations: artifacthub.io/changes: | - Use Ingress Controller 1.10.4 version for base image @@ -23939,6 +24264,33 @@ entries: - assets/avesha/kubeslice-worker-0.4.5.tgz version: 0.4.5 kuma: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kuma + catalog.cattle.io/namespace: kuma-system + catalog.cattle.io/release-name: kuma + apiVersion: v2 + appVersion: 2.3.0 + created: "2023-06-26T15:55:46.579892273Z" + description: A Helm chart for the Kuma Control Plane + digest: 9c172643ea5e86573ff83056cf5df7770e07f499f724af474c88b1d632b04fb6 + home: https://github.com/kumahq/kuma + icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg + keywords: + - service mesh + - control plane + maintainers: + - email: austin.cawley@gmail.com + name: austince + - email: jakub.dyszkiewicz@konghq.com + name: jakubdyszkiewicz + - email: nikolay.nikolaev@konghq.com + name: nickolaev + name: kuma + type: application + urls: + - assets/kuma/kuma-2.3.0.tgz + version: 2.3.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kuma @@ -26534,6 +26886,31 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.9.19 + created: "2023-06-26T15:55:46.651734767Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 9fa085ed8e0f39752c8d02ee1ba1f02a3a96022500c6bb486a96834eaa8917e3 + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: info@nats.io + name: The NATS Authors + url: https://github.com/nats-io + name: nats + urls: + - assets/nats/nats-0.19.16.tgz + version: 0.19.16 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -27634,6 +28011,102 @@ entries: - assets/f5/nginx-service-mesh-0.2.100.tgz version: 0.2.100 nri-bundle: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: New Relic + catalog.cattle.io/release-name: nri-bundle + apiVersion: v2 + created: "2023-06-26T15:55:47.020126274Z" + dependencies: + - condition: infrastructure.enabled,newrelic-infrastructure.enabled + name: newrelic-infrastructure + repository: file://./charts/newrelic-infrastructure + version: 3.20.1 + - condition: prometheus.enabled,nri-prometheus.enabled + name: nri-prometheus + repository: file://./charts/nri-prometheus + version: 2.1.17 + - condition: newrelic-prometheus-agent.enabled + name: newrelic-prometheus-agent + repository: file://./charts/newrelic-prometheus-agent + version: 1.2.2 + - condition: webhook.enabled,nri-metadata-injection.enabled + name: nri-metadata-injection + repository: file://./charts/nri-metadata-injection + version: 4.3.2 + - condition: metrics-adapter.enabled,newrelic-k8s-metrics-adapter.enabled + name: newrelic-k8s-metrics-adapter + repository: file://./charts/newrelic-k8s-metrics-adapter + version: 1.2.1 + - condition: ksm.enabled,kube-state-metrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + version: 4.23.0 + - condition: kubeEvents.enabled,nri-kube-events.enabled + name: nri-kube-events + repository: file://./charts/nri-kube-events + version: 3.1.2 + - condition: logging.enabled,newrelic-logging.enabled + name: newrelic-logging + repository: file://./charts/newrelic-logging + version: 1.14.2 + - condition: newrelic-pixie.enabled + name: newrelic-pixie + repository: file://./charts/newrelic-pixie + version: 2.1.2 + - alias: pixie-chart + condition: pixie-chart.enabled + name: pixie-operator-chart + repository: file://./charts/pixie-operator-chart + version: 0.1.4 + - condition: newrelic-infra-operator.enabled + name: newrelic-infra-operator + repository: file://./charts/newrelic-infra-operator + version: 2.2.2 + description: Groups together the individual charts for the New Relic Kubernetes + solution for a more comfortable deployment. + digest: e1efe6298f3d0099115cf88f220eb6b9d8d487f1a9b3e0527fcd4ff3e95891ac + home: https://github.com/newrelic/helm-charts + icon: https://newrelic.com/themes/custom/erno/assets/mediakit/new_relic_logo_vertical.svg + keywords: + - infrastructure + - newrelic + - monitoring + maintainers: + - name: nserrino + url: https://github.com/nserrino + - name: philkuz + url: https://github.com/philkuz + - name: htroisi + url: https://github.com/htroisi + - name: juanjjaramillo + url: https://github.com/juanjjaramillo + - name: svetlanabrennan + url: https://github.com/svetlanabrennan + - name: nrepai + url: https://github.com/nrepai + - name: csongnr + url: https://github.com/csongnr + - name: vuqtran88 + url: https://github.com/vuqtran88 + - name: xqi-nr + url: https://github.com/xqi-nr + name: nri-bundle + sources: + - https://github.com/newrelic/nri-bundle/ + - https://github.com/newrelic/nri-bundle/tree/master/charts/nri-bundle + - https://github.com/newrelic/nri-kubernetes/tree/master/charts/newrelic-infrastructure + - https://github.com/newrelic/nri-prometheus/tree/master/charts/nri-prometheus + - https://github.com/newrelic/newrelic-prometheus-configurator/tree/master/charts/newrelic-prometheus-agent + - https://github.com/newrelic/k8s-metadata-injection/tree/master/charts/nri-metadata-injection + - https://github.com/newrelic/newrelic-k8s-metrics-adapter/tree/master/charts/newrelic-k8s-metrics-adapter + - https://github.com/newrelic/nri-kube-events/tree/master/charts/nri-kube-events + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging + - https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-pixie + - https://github.com/newrelic/newrelic-infra-operator/tree/master/charts/newrelic-infra-operator + urls: + - assets/new-relic/nri-bundle-5.0.22.tgz + version: 5.0.22 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: New Relic @@ -33981,6 +34454,46 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: docker.redpanda.com/redpandadata/redpanda:v23.1.10 + - name: busybox + image: busybox:latest + - name: mintel/docker-alpine-bash-curl-jq + image: mintel/docker-alpine-bash-curl-jq:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v23.1.12 + created: "2023-06-26T15:55:47.84738583Z" + dependencies: + - condition: console.enabled + name: console + repository: file://./charts/console + version: '>=0.5 <1.0' + description: Redpanda is the real-time engine for modern apps. + digest: 050531994bee097b9dab1a786fb1e52c6bf7aac5361037be04dfcdad4048a36b + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-4.0.47.tgz + version: 4.0.47 - annotations: artifacthub.io/images: | - name: redpanda @@ -36695,6 +37208,40 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.4.1 + created: "2023-06-26T15:55:26.81523857Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: 5aadbd92744be65c351295781677316b1de2ae711f3aae4b155405682cd1de52 + home: https://bitnami.com + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/spark + urls: + - assets/bitnami/spark-7.0.2.tgz + version: 7.0.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -38938,6 +39485,42 @@ entries: - assets/sumologic/sumologic-2.17.0.tgz version: 2.17.0 sysdig: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Sysdig + catalog.cattle.io/release-name: sysdig + apiVersion: v1 + appVersion: 12.14.1 + created: "2023-06-26T15:55:48.300524686Z" + description: Sysdig Monitor and Secure agent + digest: 14879b40eff688057f3ea81c787029f62f3191e114a2f3b5866b33f98144b9ef + home: https://www.sysdig.com/ + icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4 + keywords: + - monitoring + - security + - alerting + - metric + - troubleshooting + - run-time + maintainers: + - email: lachlan@deis.com + name: lachie83 + - email: jorge.salamero@sysdig.com + name: bencer + - email: nestor.salceda@sysdig.com + name: nestorsalceda + - email: alvaro.iradier@sysdig.com + name: airadier + - email: carlos.arilla@sysdig.com + name: carillan81 + name: sysdig + sources: + - https://app.sysdigcloud.com/#/settings/user + - https://github.com/draios/sysdig + urls: + - assets/sysdig/sysdig-1.15.93.tgz + version: 1.15.93 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Sysdig @@ -42622,6 +43205,37 @@ entries: - assets/digitalis/vals-operator-0.2.1.tgz version: 0.2.1 vault: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Hashicorp Vault + catalog.cattle.io/kube-version: '>= 1.20.0-0' + catalog.cattle.io/release-name: vault + charts.openshift.io/name: HashiCorp Vault + apiVersion: v2 + appVersion: 1.14.0 + created: "2023-06-26T15:55:29.1693164Z" + description: Official HashiCorp Vault Chart + digest: 57ef0378981b955adbcc31285281d7319fb585ef538c33dbae237cdf44c3cbd3 + home: https://www.vaultproject.io + icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png + keywords: + - vault + - security + - encryption + - secrets + - management + - automation + - infrastructure + kubeVersion: '>= 1.20.0-0' + name: vault + sources: + - https://github.com/hashicorp/vault + - https://github.com/hashicorp/vault-helm + - https://github.com/hashicorp/vault-k8s + - https://github.com/hashicorp/vault-csi-provider + urls: + - assets/hashicorp/vault-0.25.0.tgz + version: 0.25.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Hashicorp Vault @@ -42775,6 +43389,53 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.2.2 + created: "2023-06-26T15:55:27.573868963Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 23ffc930a77f2397348e9190da62a3d5824c97072f053d9e2e6f9d1b0c6a434b + home: https://bitnami.com + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: VMware, Inc. + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/charts/tree/main/bitnami/wordpress + urls: + - assets/bitnami/wordpress-16.1.19.tgz + version: 16.1.19 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress