Nexus service account and major updates (#4)

* [stable/parse] Configure parse-dashboard to form Urls with HTTPS protocol (#19582)

* Configure parse-dashboard to form Urls with HTTPS protocol

Signed-off-by: darteaga <darteaga@bitnami.com>

* remove reasignaments in helpers

Signed-off-by: darteaga <darteaga@bitnami.com>

* [stable/datadog] Add nodeSelector for Cluster Agent Deployment (#19430)

Signed-off-by: Ivan Sukhomlyn <ivan.sukhomlyn@ring.com>

* [stable/wordpress] adds loadBalancerSourceRanges to service (#19549)

* adds loadBalancerSourceRanges to service

Signed-off-by: Dennis Webb <dennis@bluesentryit.com>

* [stable/kube2iam] adds loadBalancerSourceRanges to values-production.yaml

Signed-off-by: Dennis Webb <dennis@bluesentryit.com>

* [stable/traefik] Allow custom caServer for ACME and allow string type for acme.staging (#19567)

* allow traefik support of string or boolean for the acme.staging value

Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>

* allow traefik to be configured for a custom caServer when using ACME protocol

Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>

* stable/traefik chart version bump

Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>

* fix acme.staging value type to support both boolean and string

Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>

* Lint fix trailing spaces

Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>

* [stable/datadog] Make the seccomp profile for system-probe optional (#19533)

* [stable/datadog] Remove the seccomp profile for system-probe

The `system-probe` container currently has a specific seccomp profile.
This seccomp profile currently misses some syscalls that are necessary to
exec inside the container.

Concretely, attempting to exec inside the container produces this error:

```
$ kubectl exec -ti datadog-fswnc -c system-probe /bin/bash
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted
bash: initialize_job_control: getpgrp failed: Operation not permitted
command terminated with exit code 1
```

If we add `setpgrp` to the seccomp profile, we get:

```
$ kubectl exec -ti datadog-kbg97 -c system-probe /bin/bash
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted
I have no name!@datadog-kbg97:.$ exit
```

If we add `getcwd`, we get:

```
$ kubectl exec -ti datadog-7b7lf -c system-probe /bin/bash
I have no name!@datadog-7b7lf:/$ exit
```

If we add `geteuid` and `geteuid32`, we get:

```
$ kubectl exec -ti datadog-c42rb -c system-probe /bin/bash
/bin/bash: cannot set uid to -1: effective uid 0: Invalid argument
/bin/bash: cannot set gid to -1: effective gid -1: Invalid argument
bash-5.0$ exit
```

If we get `getgid` and `getgid32`, we get:

```
$ kubectl exec -ti datadog-tp4qd -c system-probe /bin/bash
/bin/bash: cannot set uid to -1: effective uid 0: Invalid argument
bash-5.0$ exit
```

etc.

If we compare the seccomp profile of `system-probe` with the
[default one](https://github.com/moby/moby/blob/4b0371fb36a958589319ab7c501ff4bc22645cfa/profiles/seccomp/default.json),
we see that a lot of syscalls that are missing are innocuous (`getcwd`) or might become useful one day (`inotify` family)
Some syscalls are added on purpose for the `system-probe` container like `bpf` or `perf_event_open` ones.
But those syscalls are part of the [default seccomp profile for containers that have the `SYS_ADMIN` capability](https://github.com/moby/moby/blob/4b0371fb36a958589319ab7c501ff4bc22645cfa/profiles/seccomp/default.json#L567-L594),
and the [`system-probe` container do have the `SYS_ADMIN` capability](https://github.com/helm/charts/blob/3907cebc7042f452506a7471f912d6d0c8380e51/stable/datadog/templates/container-system-probe.yaml#L7).

So, the `system-probe` specific seccomp profile is not necessary to have the `system-probe` container able to load eBPF programs.

Its removal has been tested on GKE, both with Ubuntu and with Container-Optimized OS
and both with docker and containerd.

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* Make the ad-hoc seccomp profile for system-probe an option

which is enabled by default to stick with the current behavior.

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* [stable/datadog] Allow use of any arbitrary seccomp profile

…for system-probe.
By default, it will create an ad-hoc one.

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* [stable/datadog] Add a CI test for seccomp profile override

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* [stable/datadog] Add validity checks on clusterName (#19327)

The cluster name parameter has been introduced to disambiguate nodes
having the same name in different clusters.

Cluster names are, for ex., used to build hostnames and must therefore
comply with some rules.

We enforce here the same rules as the ones enforced by GKE:
https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.FIELDS.name

The DataDog agent itself is already checking the validity of cluster names since
DataDog/datadog-agent#4492.

The goal of this change in the helm chart is to catch issues as early as possible because
having a clear error message from helm is smarter than having to dig in the logs of
a failing agent.

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* [incubator/zookeeper] Fix zookeeper service template (#19556)

* [incubator/zookeeper] Removing extraneous ending curly brace from the zookeeper service template

Signed-off-by: Vishnu Pradeep <vishnu.pradeep.kumar@gmail.com>

* [incubator/zookeeper] Bumping up the zookeeper chart version to 2.1.2

Signed-off-by: Vishnu Pradeep <vishnu.pradeep.kumar@gmail.com>

* [stable/ambassador] Add missing logservices.getambassador.io from the crds (#19593)

rbac resource names.

Signed-off-by: Stefan Sedich <stefan.sedich@gmail.com>

* [Velero] Enable prometheus metrics by default (#19595)

Signed-off-by: Ashish Amarnath <ashisham@vmware.com>

* [stable/openebs] Update charts to 1.5.0 release (#19587)

- Updated image tags as per 1.4.0 release
 - Updated values.yaml
 - Updated README
 - Updated Chart.yaml
 - Updated deployment-local-provisioner.yaml
 - Updated deployment-maya-apiserver.yaml
 - Updated deployment-ndm-operator.yaml

Signed-off-by: ChandanSagar <chandan.pradhan@mayadata.io>

* [stable/mysql] Update MySQL to the latest 5.7.28 (#19561)

* Upgrade to the latest 5.7.28 version
* Fixes server crash for 5.7.14, see #16222

Signed-off-by: Taras Yatsurak <tyatsurak@gmail.com>

* [stable/grafana] Support env valueFrom entries (#19605)

Signed-off-by: Dave Henderson <dhenderson@gmail.com>

* [stable/redis-ha] Add resource limits to sysctlImage (#18847)

* Add resource limits to sysctlImage

Signed-off-by: Bob Violier <bob@violier.eu>

* Fix description in README

Signed-off-by: Bob Violier <bob@violier.eu>

* [stable/telegraf] Add health output and probes (#19607)

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* HTTPS is required for unifi gui (#19612)

* HTTPS is required for unifi gui

Signed-off-by: Wayne Pascoe <wayne@penguinpowered.org>

* Removed new annotation in values.yaml
Added instructions in README

Signed-off-by: Wayne Pascoe <wayne+github@penguinpowered.org>

* Update readiness liveness probe path for prometheus pushgateway (#19580)

Signed-off-by: Ato Araki <ato.araki@gmail.com>

* [stable/odoo] Release 12.0.4 updating components versions (#19609)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/phabricator] Release 9.0.4 updating components versions (#19599)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/chartmuseum] upgrade to 0.11.0 (#19615)

Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>

* [stable/graylog] fix the logic to determine master node. (#19552)

* fix the logic to determine master node.

When container was recreated or restart or other conditions, pod is not bing removed, then the master node may becomes a coordinator .
This commit add a condition to check if master ip equals the ip of pod itself. If master ip equals the ip of pod itself, it is master node.
fix https://github.com/helm/charts/issues/17550

Signed-off-by: fuyuan.chu <fuyuan.chu@daocloud.io>

* fix unexpected new line

Signed-off-by: fuyuan.chu <fuyuan.chu@daocloud.io>

* [stable/fluent-bit] allow collecting audit logs (#19598)

* [fluent-bit] allow collecting audit logs

Signed-off-by: alejandroEsc <jaescobar.cell@gmail.com>

* fixed extranentry item

Signed-off-by: alejandroEsc <jaescobar.cell@gmail.com>

* [stable/pomerium] Fix helm lint --strict errors (#19527)

* [stable/pomerium] Added the extra values that are needed to pass helm lint --strict

Signed-off-by: Alexios Polyzos <a.polyzos@thebeat.co>

* [stable/pomerium] Added the extra variables to the Pomerium configuration list

Signed-off-by: Alexios Polyzos <a.polyzos@thebeat.co>

* [stable/pomerium] Bump chart version

Signed-off-by: Alexios Polyzos <a.polyzos@thebeat.co>

* [stable/pomerium] Default name overrides to empty string

Signed-off-by: Alexios Polyzos <a.polyzos@thebeat.co>

* [stable/prometheus-blackbox-exporter] Able to mount extra secrets int… (#19119)

* [stable/prometheus-blackbox-exporter] Able to mount extra secrets into the Pod, for example certificates.
Signed-off-by: Hung Do <hdo@infodation.nl>

* [stable/prometheus-blackbox-exporter] Able to mount extra configmaps

Signed-off-by: Hung Do <hdo@infodation.nl>

* [stable/prometheus-blackbox-exporter] Bump up minor version and configmap and secret variables are on par with each other

Signed-off-by: Hung Do <hdo@infodation.nl>

* [stable/prometheus-blackbox-exporter] Improved configmap/secrets examples in the values.yaml

Signed-off-by: Hung Do <hdo@infodation.nl>

* [stable/datadog] Allow dots in cluster names (#19618)

* [stable/datadog] Allow dots in cluster names

because some users already have dots in their cluster names:
https://github.com/helm/charts/pull/19327#issuecomment-565535449

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* [stable/datadog] Add a test for clusterName

Signed-off-by: Lénaïc Huard <lenaic.huard@datadoghq.com>

* Add support for ServiceAccount (#19586)

AWS EKS supports IAM roles via ServiceAccounts.

Signed-off-by: Mikko Kokkonen <mikko@mikian.com>

* [stable/ambassador] - Changing the var podLabels to extraLabels to use in Pods and Deployments (#19311)

* changing the flag podLabels to extraLabels in order to change also the Deployment resource

Signed-off-by: Thiago Dias <nullck@gmail.com>

* rolling back podLabels and adding extraLabels in all the others resources

Signed-off-by: Thiago Dias <nullck@gmail.com>

* bumping the version to 5.3.0

Signed-off-by: Thiago Dias <nullck@gmail.com>

* [stable/kong] Allow environment variables to be set on kong ingress controller (#19627)

Signed-off-by: Peter Rifel <pgrifel@gmail.com>

* [stable/karma] Add option for configmap annotations (#19569)

* [stable/karma] Add configMap.annotations option

Signed-off-by: Grace Do <xgrace@gmail.com>

* [stable/karma] Bump chart version

Signed-off-by: Grace Do <xgrace@gmail.com>

* Fix configmap annotations value

Signed-off-by: Grace Do <xgrace@gmail.com>

* [stable/rethinkdb] Kubernetes apiVersion Depreciated (#19624)

* [stable/rethinkdb] stateful migrate api version from depreciated, add required selector

Signed-off-by: Jacob Dent <jdent@tacyarg.com>

* [stable/rethinkdb] deployment  migrate api version from depreciated, add required selector

Signed-off-by: Jacob Dent <jdent@tacyarg.com>

* [stable/rethinkdb] bump minor version

Signed-off-by: Jacob Dent <jdent@tacyarg.com>

* [stable/datadog] use 6.15, remove hard coded names/versions (#18930)

* Datadog: remove hard coded names

* The new system-probe container and config used hard coded CongigMap
names meaning only one installation is possible per cluster and
namespace.

Signed-off-by: Matt Klich <matt@elementalvoid.com>

* bump version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/grafana] Upgrade to Grafana 6.5.2 (#19606)

Signed-off-by: Dave Henderson <dhenderson@gmail.com>

* [incubator/jaeger] deprecate jaeger (#19638)

* deprecate jaeger

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* remove maintainers

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* [stable/coredns] Add support for customLabels / Upgrade to 1.6.6 (#17966)

* [stable/coredns] Add support for customLabels

Signed-off-by: Manuel Rüger <manuel@rueg.eu>

* [stable/coredns] Version bump to 1.6.6

Signed-off-by: Manuel Rüger <manuel@rueg.eu>

* [stable/jaeger-operator]  deprecate jaeger operator (#19636)

* deprecate jaeger operator

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update readme

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* remove maintainers

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Don't add the 'enabled' key to 'securityContext' (#19571)

The template uses securityContext.enabled to set whether the securityContext should be added. This fails the validation in Helm 3 because 'enabled' isn't a valid field in io.k8s.api.core.v1.PodSecurityContext, so keep using that key for the switch to maintain back compat, but don't add it to the output.

Signed-off-by: Mark Rydstrom <mark.rydstrom@sage.com>

* [stable/mongodb] Release 7.6.1 updating components versions (#19633)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/mongodb-replicaset] Update MongoDB Exporter to 0.10.x (#19495)

* Support MongoDB Exporter v0.10.x (TLS via connection string)

Signed-off-by: Kai Timmer <kai@staffbase.com>

* Removing unsupported fsGroup from security context at container spec level for metrics

Signed-off-by: Kai Timmer <kai@staffbase.com>

* Bumped chart version

Signed-off-by: Kai Timmer <kai@staffbase.com>

* fix intendation

Signed-off-by: Kai Timmer <kai@staffbase.com>

* use toString instead of cat

Signed-off-by: Kai Timmer <kai@staffbase.com>

* [prometheus-node-exporter] - add podAnnotations value (#17740)

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* [stable/drone] add gitea oauth2 support (#19223)

Signed-off-by: Christian Groschupp <christian@groschupp.org>

* [stable/stolon] Add custom labels support for servicemonitor (#19543)

* [stable/stolon] Add custom labels support for servicemonitor

Signed-off-by: Raj Perera <rajiteh@gmail.com>

* [stable/stolon] Document custom labels support for servicemonitor

Signed-off-by: Raj Perera <rajiteh@gmail.com>

* [stable/stolon] Bump chart version

Signed-off-by: Raj Perera <rajiteh@gmail.com>

* Add metrics port to containerSpec (#19479)

WIthout a metrics port given in the container spec, prometheus scraping annotations would not scrape the correct port. See https://github.com/prometheus/prometheus/issues/3826#issuecomment-380736580 for details.

Signed-off-by: Tammo van Lessen <tvanlessen@gmail.com>

* Adding the option the set deployment annotations (#19458)

* Adding the option the set deployment annotations

Signed-off-by: Elad Kaplan <kaplan.elad@gmail.com>

* Bump version to 1.27.0

Signed-off-by: Elad Kaplan <kaplan.elad@gmail.com>

* [stable/prometheus] Add option to configure AlertManagers for Prometheus server (#19557)

* Add option to configure Prometheus AlertManagers for Prometheus server

Signed-off-by: Fredrik Haugseth <fredhaug93@gmail.com>

* Bump chart version

Signed-off-by: Fredrik Haugseth <fredhaug93@gmail.com>

* Set default to list instead of set

Signed-off-by: Fredrik Haugseth <fredhaug93@gmail.com>

* Fixed malformed CRD manifests (#19654)

Signed-off-by: Yinan Li <ynli@google.com>

* [stable/stolon] Make fsgroup optional for keeper security context for pg9-10 compat (#19648)

Signed-off-by: Raj Perera <rajiteh@gmail.com>

* [stable/joomla] Release 7.1.1 updating components versions (#19657)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Add Carlisia and Ashish as chart maintainers (#19659)

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* [stable/velero] dropping prydonius from OWNERS (#19661)

Signed-off-by: Adnan Abdulhussein <aadnan@vmware.com>

* [stable/rabbitmq-ha] add option for StatefulSet annotations (#19261)

* [stable/rabbitmq-ha] add option for StatefulSet annotations

Signed-off-by: Max Williams <max.williams@deliveryhero.com>

* update readme

Signed-off-by: Max Williams <max.williams@deliveryhero.com>

* bump version higher

Signed-off-by: Max Williams <max.williams@deliveryhero.com>

* Update MinIO version to RELEASE.2019-12-17T23-16-33Z (#19662)

Bumping Chart version to 4.0.0 since this MinIO release wouldn't support rolling
upgrade from the previous version.

Note: rolling upgrades would become possible with subsequent MinIO server
releases.

Signed-off-by: Krishnan Parthasarathi <krishnan.parthasarathi@gmail.com>

* [stable/prometheus] add failure and success threshold to probes (#19058)

- Add readinessProbeFailureThreshold
- Add readinessProbeSuccessThreshold
- Add livenessProbeFailureThreshold
- Add livenessProbeSuccessThreshold

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

* [stable/ghost] support nodeSelector (#19660)

Signed-off-by: Dr Nic Williams <drnicwilliams@gmail.com>

* Allow single drive mounts (#19664)

Signed-off-by: Harshavardhana <harsha@minio.io>

* [stable/postgres] add priority class name option to postgres chart (#19628)

* [stable/postgres] add priority class name to postgres chart

Signed-off-by: Jessica Tracy <jessicatracy@callrail.com>

* version bump

Signed-off-by: Jessica Tracy <jessicatracy@callrail.com>

* bump minor version, add changes to values-production.yaml

Signed-off-by: Jessica Tracy <jessicatracy@callrail.com>

* additional control added (#19496)

Signed-off-by: schoofsc <Christian.Schoofs@t-online.de>

* 19576 Improved Jenkins persistence parameters documentation (#19577)

* 19576 Improved Jenkins persistence parameters documentation

Signed-off-by: Fabio Kruger <krufab@gmail.com>

* 19576 Updated CHANGELOG.md

Signed-off-by: Fabio Kruger <krufab@gmail.com>

* Add optional service replica selector (#19398)

When using a replicaset for the server (for redundancy purposes),
this allows to select which replica the service will talk to in
order to have a consistent view of the data.

Signed-off-by: rabadin <rvbadin@gmail.com>

* [stable/redis-ha] Enable sticky connections balancing via HAProxy. (#19589)

I just found that python Redis client (Sentry, Weblate) is having trouble with HAProxy + Redis HA scheme.
It seems like HAProxy balance source + hash-type consistent does the trick.

Signed-off-by: Andrey Voronkov <avoronkov@enapter.com>

* [stable/datadog] allow dogstatsd port to be variable (#18966)

* [stable/datadog] allow dogstatsd port to be variable

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* need to uncomment customAgentConfig

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* leave dogstatsd port empty in values.yaml

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* spacing for comments

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* need to leave dogstatsd_port uncommented

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* taking feedback, moving var around

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* fixing camelCase, and adding env var for statsd

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* bumping version with sign off

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* relocating the param in readme

Signed-off-by: John Pekcan <johnpekcan@gmail.com>

* [stabel/datadog] fix syntax error in templates/datadog-yaml-configmap.yaml (#19676)

* fix syntax error in templates/datadog-yaml-configmap.yaml

Signed-off-by: Alex Jones <ajones@agari.com>

* Up chart version since new versions of the chart have been merged since PR was opened

Signed-off-by: Alex Jones <ajones@agari.com>

* Fix issue with literal (|) being added to deployment yaml when using extraContainers. (#19384)

Signed-off-by: Michael Lamanuzzi <mlamanuzzi@walmart.com>

* [stable/prometheus] Add PodDisruptionBudget support (#19670)

* [stable/prometheus] Add PodDisruptionBudget support

Signed-off-by: Vlad Ionescu <Vlaaaaaaad@users.noreply.github.com>

* PDB should be false by default

Signed-off-by: Vlad Ionescu <Vlaaaaaaad@users.noreply.github.com>

* Formatting fixes

Signed-off-by: Vlad Ionescu <Vlaaaaaaad@users.noreply.github.com>

* [stable/prometheus] Update readiness and liveness probe path for prometheus pushgateway (#19554)

* Update readiness liveness probe path for prometheus pushgateway

Signed-off-by: Ato Araki <ato.araki@gmail.com>

* Add livenessProbe for pushgateway

Signed-off-by: Ato Araki <ato.araki@gmail.com>

* [stable/prometheus-pushgateway] fix default values for podDisruptionBudget and networkPolicy (#19680)

Signed-off-by: Angelo Olivera <aolivera@gmail.com>

* [stable/newrelic-infrastructure] Fixes #19210 Properly indent additional pod labels (#19211)

Signed-off-by: Enver Cicak <enver.cicak@gmail.com>

* [stable/drupal] Release 6.2.1 updating components versions (#19687)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/logstash] Allow for additional sidecar containers (#17904)

Signed-off-by: Marc Sensenich <sensenichm91@gmail.com>

* [stable/prometheus] Add support for volumeBindingMode (#18242)

Signed-off-by: Joseph (Jy) Yaworski <jyaworski@carotid.us>

* [stable/dex] Add initContainers support (#15588)

Signed-off-by: Martin Hrabovcin <mhrabovcin.c@mesosphere.com>

* [incubator/kube-downscaler] Add OWNERS file (#18491)

Signed-off-by: Florent Delannoy <florent.delannoy.external@ynap.com>

* [stable/wordpress] Release 8.0.4 updating components versions (#19689)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/graylog] extra init containers/volumes support (#19681)

* Add extra volumes and mounts support to graylog

Adds `graylog.extraVolumes` and `graylog.extraVolumeMounts` as values to
allow extra files to be mounted into the container for use at runtime.

Signed-off-by: Chris Barton <chris.barton@recurly.com>

* Add extra init containers to graylog

Add the `graylog.extraInitContainers` value to extend the stateful set
with additional init containers

Signed-off-by: Chris Barton <chris.barton@recurly.com>

* bump graylog to 1.5.0

Signed-off-by: Chris Barton <chris.barton@recurly.com>

* [stable/prestashop] multi release support (#19467)

Signed-off-by: Andrejs Volkovs <andrey@printify.com>

* [stable/wordpress] allow users to enable/disable the health checks (#19666)

Signed-off-by: Sameer Naik <sameersbn@vmware.com>

* [stable/mongodb-replicaset] Dont initiate replicaset during bootstrapping (#18831)

* start the server with ssl enabled if the client also uses ssl

Signed-off-by: Kai Timmer <kai@staffbase.com>

* in retry_until only read the last mongo client line

Signed-off-by: Kai Timmer <kai@staffbase.com>

* add a doNotInit value that skips the replicaset creation on first start

Signed-off-by: Kai Timmer <kai@staffbase.com>

* added test for donotinit flag

Signed-off-by: Kai Timmer <kai@staffbase.com>

* bumped chart version, added documentation to README.md

Signed-off-by: Kai Timmer <kai@staffbase.com>

* remove empty lines to make the linter happy

Signed-off-by: Kai Timmer <kai@staffbase.com>

* renaming value, remove else, new feature higher version

Signed-off-by: Kai Timmer <kai@staffbase.com>

* Added documentation for skipInitialization flag and how to use it

Signed-off-by: Kai Timmer <kai@staffbase.com>

* correct chart number

Signed-off-by: Kai Timmer <kai@staffbase.com>

* [stable/datadog] Allow providing volumes and mounts in the cluster agent deployment (#19679)

* Allow providing volumes and mounts in the cluster agent deployment

Signed-off-by: Ivan Ilichev <ivan.ilichev@datadoghq.com>

* Document volumes and volumeMounts for cluster agent in README

Signed-off-by: Ivan Ilichev <ivan.ilichev@datadoghq.com>

* Add a test for the volumes and volumeMounts

Signed-off-by: Ivan Ilichev <ivan.ilichev@datadoghq.com>

* Bump chart version

Signed-off-by: Ivan Ilichev <ivan.ilichev@datadoghq.com>

* Fix file ending

Signed-off-by: Ivan Ilichev <ivan.ilichev@datadoghq.com>

* Rename the ci test and change to use a hostPath volume

Signed-off-by: Ivan Ilichev <ivan.ilichev@datadoghq.com>

* Add deprecation notices to Dask chart (#18419)

* Add deprecation notices to Dask chart

Signed-off-by: Jacob Tomlinson <jacob@tomlinson.email>

* Update stable/dask/Chart.yaml

Co-Authored-By: Scott Rigby <scott@r6by.com>
Signed-off-by: Jacob Tomlinson <jacob@tomlinson.email>

* [stable/kong] Allow admin_gui_auth_conf to be defined as an external secret (#19678)

* [stable/kong] Allow admin_gui_auth_conf to be defined externally

This adds support for providing a secret name rather than the contents of admin_gui_auth_conf directly.

For LDAP authentication, the admin_gui_auth_conf contents include an LDAP password which would be in plaintext in the pod spec's environment variables.

This prevents the LDAP password from being exposed by keeping it in a secret defined outside of the helm chart, similar to other sensitive data.

Signed-off-by: Peter Rifel <pgrifel@gmail.com>

* [stable/kong] Fix readme typo in session_conf_secret value name

Signed-off-by: Peter Rifel <pgrifel@gmail.com>

* [stable/sonarqube] Make sure the sonarqube data directories have the right owner to be written to (#17001)

* Make sure the sonarqube data directories have the right owner to be written to

Signed-off-by: Gavin Mogan <git@gavinmogan.com>

* mkdir and chmod all the directories

Signed-off-by: Gavin Mogan <git@gavinmogan.com>

* Bump helm chart version

Signed-off-by: Gavin Mogan <git@gavinmogan.com>

* [stable/instana-agent] Chart version 1.0.19 (#19706)

Signed-off-by: Instana CD <instanacd@instana.com>

* Ability to scope alertmanager to a specific instance using probe annotation (#18039)

Signed-off-by: Florian Dambrine <florian@gumgum.com>

* Explicitly pin to agent 7 (#19700)

* Explicitly pin to agent 7

Signed-off-by: Xavier Lucas <xavier.lucas@datadoghq.com>

* Update chart version

Signed-off-by: Xavier Lucas <xavier.lucas@datadoghq.com>

* Add value to set ssl mode (#19711)

Signed-off-by: ricoberger <mail@ricoberger.de>

* Remove useless val (#18525)

* remove useless value

Signed-off-by: Xiang Dai <764524258@qq.com>

* bump up version

Signed-off-by: Xiang Dai <764524258@qq.com>

* [stable/mongodb]: configure update strategy for deployments (#19720)

Signed-off-by: Sameer Naik <sameersbn@vmware.com>

* Added clusterIP as a possible configuration value to service-kong-proxy.yaml (#19710)

Signed-off-by: Steffen Folman Qvistgaard <folman@tdc.dk>

* [stable/velero] DEPRECATE - Velero (#19719)

* DEPRECATE - Velero

moving Velero Chart to https://github.com/vmware-tanzu/helm-charts

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* add deprecation note

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* [stable/consul] fix gossip configuration parameter name in README (#19528)

* fix gossip configuration parameter name

Signed-off-by: Oleg Dianov <odidoit@gmail.com>

* bump chart version

Signed-off-by: Oleg Dianov <odidoit@gmail.com>

* [stable/prometheus-pushgateway] Fix missleading documentation about `metrics.enabled` in values documentation (#19730)

* Remove missleading statement about `metrics.enabled` from readme

This statement holds true for most chart but not the pushgateway.
It does not have the `metrics.enabled` attribute.

Signed-off-by: Jannik Hollenbach <Jannik.Hollenbach@iteratec.de>

* Increment chart version to `1.2.9`

Signed-off-by: Jannik Hollenbach <Jannik.Hollenbach@iteratec.de>

* update to 0.27.5, allow extra env vars (#19722)

Signed-off-by: Bart Verwilst <bart@verwilst.be>

* [stable/kube-state-metrics] Version bump to 1.9.0 (#19726)

Signed-off-by: Manuel Rüger <manuel@rueg.eu>

* [stable/prometheus-operator] Bump grafana and prometheus-node-exporter subcharts (#19703)

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* as of apps/v1beta2 spec.template.labels are immutable (#19134)

* as of apps/v1beta2 spec.template.labels are immutable.  The chart should not exist in these lables as it will always cause upgrade issues

Signed-off-by: Shane Starcher <shanestarcher@gmail.com>

* add chart helper

Signed-off-by: Shane Starcher <shanestarcher@gmail.com>

* bump correct version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/joomla] Fix wrongly referenced ingress annotations (#19715)

* Fix wrongly referenced ingress annotations

Signed-off-by: Brendan Keessen <github@w00f.nl>
Signed-off-by: Brendan Keessen <brendan.keessen@dapas.nl>

* Bump version

Signed-off-by: Brendan Keessen <github@w00f.nl>
Signed-off-by: Brendan Keessen <brendan.keessen@dapas.nl>

* Bump version

Signed-off-by: Brendan Keessen <brendan.keessen@dapas.nl>

* [stable/verdaccio] Fix deployment (#18329)

* [stable/verdaccio] Fixed deployment apiVersion

Signed-off-by: Luong Bui <manh.luong@gmail.com>

* [stable/verdaccio] Fixed deployment spec.selector

Signed-off-by: Luong Bui <manh.luong@gmail.com>

* [stable/verdaccio] Bumped chart version

Signed-off-by: Luong Bui <manh.luong@gmail.com>

* bump version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* [incubator/aws-alb-ingress-controller] bump image version 1.1.3 -> 1.1.4 (#19721)

* [incubator/aws-alb-ingress-controller] bump the image version to v1.1.4

Signed-off-by: Sergei Gavrilov <sergei@gavrilov.work>

* fix readme

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/metabase] Bump version metabase to v0.34.0 (#19641)

* Bump version metabase to v0.33.7.3

Signed-off-by: Fabian Becker <halfdan@xnorfz.de>

* Bump version metabase to v0.34.0

Signed-off-by: Fabian Becker <halfdan@xnorfz.de>

* [stable/prometheus-pushgateway] Upgrade push-gateway (#19732)

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/jasperreports] Release 7.0.2 updating components versions (#19735)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/fluent-bit]: upgrade to Fluent Bit v1.3.5 (#19736)

* [stable/fluent-bit]: upgrade to Fluent Bit v1.3.5

release notes:

https://fluentbit.io/announcements/v1.3.5/

Signed-off-by: Eduardo Silva <eduardo@treasure-data.com>

* update readme

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/prometheus] Adding Vertical Pod Autoscaler support (#17742)

* Adding vertical Pod Autoscaler support to the chart

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* EOF fixed in new file

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* bumping the right version field!

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* fixing a mistake in version bumping

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* fixing wrong version bump

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* Fixes loop issue

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* Bumped chart version, synced app version with master.

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* Bumping chart version

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* Merge conflict cleanup

Signed-off-by: Ali Sattari <ali.sattari@gmail.com>

* [stable/opa] allow data loading configuration in kube-mgmt. (#19564)

* [stable/opa] allow data loading configuration in kube-mgmt.

Signed-off-by: Ivo Verberk <iverberk@xebia.com>

* [stable/opa] bump chart version to 1.13.2

Signed-off-by: Ivo Verberk <iverberk@xebia.com>

* [stable/opa] update README to describe kube-mgmt config.

Signed-off-by: Ivo Verberk <iverberk@xebia.com>

* [stable/opa] bump chart version.

Signed-off-by: Ivo Verberk <iverberk@xebia.com>

* [stable/home-assistant] - probes reconfiguing and bump image version (#19741)

* probes reconfiguing and bump image version

* make all probes optional
* introduce (optional)
[startupProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes) (intoroduced in kubernetes 1.16) which is disabled by default
* bump the home-assistant version to 103.3

Signed-off-by: Jeff Billimek <jeff@billimek.com>

* add missing probes stanza

Signed-off-by: Jeff Billimek <jeff@billimek.com>

* [stable/hackmd] Fix API path of Ingress (#19592)

* [stable/hackmd] Fix API path of Ingress

There is no Ingress in apps/v1.

* 1.14 added support for Ingress in networking.k8s.io/v1beta1
* 1.20 will drop support for Ingress in extensions/v1beta1

So this chart will only work with Kubernetes 1.14+.
If this is not acceptable we need to go back extensions/v1beta1 for now.

Signed-off-by: Max Rosin <git@hackrid.de>

* [stable/hackmd] Make ingress ApiVersion dependent of the Kubernetes version

Signed-off-by: Max Rosin <git@hackrid.de>

* [stable/redis-ha] Add `haproxy.timeout.check` parameter. (#19737)

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>

* [stable/prometheus-operator] Upgrade grafana (#19718)

* [stable/prometheus-operator] Upgrading grafana

Signed-off-by: Mohsen <mohsen0@users.noreply.github.com>

* [stable/prometheus-operator] bump the version chart

Signed-off-by: Mohsen <mohsen0@users.noreply.github.com>

* fix lockfile

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/spark] Fixes compatibility with 1.16 (#17523)

* Fixes compatibility with 1.16

Signed-off-by: Xiang Dai <764524258@qq.com>

* bump up version

Signed-off-by: Xiang Dai <764524258@qq.com>

* fix a typo

Signed-off-by: Xiang Dai <764524258@qq.com>

* fix a typo

Signed-off-by: Xiang Dai <764524258@qq.com>

* [stable/rabbitmq-ha] add lifecycle for rabbitmq statefulset (#19748)

Signed-off-by: LittleWhiteYA <f46284628@gmail.com>

* [prometheus-postgres-exporter] update app to v0.8.0 (#19749)

Signed-off-by: Denis Baryshev <dennybaa@gmail.com>

* [stable/docker-registry] Allow extra volume mounts in registry container (#17858)

Signed-off-by: Basilio Vera <basilio.vera@softonic.com>

* [stable/gocd] Bump up GoCD Version to 19.12.0 (#19750)

* Bump up GoCD Version to 19.12.0

Signed-off-by: GoCD Build User <go-cd@googlegroups.com>

* Updated Changelog.

Signed-off-by: GoCD Build User <go-cd@googlegroups.com>

* [stable/prometheus-redis-exporter]Add redis authoration configuration in chart (#19447)

* Add redis authoration configuration in prometheus-redis-exporter chart

Signed-off-by: aixeshunter <aixeshunter@gmail.com>

* document all new values in the readme

Signed-off-by: aixeshunter <aixeshunter@gmail.com>

* Fix READ.md some bugs

Signed-off-by: aixeshunter <aixeshunter@gmail.com>

* [stable/postgres] Generate password when postgresqlUsername is not postgres and postgresqlPostgresPassword is empty (#19742)

Signed-off-by: Faik Uygur <faik@mosteknoloji.com>

* Fixed imagePullSecrets (#19705)

Signed-off-by: Shane O'Brien <sobrien@triplelift.com>

* [stable/jenkins] Update jenkins README.MD with right default values (#19698)

* Update READ.ME

Changing the default value for master.enableXmlConfig on READ.ME acording to values.yaml

Signed-off-by: Mateus Miranda <mateusmiranda@gmail.com>

* Bumping jenkins chart version

Signed-off-by: Mateus Miranda <mateus.miranda@sumup.com>

* Allow adding serviceaccount annotations (#19724)

Signed-off-by: Gerard Godone-Maresca <ggodonemaresca+github@gmail.com>

* [stable/sysdig] Upgrade to latest sysdig agent version (0.94.0) (#19753)

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* [stable/instana-agent] Chart version 1.0.20 (#19754)

Signed-off-by: Instana CD <instanacd@instana.com>

* Fix single disk distributed deployment (#19758)

Signed-off-by: Harshavardhana <harsha@minio.io>

* [stable/odoo] Release 12.0.5 updating components versions (#19760)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/kong] optiont to disable admin service (#19757)

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* Update default values to latest released version (#19768)

Signed-off-by: Harshavardhana <harsha@minio.io>

* [stable/redis] networkPolicy for clients from other namespaces (#19771)

* NetworkPolicy values for other namespaces

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update values.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update values-production.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update Chart.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update README.md

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update README.md

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update values.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update values-production.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update networkpolicy.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update networkpolicy.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update networkpolicy.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* spaces

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update stable/redis/values-production.yaml

Co-Authored-By: Carlos Rodríguez Hernández <carrodher1179@gmail.com>
Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

* Update stable/redis/values.yaml

Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

Co-Authored-By: Carlos Rodríguez Hernández <carrodher1179@gmail.com>
Signed-off-by: Anton Fayzrahmanov <f84anton@gmail.com>

Co-authored-by: Carlos Rodríguez Hernández <carrodher1179@gmail.com>

* [stable/postgresql] Fix readiness probe (#19774)

Signed-off-by: Carlos Rodriguez Hernandez <crhernandez@bitnami.com>

* Redeploy pods when changing the secret (#19775)

Signed-off-by: Alejandro Moreno <amoreno@bitnami.com>

* [stable/rabbitmq-ha] fix lifecycle yaml parse error (#19773)

Signed-off-by: LittleWhiteYA <f46284628@gmail.com>

* [stable/telegraf] Configurable service account (#19456)

* [stable/telegraf] Configurable service account

By default the telegraf service runs with the default RBAC permissions
this PR adds the option to create a service account with configurable
rules.

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Move RBAD flag one level up

Co-Authored-By: Naseem <naseemkullah@gmail.com>
Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Align templates with charts

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Update RBAC deployment conditional

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Make role and binding kind configurable

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Move comments about values

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Simplify (cluster)role values

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] prometheus input rules example

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Applied @naseemkullah suggestions

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

* [stable/telegraf] Corrected bad copy pasta

Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>

Co-authored-by: Naseem <naseemkullah@gmail.com>

* [stable/sysdig] Add slim support for Sysdig Agent (#19778)

* Drop permissions to read configmaps and secrets

Sysdig is no longer planning to add support for configmaps and secrets
in cointerface

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* Mount /etc/modprobe.d from host

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* Add support for slim image for Agent

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* Document new values for slim

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* Add a new major release with slim support

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* Document the /etc/modprobe.d support on CHANGELOG

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* [stable/phpmyadmin] Release 4.2.5 updating components versions (#19779)

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [stable/node-problem-detector] Template apiVersion for podSecurityPolicy (#19769)

* Template apiVersion for podSecurityPolicy for k8s version v1.16.3 or newer

Signed-off-by: Nikita Gorlov <nv30over@gmail.com>

* Updated chart version

Signed-off-by: Nikita Gorlov <nv30over@gmail.com>

* [stable/docker-registry] Fix incorrect default annotations type (#19739) (#19780)

* [docker-registry] Fix incorrect annotations type (#19739)

Signed-off-by: Rushy Panchal <panchal.rushy@gmail.com>

* [docker-registry] Bump to version 1.9.1

Signed-off-by: Rushy Panchal <panchal.rushy@gmail.com>

* [stable/magic-namespace]: deprecate chart (#19643)

Signed-off-by: Kent Rancourt <kent.rancourt@microsoft.com>

* [stable/efs-provisioner] Default storage class to aws-efs (#19782)

* [stable/efs-provisioner] Default storage class to aws-efs

The current value for the efs-provisioner storage class is efs, which
differs from the default value in
https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs
and also in the AWS example page at
https://aws.amazon.com/premiumsupport/knowledge-center/eks-pods-efs/
This can be confusing when running examples and (automated) tests, so
I'm changing the value to "aws-efs" in the chart to be consistent with the references
in the storage provide and on the AWS example page.

Signed-off-by: Mariyan Dimitrov <mariyan.dimitrov@gmail.com>

* [stable/efs-provisioner] Bump chart version to 0.9.0

This version bump is related to the change in the default value of the
storage class that is created: from efs to aws-efs, so that it is
consistent with the reference in the storage provider and in the AWS
examples.

Signed-off-by: Mariyan Dimitrov <mariyan.dimitrov@gmail.com>

* [stable/dex] fix notes instructions (#19781)

* [stable/dex] Notes should filter pods with the new labels

Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>

* [stable/dex] Minor corrections in README file

Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>

* [stable/dex] Increment chart version

Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>

* typo (#19093)

* typo
bump version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* bump version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* added existing gitconfig secret support (#19167)

Signed-off-by: Jonny Ford <jonnyford1@gmail.com>

Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com>

* Fixing StatefulSet configuration for [stable/hadoop] (#18559)

Signed-off-by: Alex Tawse <atawse@uk.imshealth.com>

* Add additional privileges for patronictl remove. (#19092)

Signed-off-by: Andrey Voronkov <voronkovaa@gmail.com>

* Update README.md (#19763)

bump chart version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* [stable/kong] quote host for proxy ingress (#19785)

To enable specification of wildcard hosts we need to ensure that the
host is quoted, otherwise we need to explicitly quote hosts of the form
`*.somedomain.tld`. Before this change, for something of the form `helm
install stable/kong kong --set-string='*.somedomain.tld'` we would
produce:

```
$ helm template ... --set-string='*.somedomain.tld'
...
    - host: *.somedomain.tld
...
```

which results in something of the form "error converting YAML to JSON:
yaml: line 17: did not find expected alphabetic or numeric character".
With the quoting we end up with:

```
$ helm template ... --set-string='*.somedomain.tld'
...
    - host: '*.somedomain.tld'
...
```

Some resources that I happened upon that provide some prior art and the
above solution:

 1. https://github.com/helm/helm/issues/5080
 2. https://github.com/jupyterhub/zero-to-jupyterhub-k8s/issues/1058

Signed-off-by: Harry Waye <harry@arachnys.com>

* [stable/mongodb] correct repo link of metrics (#19787)

Signed-off-by: Weihang Lo <me@weihanglo.tw>

* [stable/falco] support multiple lines for falco.programOutput.program (#19444)

* [stable/falco] support multiple lines for falco.programOutput.program

Signed-off-by: Naoki Oketani <okepy.naoki@gmail.com>

* Modify CHANGELOG

Signed-off-by: Naoki Oketani <okepy.naoki@gmail.com>

* [stable/kong] Fix: Preserve whitespace when rendering (#19789)

* Preserve whitespace when rendering

Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>

* Bump kong chart version to 0.31.2

Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>

* Add 0.31.2 to changelog

Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>

* [stable/ipfs] Move livenessProbe to container config block (#19790)

* Move livenessProbe to container config block

Signed-off-by: Nate Walck <nate.walck@gmail.com>

* bump stable/ipfs chart version

Signed-off-by: Nate Walck <nate.walck@gmail.com>

* [stable/kube-ops-view] Support kubernetes 1.16 (#19674)

Signed-off-by: conorfennell <fennell.conor@gmail.com>

* Update to work on 1.16 (#19798)

as per https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/

```
DaemonSet, Deployment, StatefulSet, and ReplicaSet (in the extensions/v1beta1 and apps/v1beta2 API groups)
Migrate to use the apps/v1 API, available since v1.9. Existing persisted data can be retrieved/updated via the apps/v1 API.
```

Signed-off-by: Russell Sim <russell.sim@gmail.com>

* [stable/sonatype-nexus] Use official sonatype nexus image. Keep default admin123 password. (#19791)

* Use official sonatype nexus image. Keep default admin123 password.

Signed-off-by: Andrew M. Stoltz <andrew@flowerinsider.com>

* Chart version

Signed-off-by: Andrew M. Stoltz <andrew@flowerinsider.com>

* [stable/stackdriver-exporter] - Add prometheus rule additionalLabels in servicemonitor.yaml  (#19802)

* fix(stable/stackdriver-exporter): add prometheusRule additionalLabels

Signed-off-by: Ricardo Medeiros <ricardo.costa@treasy.com.br>

* chore(stable/stackdriver-exporter): change version from 1.2.1 to 1.2.2

Signed-off-by: Ricardo Medeiros <ricardo.costa@treasy.com.br>

* doc(stable/stackdriver-exporter): add serviceMonitor.additonalLabels in stable/stackdriver-exporter/README.md

Signed-off-by: Ricardo Medeiros <ricardo.costa@treasy.com.br>

* fix(stable/stackdriver-exporter): add additionalLabes in servicemonitor

Signed-off-by: Ricardo Medeiros <ricardo.costa@treasy.com.br>

* fix(stable/stackdriver-export): fix typo at servicemonitor.yaml

Signed-off-by: Ricardo Medeiros <ricardo.costa@treasy.com.br>

* Add securityContext for minio deployments (#19806)

Signed-off-by: Harshavardhana <harsha@minio.io>

* Fix helm lint bug in mongodb-replicaset (#19809)

Signed-off-by: aixeshunter <aixeshunter@gmail.com>

* feat: bump metrics-server to v0.3.6 (#19814)

Signed-off-by: wilmardo <info@wilmardenouden.nl>

* [stable/kong] add security restrictions (#19663)

* [stable/kong] add security restrictions

This commit wraps up several security improvements:

* Create emptyDir volumes and mount them at /tmp and /kong_prefix.
Override the standard prefix setting (/usr/local/kong) to /kong_prefix.
Update the stock PSP to allow emptyDir access.

Kong writes runtime data (rendered configuration templates, temporary
request body files, etc.) to its prefix and also writes some temporary
files to /tmp. These are on the root container filesystem by default,
and are as such incompatible with Kubernetes policies that disallow root
filesystem writes.

It is not possible to mount a new emptyDir at /usr/local/kong, as that
location is also used to store some static files installed by Kong's
package.

* Set mounted plugin volumes to read-only. Previously, a malicious actor
with access to the container filesystem and the ability to send signals
could modify plugin code and have Kong reload it.

* Add injection points for Kong pod securityContexts, and default to
running as UID 1000. Kong should not need to run as root, and has a
dedicated user in stock container images.

* Fix a bug where disabling Vitals from values.yaml had no effect.

Signed-off-by: Travis Raines <traines@konghq.com>

* [stable/kong] fix custom plugin loader in init

Add automatically-generated KONG_PLUGINS to wait-for-db's environment
variables. Move KONG_LUA_PACKAGE_PATH outside the "Postgres enabled"
if-block.

Once a custom plugin has been configured, Kong must find that plugin in
both KONG_PLUGINS and on disk in order to start. Previously, the
wait-for-db initContainer did not populate KONG_PLUGINS using the helper
template added by eb2c69b7577d85cdd6db54734e499d5fa80e5041, preventing
any instance with a custom plugin configuration from starting. It
furthermore only set KONG_LUA_PACKAGE_PATH if the Postgres subchart was
enabled.

Signed-off-by: Travis Raines <traines@konghq.com>

* [incubator/fluentd-cloudwatch] Add configurable volumes and volumeMounts (#18670)

* Update daemonset.yaml file to have configurable volumes and volumeMounts. This allows us to add volumes and volumeMounts. For example, the kubelet writes to journald. We want to add a volume "/run/log/journal" and its volume mount so that fluentd-cloudwatch can send the kubelet log messages to CloudWatch.

Signed-off-by: Aditya Pahuja <aditya.pahuja@digital.cabinet-office.gov.uk>

* Bump fluentd-cloudwatch chart version

Signed-off-by: Aditya Pahuja <aditya.pahuja@digital.cabinet-office.gov.uk>

* [stable/kube-ops-view] Upgrade redis and also enable when testing (#19803)

* Upgrade redis and also enable when testing

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* bump chart-version

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* set redis master port

Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

* Enable Readiness checks for MinIO chart (#19822)

Signed-off-by: Nitish Tiwari <nitish@min.io>

* [stable/spinnaker] #19172 Give extra params to hal deploy apply command (#19205)

* [stable/spinnaker] #19172 Give extra params to hal

Allow users to give additional parameters to
halyard deploy apply command

Signed-off-by: Ryuichi Inagaki <ryuichi.inagaki.24@googlemail.com>

* [#19172] Give additional install parameters as a list

Incorporated the review comment.

Signed-off-by: Ryuichi Inagaki <ryuichi.inagaki.24@googlemail.com>

* [stable/grafana] - Add allowUiUpdates for Grafana 6.5 (#19794)

* Add allowUiUpdates new option in Grafana 6.5

Signed-off-by: Ivan Aracki <aracki.ivan@gmail.com
>
Signed-off-by: Ivan Aracki <aracki.ivan@gmail.com>

* Add allowUiUpdates to README

Signed-off-by: Ivan Aracki <aracki.ivan@gmail.com>

* Bump Chart version

Signed-off-by: Ivan Aracki <aracki.ivan@gmail.com>

* [stable/pomerium] Bump pomerium image to 0.5.2 (#19610)

Signed-off-by: Travis Groth <tgroth@gmail.com>

* [stable/coredns] Update deprecated api version (#19795)

* Update deprecated api version

Signed-off-by: Alex Perez-Pujol <alexperezpujol@disroot.org>

* Use helm capabilities

Signed-off-by: Alex Perez-Pujol <alexperezpujol@disroot.org>

* [stable/redmine] Redmine mail receive (#19449)

* [stable/redmine] adds configurable health checks

Signed-off-by: Dmitrii Ermakov <demonihin@gmail.com>
Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] adds newline to values.yaml

Signed-off-by: Dmitrii Ermakov <demonihin@gmail.com>
Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] sets description to common format

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] documents probes parameters

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] version increase

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Increments version

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Implemented RedmineReceivingEmails

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Increased chart version

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Lint fixed "No new line character"

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Update stable/redmine/templates/secrets.yaml

Co-Authored-By: Sameer Naik <sameer@fuloi.com>

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Fixed wrong ordered list syntax

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Removed extra newline

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Removed extra newlines

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Use bitnami/redmine image for receveiving

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Increased version number

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Increased version number

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] Fixed image name, tag

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] label changes on v14.0.0

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] version increment

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] fixed "no newline at the end of file"

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] mailReceiver labels fix  app.kubernetes.io/name: fullname => name

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/redmine] set arrays 2-space indent

Signed-off-by: Dmitriy Ermakov <demonihin@gmail.com>

* [stable/prometheus-operator] Fix wrong CRD links (#19828)

* Fix wrong CRD links

Signed-off-by: Mikhail Naletov <okgolove@markeloff.net>

* Fix: wrong chart's version

Signed-off-by: Mikhail Naletov <okgolove@markeloff.net>

* [stable/nginx-ingress] Update to stable "rbac.authorization.k8s.io/v1" (#19816)

Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

* [stable/spring-cloud-data-flow] Add support for restricting load bala… (#19727)

* [stable/spring-cloud-data-flow] Add support for restricting load balancer by IP ranges

Signed-off-by: Viktor Radnai <viktor.radnai@gmail.com>

* Fix linting error

Signed-off-by: Viktor Radnai <viktor.radnai@gmail.com>

* [stable/grafana] Namespace override (#18986)

* [stable/grafana] Namespace override

Signed-off-by: Alexander Katsyuba <arruzk@gmail.com>

* [stable/grafana] Bump chart version

Signed-off-by: Alexander Katsyuba <arruzk@gmail.com>

* [stable/grafana] Fix nil pointer exception

Signed-off-by: Alexander Katsyuba <arruzk@gmail.com>

* [stable/kube-state-metrics] Namespace override (#18990)

Signed-off-by: Alexander Katsyuba <arruzk@gmail.com>

* [stable/efs-provisioner] Upgrade EFS provisioner (#19829)

Signed-off-by: Alex Snast <alexsn@fb.com>

* [stable/atlantis] Add service account annotations (#19818)

* Add service account annotations

This allows you to pass annotations to the service account.

Signed-off-by: Ashley Penney <apenney@simondata.com>

* Rename key as it's under serviceaccount already

Signed-off-by: Ashley Penney <apenney@simondata.com>

* Fix incorrect rendering (#19838)

Signed-off-by: Alex Perez-Pujol <alexperezpujol@disroot.org>

* copy scriptapprovals when overwriteConfig enabled (#19734)

Signed-off-by: Jan Heylen <jan.heylen@nokia.com>

* [stable/instana-agent] Chart version 1.0.21 (#19841)

Signed-off-by: Instana CD <instanacd@instana.com>

* fixes kubernetes-sig/external-dns#1262 (#19839)

unnecessary source_profile

breaks config

in new aws sdk

Signed-off-by: Fulton Byrne <fulton.byrne@commercetools.de>

* [stable/influxdb] Set the default user from an existing secret (#19601)

* Set the default user from an existing secret

Signed-off-by: Angelo Fausti <afausti@lsst.org>

* Address reviewer comments

Signed-off-by: Angelo Fausti <afausti@lsst.org>

* fix runAsUser invalid comparison (#19832)

Signed-off-by: Peter Evers <pevers90@gmail.com>

* [stable/prometheus-operator] remove namespace from global resources (#19835)

The webhook configurations are cluster global objects and do not need
namespace metadata.
Remove the field to simplify the chart.

Signed-off-by: Julian Taylor <juliantaylor108@gmail.com>

* Add exception for maxclients option in sentinel config (#19588)

Signed-off-by: Léopold Jacquot <leopold.jacquot@infomaniak.com>

* [stable/kong] revamp and simplify readme (#19821)

* [stable/kong] revamp and simplify readme

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] remove duplicate image.repository

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] 0.33: misc updates (#19840)

* [stable/kong] consolidate all rbac resources into a single file

- Simplify and reduce number of ifs in our helm chart to reduce
maintainence burden

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] move all custom resources into a single file

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] remove podDistruption budget for ingressController

Ingress Controller has been consolidated into the Kong pod itself now
so this policy is not needed anymore.

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] refactor wait-for-postgres container into helpers for de-duplication

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] refactor env section of the deployment into a helper

In the next commit, we will use this same env section for the migration
containers as well to ensure consistency in Kong's configuration across
different pods.

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] use kong.final_env for migration containers

This ensures that the exact same configuration for kong is used across
containers of all types.

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] wait-for-postgres to be available

Previously, if the Postgres instance was managed externally, eg, like an
RDS instance, then the chart would fail to wait for it. The migrations
eventually succeeded but if the pod fails while connecting to Postgres,
it is more helpful as it highlights an issue with network itself.

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] use a hard-coded name for the container name

This allows us to have determisintic container names and makes writing
scripts easier. The name of the pod and deployment are still generated
by Helm.

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] bump up Postgresql sub-chart to 8.1.2

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] write changelog and bump chart for 0.33

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* fix: remove installCRDs since it is present twice

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] add content of FAQ doc

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] re-orgnize values.yaml

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] fix language in the FAQ

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] fix whitespace handling for license (#19852)

Do not chomp leading whitespace prior to including kong.license within
the final_env helper. Doing so appends the license block immediately
after the preceding value, generating invalid YAML.

Prior to the creation of final_env, kong.license was injected directly
into Deployment and Job templates, using the nindent function to apply
indentation and add a newline. final_env instead places kong.license at
the correct indentation within the templated block, and does not use
nindent. As such, the include should not chomp leading whitespace before
it.

Signed-off-by: Travis Raines <traines@konghq.com>

* [stable/spark-history-server] Remove duplicate configmap keys (#19851)

The output of the templated chart breaks other templating tools it
may be used in (like YTT). Removing the duplicate configmap keys cleans
up the output, and makes it easier to use elsewhere.

Signed-off-by: Ben <ben@ros.io>

* Merge branch 'master' of https://github.com/helm/charts (#17071)

Signed-off-by: eMCeee89 <marek.cvoren@gmail.com>

* 1. Add release label into chart. (#19846)

Signed-off-by: youngman <shengquan.bu@iquantex.com>

* [stable/openebs] Add PodSecurityPolicy (PSP) (#19837)

In order to run in namespace other than kube-system on cluster with
PSP enabled, we need to allow openebs serviceaccount to launch
privileged containers.

The PSP is taken from [0].

[0] https://docs.openebs.io/v081/docs/next/faq.html#how-to-setup-default-podsecuritypolicy-to-allow-the-openebs-pods-to-work-with-all-permissions

Signed-off-by: Martin Polednik <m.polednik@gmail.com>

* [stable/prometheus] server.env default value should be an array (#19141)

Signed-off-by: Ivan Kurnosov <zerkms@zerkms.com>

* Only inject DO_TOKEN when actually provided (#19866)

Signed-off-by: Martin Hanzík <martin@hanzik.com>

* [stable/sysdig] Enable K8s audit log feature for Sysdig Agent (#19815)

* Add auditlog support Sysdig Agent

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* Add documentation for the K8s audit log feature

Signed-off-by: Néstor Salceda <nestor.salceda@sysdig.com>

* [stable/minio]: Update to latest release (#19882)

Signed-off-by: Harshavardhana <harsha@minio.io>

* [stable/kong] bump up ingress controller to 0.7 (#19885)

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/prometheus-operator] Add namespace to all PrometheusRule objects (#19704)

* [stable/prometheus-operator] Add namespace to all PrometheusRule objects

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* prometheus-operator - modify sync_prometheus_rules.py for ns

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* Bump chart again to keep it +1 patch version

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* Revert changes to prometheus rule

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* set chart version to 8.5.3

Signed-off-by: Alex Williams <alex.williams@skyscanner.net>

* [stable/kong] fix Job securityContext indentation (#19887)

Add an additional level of indentation to Job securityContexts.
Previously, the context would render incorrectly, e.g.

securityContext:
runAsUser: 1000

It should now render as:

securityContext:
  runAsUser: 1000

Signed-off-by: Travis Raines <traines@konghq.com>

* [stable/kong] 0.34.2 ci consolidation and readme fixes (#19854)

* [stable/kong] typos in readme and change Kong Enterprise section

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* remove ci test, it is a duplicate of defautl-values.yaml

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* remove ci test, it is another duplicate of defautl-values.yaml

Signed-off-by: Harry Bagdi <harrybagdi@gmail.com>

* [stable/kong] consolidate various CI tests

We get a lot of flaky tests. Some of those are likely cause by the CI
process itself but re…

.circleci/config.yml

@@ -14,7 +14,7 @@ jobs:
             shellcheck -x test/repo-sync.sh
   lint-charts:
     docker:
-      - image: gcr.io/kubernetes-charts-ci/test-image:v3.3.2
+      - image: gcr.io/kubernetes-charts-ci/test-image:v3.4.0
     steps:
       - checkout
       - run:

.gitattributes

@@ -0,0 +1 @@
+*.tpl linguist-language=Go

.github/PULL_REQUEST_TEMPLATE.md

@@ -24,6 +24,8 @@ will run across your changes and do some initial checks and linting. These check
 very quickly. Please check the results. We would like these checks to pass before we
 even continue reviewing your changes.
 -->
+#### Is this a new chart
+> NOTE: We're experiencing a high volume of PRs to this repo and reviews will be delayed. Please host your own chart repository and submit your repository to the Helm Hub instead of this repo to make them discoverable to the community. [Here](https://github.com/helm/hub/blob/master/Repositories.md) is how to submit new chart repositories to the Helm Hub.
 
 #### What this PR does / why we need it:
 
@@ -38,4 +40,4 @@ even continue reviewing your changes.
 - [ ] [DCO](https://github.com/helm/charts/blob/master/CONTRIBUTING.md#sign-your-work) signed
 - [ ] Chart Version bumped
 - [ ] Variables are documented in the README.md
-- [ ] Title of the PR starts with chart name (e.g. `[stable/chart]`)
+- [ ] Title of the PR starts with chart name (e.g. `[stable/mychartname]`)

CONTRIBUTING.md

@@ -76,16 +76,15 @@ your PR will be rejected by the automated DCO check.
 
 This repository is used by Chart developers for maintaining the official charts for Kubernetes Helm. If your issue is in the Helm tool itself, please use the issue tracker in the [helm/helm](https://github.com/helm/helm) repository.
 
-## How to Contribute a Chart
+## How to Contribute to an Existing Chart
 
-1. Fork this repository, develop and test your Chart. Remember to sign off your commits as described in the "Sign Your Work" chapter.
-1. Choose the correct folder for your chart based on the information in the [Repository Structure](README.md#repository-structure) section
-1. Ensure your Chart follows the [technical](#technical-requirements) and [documentation](#documentation-requirements) guidelines, described below.
+1. Fork this repository, develop and test your Chart changes. Remember to sign off your commits as described in the "Sign Your Work" chapter.
+1. Ensure your Chart changes follow the [technical](#technical-requirements) and [documentation](#documentation-requirements) guidelines, described below.
 1. Submit a pull request.
 
 ***NOTE***: In order to make testing and merging of PRs easier, please submit changes to multiple charts in separate PRs.
 
-### Technical requirements
+### Technical Requirements
 
 * All Chart dependencies should also be submitted independently
 * Must pass the linter (`helm lint`)
@@ -109,7 +108,7 @@ This repository is used by Chart developers for maintaining the official charts
   (especially for [labels](https://github.com/helm/helm/blob/master/docs/chart_best_practices/labels.md)
   and [values](https://github.com/helm/helm/blob/master/docs/chart_best_practices/values.md))
 
-### Documentation requirements
+### Documentation Requirements
 
 * Must include an in-depth `README.md`, including:
     * Short description of the Chart
@@ -119,9 +118,9 @@ This repository is used by Chart developers for maintaining the official charts
     * Any relevant post-installation information for the Chart
     * Instructions on how to access the application or service provided by the Chart
 
-### Merge approval and release process
+### Merge Approval and Release Process
 
-A Kubernetes Charts maintainer will review the Chart submission, and start a validation job in the CI to verify the technical requirements of the Chart. A maintainer may add "LGTM" (Looks Good To Me) or an equivalent comment to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one maintainer signs off with an LGTM.
+A Kubernetes Charts maintainer will review the Chart change submission, and start a validation job in the CI to verify the technical requirements of the Chart. A maintainer may add "LGTM" (Looks Good To Me) or an equivalent comment to indicate that a PR is acceptable. Any change requires at least one LGTM. No pull requests can be merged until at least one maintainer signs off with an LGTM.
 
 Once the Chart has been merged, the release job will automatically run in the CI to package and release the Chart in the [`gs://kubernetes-charts` Google Storage bucket](https://console.cloud.google.com/storage/browser/kubernetes-charts/).
 
@@ -130,6 +129,7 @@ Once the Chart has been merged, the release job will automatically run in the CI
 Whether you are a user or contributor, official support channels include:
 
 - GitHub issues: https://github.com/helm/charts/issues
+- Slack: Charts - #Charts room in the [Kubernetes Slack](http://slack.kubernetes.io/)
 - Slack: Helm Users - #Helm-users room in the [Kubernetes Slack](http://slack.kubernetes.io/)
 - Slack: Helm Developers - #Helm-dev room in the [Kubernetes Slack](http://slack.kubernetes.io/)
 

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright The Helm Authors.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,21 +1,41 @@
 # Helm Charts
 
-Use this repository to submit official Charts for Helm. Charts are curated application definitions for Helm. For more information about installing and using Helm, see its
-[README.md](https://github.com/helm/helm/tree/master/README.md). To get a quick introduction to Charts see this [chart document](https://github.com/helm/helm/blob/master/docs/charts.md).
+The canonical source for Helm charts is the [Helm Hub](https://hub.helm.sh/), an aggregator for distributed chart repos.
 
-## Where to find us
+This GitHub project is the source for Helm `stable` and `incubator` [Helm chart repositories](https://v3.helm.sh/docs/topics/chart_repository/), currently listed on the Hub.
 
-For general Helm Chart discussions join the Helm Charts (#charts) room in the [Kubernetes](http://slack.kubernetes.io/).
+For more information about installing and using Helm, see the
+[Helm Docs](https://helm.sh/docs/). For a quick introduction to Charts, see the [Chart Guide](https://helm.sh/docs/topics/charts/).
+
+## Status of the Project
+
+Similar to the [Helm 2 Support Plan](https://helm.sh/blog/2019-10-22-helm-2150-released/#helm-2-support-plan), this GitHub project has begun transition to a 1 year "maintenance mode" (see [Deprecation Timeline](#deprecation-timeline) below). Given the deprecation plan, this project is intended for [apiVersion: v1](https://helm.sh/docs/topics/charts/#the-apiversion-field) Charts (installable by both Helm 2 and 3), and not for `apiVersion: v2` charts (installable by Helm 3 only).
+
+### Deprecation Timeline
+
+| | |
+| - | - |
+| **Nov 13, 2019** | At [Helm 3's public release](https://helm.sh/blog/helm-3-released/), new charts are no longer accepted to `stable` or `incubator`. Patches to existing charts may continue to be submitted by the community, and (time permitting) reviewed by chart OWNERS for acceptance |
+| **May 13, 2020** | At 6 months – when helm v2 goes security fix only – the `stable` and `incubator` repos will be de-listed from the Helm Hub. Chart OWNERS are encouraged to accept security fixes only |
+| **Nov 13, 2020** | At 1 year, support for this project will formally end, and this repo will be marked obsolete |
+
+This gives the community (chart OWNERS, organizations, groups or individuals who want to host charts) 6 months to move charts to new Helm repos, and list these new repos on the Helm Hub before `stable` and `incubator` are de-listed.
+
+Note that this project has been under active development for some time, so you might run into [issues](https://github.com/helm/charts/issues). If you do, please don't be shy about letting us know, or better yet, contribute a fix or feature (within the deprecation timeline of course). Also be aware the repo and chart OWNERS are volunteers so reviews are as time allows, and acceptance is up to the chart OWNERS - you may [reach out](#where-to-find-us) but please be patient and courteous.
+
+## Where to Find Us
+
+For general Helm Chart discussions join the Helm Charts (#charts) room in the [Kubernetes Slack instance](http://slack.kubernetes.io/).
 
 For issues and support for Helm and Charts see [Support Channels](CONTRIBUTING.md#support-channels).
 
-## How do I install these charts?
+## How Do I Install These Charts?
 
 Just `helm install stable/<chart>`. This is the default repository for Helm which is located at https://kubernetes-charts.storage.googleapis.com/ and is installed by default.
 
-For more information on using Helm, refer to the [Helm's documentation](https://github.com/kubernetes/helm#docs).
+For more information on using Helm, refer to the [Helm documentation](https://github.com/kubernetes/helm#docs).
 
-## How do I enable the Incubator repository?
+## How Do I Enable the Incubator Repository?
 
 To add the Incubator charts for your local client, run `helm repo add`:
 
@@ -28,7 +48,7 @@ You can then run `helm search incubator` to see the charts.
 
 ## Chart Format
 
-Take a look at the [alpine example chart](https://github.com/helm/helm/tree/master/docs/examples/alpine) and the [nginx example chart](https://github.com/helm/helm/tree/master/docs/examples/nginx) for reference when you're writing your first few charts.
+Take a look at the [alpine example chart](https://github.com/helm/helm/tree/master/cmd/helm/testdata/testcharts/alpine) for reference when you're writing your first few charts.
 
 Before contributing a Chart, become familiar with the format. Note that the project is still under active development and the format may still evolve a bit.
 
@@ -51,9 +71,9 @@ Incubator Charts are those that do not meet these criteria. Having the incubator
 
 In order to get a Chart from incubator to stable, Chart maintainers should open a pull request that moves the chart folder.
 
-## Contributing a Chart
+## Contributing to an Existing Chart
 
-We'd love for you to contribute a Chart that provides a useful application or service for Kubernetes. Please read our [Contribution Guide](CONTRIBUTING.md) for more information on how you can contribute Charts.
+We'd love for you to contribute to an existing Chart that you find provides a useful application or service for Kubernetes. Please read our [Contribution Guide](CONTRIBUTING.md) for more information on how you can contribute Charts.
 
 Note: We use the same [workflow](https://github.com/kubernetes/community/blob/master/contributors/devel/development.md#workflow),
 [License](LICENSE) and [Contributor License Agreement](CONTRIBUTING.md) as the main Kubernetes repository.
@@ -96,6 +116,6 @@ This chart repository supports the latest and previous minor versions of Kuberne
 
 To provide that support the API versions of objects should be those that work for both the latest minor release and the previous one.
 
-## Status of the Project
+## Happy Helming in China
 
-This project is still under active development, so you might run into [issues](https://github.com/helm/charts/issues). If you do, please don't be shy about letting us know, or better yet, contribute a fix or feature.
+If you are in China, there are some problems to use upstream Helm Charts directly (e.g. images hosted on `gcr.io`, `quay.io`, and Charts hosted on `googleapis.com` etc), you can use this mirror repo at https://github.com/cloudnativeapp/charts which automatically sync & replace unavailable image & repo URLs in every Chart.

incubator/aws-alb-ingress-controller/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: aws-alb-ingress-controller
 description: A Helm chart for AWS ALB Ingress Controller
-version: 0.1.10
-appVersion: "v1.1.2"
+version: 0.1.12
+appVersion: "v1.1.4"
 engine: gotpl
 home: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
 sources:

incubator/aws-alb-ingress-controller/README.md

@@ -54,7 +54,7 @@ The following tables lists the configurable parameters of the alb-ingress-contro
 | `awsVpcID`                | AWS VPC ID of k8s cluster, required if ec2metadata is unavailable from controller pod                          | `vpc-xxx`                                                                 |
 | `autoDiscoverAwsVpcID`    | auto discover awsVpcID from ec2metadata, omit awsRegion when this set to true                                  | false                                                                     |
 | `image.repository`        | controller container image repository                                                                          | `894847497797.dkr.ecr.us-west-2.amazonaws.com/aws-alb-ingress-controller` |
-| `image.tag`               | controller container image tag                                                                                 | `v1.0.1`                                                                  |
+| `image.tag`               | controller container image tag                                                                                 | `v1.1.4`                                                                  |
 | `image.pullPolicy`        | controller container image pull policy                                                                         | `IfNotPresent`                                                            |
 | `enableReadinessProbe`    | enable readinessProbe on controller pod                                                                      | `false`                                                                    |
 | `enableLivenessProbe`     | enable livenessProbe on controller pod                                                                         | `false`                                                                   |
@@ -70,6 +70,7 @@ The following tables lists the configurable parameters of the alb-ingress-contro
 | `resources`               | controller pod resource requests & limits                                                                      | `{}`                                                                      |
 | `rbac.create`             | If true, create & use RBAC resources                                                                           | `true`                                                                    |
 | `rbac.serviceAccountName` | ServiceAccount ALB ingress controller will use (ignored if rbac.create=true)                                   | `default`                                                                 |
+| `rbac.serviceAccountAnnotations` | Service Account annotations                                                                             | `{}`                                                           |
 | `scope.ingressClass`      | If provided, the ALB ingress controller will only act on Ingress resources annotated with this class           | `alb`                                                                     |
 | `scope.singleNamespace`   | If true, the ALB ingress controller will only act on Ingress resources in a single namespace                   | `false` (watch all namespaces)                                            |
 | `scope.watchNamespace`    | If scope.singleNamespace=true, the ALB ingress controller will only act on Ingress resources in this namespace | `""` (namespace of the ALB ingress controller)                            |

incubator/aws-alb-ingress-controller/templates/serviceaccount.yaml

@@ -8,4 +8,7 @@ metadata:
     helm.sh/chart: {{ include "aws-alb-ingress-controller.chart" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.rbac.serviceAccountAnnotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+{{- end }}
 {{- end }}

incubator/aws-alb-ingress-controller/values.yaml

@@ -71,10 +71,12 @@ rbac:
   ##
   create: true
   serviceAccountName: default
+  ## Annotations for the Service Account
+  serviceAccountAnnotations: {}
 
 image:
   repository: docker.io/amazon/aws-alb-ingress-controller
-  tag: "v1.1.2"
+  tag: "v1.1.4"
   pullPolicy: IfNotPresent
 
 replicaCount: 1

incubator/azuremonitor-containers/Chart.yaml

@@ -1,8 +1,9 @@
 apiVersion: v1
-appVersion: 4.0.0-0
+appVersion: 7.0.0-1
 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes
 name: azuremonitor-containers
-version: 0.6.0
+version: 2.5.0
+kubeVersion: "^1.10.0-0"
 keywords:
   - monitoring
   - azuremonitor
@@ -16,6 +17,14 @@ keywords:
   - kubernetesmonitoring
   - acs-engine
   - aks-engine
+  - azurestack
+  - on-prem kubernetes monitoring
+  - containerlogs
+  - containerhealth
+  - containermonitoring
+  - hybrid kubernetes monitoring
+  - kubernetes
+  - kuberneteshealth
 home: https://docs.microsoft.com/en-us/azure/monitoring/monitoring-container-health
 icon: https://raw.githubusercontent.com/Microsoft/OMS-docker/ci_feature/img/azuremonitor-containers.svg
 sources:

incubator/azuremonitor-containers/OWNERS

@@ -1,5 +1,4 @@
 approvers:
 - lachie83
 reviewers:
-- lachie83
-- vishiy
+- lachie83