From 3ef3bcd06da83e860a661314db0e405f4b410e63 Mon Sep 17 00:00:00 2001 From: Kash Law Date: Sat, 1 Feb 2020 00:37:19 -0500 Subject: [PATCH 001/304] [stable/metabase] allow setting jetty options (#20456) Signed-off-by: Kash Law --- stable/metabase/Chart.yaml | 2 +- stable/metabase/README.md | 4 ++++ stable/metabase/templates/deployment.yaml | 6 ++++++ stable/metabase/values.yaml | 5 +++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 519a8e42af6c..5aa0e0562035 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.10.0 +version: 0.10.1 appVersion: v0.34.0 maintainers: - name: pmint93 diff --git a/stable/metabase/README.md b/stable/metabase/README.md index 84b60756dabe..777234b0eb8f 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -90,6 +90,10 @@ The following table lists the configurable parameters of the Metabase chart and | nodeSelector | Node labels for pod assignment | {} | | tolerations | Toleration labels for pod assignment | [] | | affinity | Affinity settings for pod assignment | {} | +| jetty.maxThreads | Jetty max number of threads | null | +| jetty.minThreads | Jetty min number of threads | null | +| jetty.maxQueued | Jetty max queue size | null | +| jetty.maxIdleTime | Jetty max idle time | null | The above parameters map to the env variables defined in [metabase](http://github.com/metabase/metabase). For more information please refer to the [metabase documentations](http://www.metabase.com/docs/v0.34.0/). diff --git a/stable/metabase/templates/deployment.yaml b/stable/metabase/templates/deployment.yaml index c68be150166f..2b4064ab7055 100644 --- a/stable/metabase/templates/deployment.yaml +++ b/stable/metabase/templates/deployment.yaml @@ -52,6 +52,12 @@ spec: name: {{ template "metabase.fullname" . }}-ssl key: password {{- end }} + {{- if .Values.jetty }} + {{- range $key, $value := .Values.jetty }} + - name: MB_JETTY_{{ $key | upper }} + value: {{ $value | quote }} + {{- end }} + {{- end }} - name: MB_DB_TYPE value: {{ .Values.database.type | lower }} {{- if .Values.database.encryptionKey }} diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index fdc81badcea1..a024d9846be4 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -21,6 +21,11 @@ ssl: # keyStore: |- # << JKS KEY STORE >> # keyStorePassword: storepass +jetty: +# maxThreads: 254 +# minThreads: 8 +# maxQueued: -1 +# maxIdleTime: 60000 # Backend database database: From f026a7785fc4c2c1644fa930bb3870d3a538ffde Mon Sep 17 00:00:00 2001 From: Austin Orth Date: Sat, 1 Feb 2020 03:51:20 -0500 Subject: [PATCH 002/304] [stable/gocd] Quote ingress host (#20477) * [stable/gocd] Quote ingress host When using a wildcard DNS name for host, such as *.example.com, Helm fails with a yaml parsing error. Added quote function to allow use of wildcard. Signed-off-by: Austin Orth * [stable/gocd] Bump Chart version Signed-off-by: Austin Orth * [stable/gocd] Ingress api version change Changed version of api for ingress to networking.k8s.io/v1beta1. Signed-off-by: Austin Orth * [stable/gocd] Updated changelog Updated the changelog with relevant commits for this patch version. Signed-off-by: Austin Orth --- stable/gocd/CHANGELOG.md | 4 ++++ stable/gocd/Chart.yaml | 2 +- stable/gocd/templates/ingress.yaml | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stable/gocd/CHANGELOG.md b/stable/gocd/CHANGELOG.md index 7c040037c37e..d788f29263d0 100644 --- a/stable/gocd/CHANGELOG.md +++ b/stable/gocd/CHANGELOG.md @@ -1,3 +1,7 @@ +### 1.22.1 +* [b856007](https://github.com/kubernetes/charts/commit/b856007): Ingress version api change +* [e2f27a9](https://github.com/kubernetes/charts/commit/e2f27a9): Quote ingress host + ### 1.22.0 * [bcd9825](https://github.com/kubernetes/charts/commit/bcd9825): Bump up GoCD Version to 20.1.0 ### 1.21.0 diff --git a/stable/gocd/Chart.yaml b/stable/gocd/Chart.yaml index 11bc592491fd..aca5175641c5 100644 --- a/stable/gocd/Chart.yaml +++ b/stable/gocd/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: gocd home: https://www.gocd.org/ -version: 1.22.0 +version: 1.22.1 appVersion: 20.1.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png diff --git a/stable/gocd/templates/ingress.yaml b/stable/gocd/templates/ingress.yaml index aef48da5dab1..7a7cef3b53ff 100644 --- a/stable/gocd/templates/ingress.yaml +++ b/stable/gocd/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.server.enabled }} {{- if .Values.server.ingress.enabled -}} -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ template "gocd.fullname" . }}-server @@ -19,7 +19,7 @@ spec: {{ $dot := .}} rules: {{- range $host := .Values.server.ingress.hosts }} - - host: {{ $host }} + - host: {{ $host | quote }} http: paths: - backend: From 624a6a29440d17246935282a217059a3290beb2e Mon Sep 17 00:00:00 2001 From: Ed Medvedev Date: Mon, 3 Feb 2020 03:25:20 +0300 Subject: [PATCH 003/304] [stable/grafana] Fix a typo in the Grafana chart notes (#20490) * Fix a typo in the Grafana chart notes Signed-off-by: Edward Medvedev * [stable/grafana] Bump the chart version Signed-off-by: Edward Medvedev --- stable/grafana/Chart.yaml | 2 +- stable/grafana/templates/NOTES.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 865a02517ab3..f30bfa543934 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 4.5.0 +version: 4.5.1 appVersion: 6.6.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/templates/NOTES.txt b/stable/grafana/templates/NOTES.txt index 9eafbab2f811..6e1436e90273 100644 --- a/stable/grafana/templates/NOTES.txt +++ b/stable/grafana/templates/NOTES.txt @@ -20,7 +20,7 @@ - "/run.sh" ``` Details refer to https://grafana.com/docs/installation/configuration/#http-port. - Or grafanfa would always crash. + Or grafana would always crash. From outside the cluster, the server URL(s) are: {{- range .Values.ingress.hosts }} From 7566d6dbe49ab6d3077971dac0ecd20cbc564ef5 Mon Sep 17 00:00:00 2001 From: Kash Law Date: Mon, 3 Feb 2020 00:07:20 -0500 Subject: [PATCH 004/304] [stable/metabase] interpolate liveness and readiness probes (#20475) Signed-off-by: Kash Law --- stable/metabase/Chart.yaml | 2 +- stable/metabase/README.md | 6 ++++++ stable/metabase/templates/deployment.yaml | 12 ++++++------ stable/metabase/values.yaml | 10 ++++++++++ 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 5aa0e0562035..289f3aa83873 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.10.1 +version: 0.10.2 appVersion: v0.34.0 maintainers: - name: pmint93 diff --git a/stable/metabase/README.md b/stable/metabase/README.md index 777234b0eb8f..6375c56535eb 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -74,6 +74,12 @@ The following table lists the configurable parameters of the Metabase chart and | emojiLogging | Get a funny emoji in service log | true | | javaOpts | JVM options | null | | pluginsDirectory | A directory with Metabase plugins | null | +| livenessProbe.initialDelaySeconds | Delay before liveness probe is initiated | 120 | +| livenessProbe.timeoutSeconds | When the probe times out | 30 | +| livenessProbe.failureThreshold | Minimum consecutive failures for the probe | 6 | +| readinessProbe.initialDelaySeconds | Delay before readiness probe is initiated | 30 | +| readinessProbe.timeoutSeconds | When the probe times out | 3 | +| readinessProbe.periodSeconds | How often to perform the probe | 5 | | service.type | ClusterIP, NodePort, or LoadBalancer | ClusterIP | | service.loadBalancerSourceRanges | Array of Source Ranges | null | | service.externalPort | Service external port | 80 | diff --git a/stable/metabase/templates/deployment.yaml b/stable/metabase/templates/deployment.yaml index 2b4064ab7055..1a0a6507db52 100644 --- a/stable/metabase/templates/deployment.yaml +++ b/stable/metabase/templates/deployment.yaml @@ -120,16 +120,16 @@ spec: httpGet: path: / port: {{ .Values.service.internalPort }} - initialDelaySeconds: 120 - timeoutSeconds: 30 - failureThreshold: 6 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} readinessProbe: httpGet: path: / port: {{ .Values.service.internalPort }} - initialDelaySeconds: 30 - timeoutSeconds: 3 - periodSeconds: 5 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} {{- if .Values.log4jProperties }} volumeMounts: - name: config diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index a024d9846be4..5b8d87463486 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -59,6 +59,16 @@ emojiLogging: true # javaOpts: # pluginsDirectory: +livenessProbe: + initialDelaySeconds: 120 + timeoutSeconds: 30 + failureThreshold: 6 + +readinessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 3 + periodSeconds: 5 + service: name: metabase type: ClusterIP From 54e1b2548236bcf6b40ff2fcd09d9aade3a2794a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 3 Feb 2020 09:27:20 +0100 Subject: [PATCH 005/304] [stable/drupal] Release 6.2.4 updating components versions (#20491) Signed-off-by: Bitnami Containers --- stable/drupal/Chart.yaml | 4 ++-- stable/drupal/requirements.lock | 4 ++-- stable/drupal/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index cc8efcc515cf..2066117c6e15 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: drupal -version: 6.2.3 -appVersion: 8.8.1 +version: 6.2.4 +appVersion: 8.8.2 description: One of the most versatile open source content management systems. keywords: - drupal diff --git a/stable/drupal/requirements.lock b/stable/drupal/requirements.lock index fff7fae7a9f3..fdb57ed2fa0d 100644 --- a/stable/drupal/requirements.lock +++ b/stable/drupal/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.7 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T11:30:06.037899565Z +generated: 2020-02-01T22:35:17.768855946Z diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index 164179740c2c..96159288113e 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.8.1-debian-10-r0 + tag: 8.8.2-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -287,7 +287,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r7 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 5bd16be1660b071a78b187b569b0a84782a21bd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Mon, 3 Feb 2020 13:15:21 +0100 Subject: [PATCH 006/304] [stable/rabbitmq] Add PrometheusRule. (#20478) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric de Saint Martin --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 6 +- stable/rabbitmq/templates/prometheusrule.yaml | 23 ++++++ stable/rabbitmq/values-production.yaml | 71 +++++++++++++++++++ stable/rabbitmq/values.yaml | 71 +++++++++++++++++++ 5 files changed, 171 insertions(+), 2 deletions(-) create mode 100644 stable/rabbitmq/templates/prometheusrule.yaml diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 99425749858b..b84a1a0405e7 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.16.6 +version: 6.17.0 appVersion: 3.8.2 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index d36dfae042a5..03058c4548b8 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -166,7 +166,11 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | | `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | | `metrics.serviceMonitor.release` | Used to pass Labels release that sometimes should be custom for Prometheus Operator | `nil` | -| `metrics.port ` | Prometheus metrics exporter port | `9419` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | Same namespace as rabbitmq | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.port` | Prometheus metrics exporter port | `9419` | | `metrics.env` | Exporter [configuration environment variables](https://github.com/kbudde/rabbitmq_exporter#configuration) | `{}` | | `metrics.resources` | Exporter resource requests/limit | `nil` | | `metrics.capabilities` | Exporter: Comma-separated list of extended [scraping capabilities supported by the target RabbitMQ server](https://github.com/kbudde/rabbitmq_exporter#extended-rabbitmq-capabilities) | `bert,no_sort` | diff --git a/stable/rabbitmq/templates/prometheusrule.yaml b/stable/rabbitmq/templates/prometheusrule.yaml new file mode 100644 index 000000000000..15f05e947e84 --- /dev/null +++ b/stable/rabbitmq/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "rabbitmq.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + app: {{ template "rabbitmq.name" . }} + chart: {{ template "rabbitmq.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.metrics.prometheusRule.additionalLabels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "rabbitmq.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index c9366e0a9130..24d53fbeb86f 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -462,6 +462,77 @@ metrics: ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + ## List of reules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + ## Please adapt them to your needs. + ## Make sure to constraint the rules to the current rabbitmq service. + ## Also make sure to escape what looks like helm template. + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + # annotations: + # summary: Rabbitmq down (instance {{ "{{ $labels.instance }}" }}) + # description: RabbitMQ node down + + # - alert: ClusterDown + # expr: | + # sum(rabbitmq_running{service="{{ template "rabbitmq.fullname" . }}"}) + # < {{ .Values.replicas }} + # for: 5m + # labels: + # severity: error + # annotations: + # summary: Cluster down (instance {{ "{{ $labels.instance }}" }}) + # description: | + # Less than {{ .Values.replicas }} nodes running in RabbitMQ cluster + # VALUE = {{ "{{ $value }}" }} + + # - alert: ClusterPartition + # expr: rabbitmq_partitions{service="{{ template "rabbitmq.fullname" . }}"} > 0 + # for: 5m + # labels: + # severity: error + # annotations: + # summary: Cluster partition (instance {{ "{{ $labels.instance }}" }}) + # description: | + # Cluster partition + # VALUE = {{ "{{ $value }}" }} + + # - alert: OutOfMemory + # expr: | + # rabbitmq_node_mem_used{service="{{ template "rabbitmq.fullname" . }}"} + # / rabbitmq_node_mem_limit{service="{{ template "rabbitmq.fullname" . }}"} + # * 100 > 90 + # for: 5m + # labels: + # severity: warning + # annotations: + # summary: Out of memory (instance {{ "{{ $labels.instance }}" }}) + # description: | + # Memory available for RabbmitMQ is low (< 10%)\n VALUE = {{ "{{ $value }}" }} + # LABELS: {{ "{{ $labels }}" }} + + # - alert: TooManyConnections + # expr: rabbitmq_connectionsTotal{service="{{ template "rabbitmq.fullname" . }}"} > 1000 + # for: 5m + # labels: + # severity: warning + # annotations: + # summary: Too many connections (instance {{ "{{ $labels.instance }}" }}) + # description: | + # RabbitMQ instance has too many connections (> 1000) + # VALUE = {{ "{{ $value }}" }}\n LABELS: {{ "{{ $labels }}" }} + ## ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index 38f7f911edb8..a64373a9d958 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -443,6 +443,77 @@ metrics: ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + prometheusRule: + enabled: false + additionalLabels: {} + namespace: "" + rules: [] + ## List of reules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + ## Please adapt them to your needs. + ## Make sure to constraint the rules to the current rabbitmq service. + ## Also make sure to escape what looks like helm template. + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + # annotations: + # summary: Rabbitmq down (instance {{ "{{ $labels.instance }}" }}) + # description: RabbitMQ node down + + # - alert: ClusterDown + # expr: | + # sum(rabbitmq_running{service="{{ template "rabbitmq.fullname" . }}"}) + # < {{ .Values.replicas }} + # for: 5m + # labels: + # severity: error + # annotations: + # summary: Cluster down (instance {{ "{{ $labels.instance }}" }}) + # description: | + # Less than {{ .Values.replicas }} nodes running in RabbitMQ cluster + # VALUE = {{ "{{ $value }}" }} + + # - alert: ClusterPartition + # expr: rabbitmq_partitions{service="{{ template "rabbitmq.fullname" . }}"} > 0 + # for: 5m + # labels: + # severity: error + # annotations: + # summary: Cluster partition (instance {{ "{{ $labels.instance }}" }}) + # description: | + # Cluster partition + # VALUE = {{ "{{ $value }}" }} + + # - alert: OutOfMemory + # expr: | + # rabbitmq_node_mem_used{service="{{ template "rabbitmq.fullname" . }}"} + # / rabbitmq_node_mem_limit{service="{{ template "rabbitmq.fullname" . }}"} + # * 100 > 90 + # for: 5m + # labels: + # severity: warning + # annotations: + # summary: Out of memory (instance {{ "{{ $labels.instance }}" }}) + # description: | + # Memory available for RabbmitMQ is low (< 10%)\n VALUE = {{ "{{ $value }}" }} + # LABELS: {{ "{{ $labels }}" }} + + # - alert: TooManyConnections + # expr: rabbitmq_connectionsTotal{service="{{ template "rabbitmq.fullname" . }}"} > 1000 + # for: 5m + # labels: + # severity: warning + # annotations: + # summary: Too many connections (instance {{ "{{ $labels.instance }}" }}) + # description: | + # RabbitMQ instance has too many connections (> 1000) + # VALUE = {{ "{{ $value }}" }}\n LABELS: {{ "{{ $labels }}" }} + ## ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup From cc4d7d91c142c6b06907be942e0c78a3286084cf Mon Sep 17 00:00:00 2001 From: Glen Takahashi Date: Mon, 3 Feb 2020 04:35:22 -0800 Subject: [PATCH 007/304] Allow DNS egress to resolve hostnames (#20437) Signed-off-by: Glen Takahashi --- stable/redis/Chart.yaml | 2 +- stable/redis/templates/networkpolicy.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index db94d87420c8..5ab759731116 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.4.0 +version: 10.4.1 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/networkpolicy.yaml b/stable/redis/templates/networkpolicy.yaml index 30f09f2fbf42..93efec4fe0c6 100644 --- a/stable/redis/templates/networkpolicy.yaml +++ b/stable/redis/templates/networkpolicy.yaml @@ -18,6 +18,10 @@ spec: - Ingress - Egress egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP # Allow outbound connections to other cluster pods - ports: - port: {{ .Values.redisPort }} From 91a1ab9f0c2b70bbc2d40c622da39fb59f6526ae Mon Sep 17 00:00:00 2001 From: Alice <31040183+alice-sawatzky@users.noreply.github.com> Date: Mon, 3 Feb 2020 11:53:21 -0600 Subject: [PATCH 008/304] [stable/prometheus-blackbox-exporter] add "allowIcmp" setting (#20409) * [stable/prometheus-blackbox-exporter] add "allowIcmp" setting Signed-off-by: Alice Sawatzky * [stable/prometheus-blackbox-exporter] minor version bump Signed-off-by: Alice Sawatzky * [stable/prometheus-blackbox-exporter] fix NET_RAW capability Signed-off-by: Alice Sawatzky * [stable/prometheus-blackbox-exporter] run as root if allowIcmp is set Signed-off-by: Alice Sawatzky * [stable/prometheus-blackbox-exporter] document security implications of allowIcmp Signed-off-by: Alice Sawatzky * [stable/prometheus-blackbox-exporter] add test values for allowIcmp Signed-off-by: Alice Sawatzky --- stable/prometheus-blackbox-exporter/Chart.yaml | 2 +- stable/prometheus-blackbox-exporter/README.md | 1 + stable/prometheus-blackbox-exporter/ci/icmp-values.yaml | 1 + .../prometheus-blackbox-exporter/templates/deployment.yaml | 7 ++++++- stable/prometheus-blackbox-exporter/values.yaml | 2 ++ 5 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 stable/prometheus-blackbox-exporter/ci/icmp-values.yaml diff --git a/stable/prometheus-blackbox-exporter/Chart.yaml b/stable/prometheus-blackbox-exporter/Chart.yaml index 6c88de641773..fe7644245665 100644 --- a/stable/prometheus-blackbox-exporter/Chart.yaml +++ b/stable/prometheus-blackbox-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Prometheus Blackbox Exporter name: prometheus-blackbox-exporter -version: 3.0.1 +version: 3.1.0 appVersion: 0.15.1 home: https://github.com/prometheus/blackbox_exporter sources: diff --git a/stable/prometheus-blackbox-exporter/README.md b/stable/prometheus-blackbox-exporter/README.md index e56a09750d60..61f2bf48e31e 100644 --- a/stable/prometheus-blackbox-exporter/README.md +++ b/stable/prometheus-blackbox-exporter/README.md @@ -63,6 +63,7 @@ The following table lists the configurable parameters of the Blackbox-Exporter c | `podAnnotations` | annotations to add to each pod | `{}` | | `podDisruptionBudget` | pod disruption budget | `{}` | | `priorityClassName` | priority class name | None | +| `allowIcmp` | whether to enable ICMP probes, by giving the pods `CAP_NET_RAW` and running as root | `false` | | `resources` | pod resource requests & limits | `{}` | | `restartPolicy` | container restart policy | `Always` | | `service.annotations` | annotations for the service | `{}` | diff --git a/stable/prometheus-blackbox-exporter/ci/icmp-values.yaml b/stable/prometheus-blackbox-exporter/ci/icmp-values.yaml new file mode 100644 index 000000000000..39dfe5e8782c --- /dev/null +++ b/stable/prometheus-blackbox-exporter/ci/icmp-values.yaml @@ -0,0 +1 @@ +allowIcmp: true diff --git a/stable/prometheus-blackbox-exporter/templates/deployment.yaml b/stable/prometheus-blackbox-exporter/templates/deployment.yaml index 7153d7202d4e..6825fcbb3b47 100644 --- a/stable/prometheus-blackbox-exporter/templates/deployment.yaml +++ b/stable/prometheus-blackbox-exporter/templates/deployment.yaml @@ -58,8 +58,13 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: readOnlyRootFilesystem: {{ .Values.readOnlyRootFilesystem }} + {{- if .Values.allowIcmp }} + capabilities: + add: ["NET_RAW"] + {{- else }} runAsNonRoot: {{ .Values.runAsNonRoot }} runAsUser: {{ .Values.runAsUser }} + {{- end }} args: {{- if .Values.config }} - "--config.file=/config/blackbox.yaml" @@ -117,4 +122,4 @@ spec: secret: secretName: {{ .secretName }} defaultMode: {{ .defaultMode }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/stable/prometheus-blackbox-exporter/values.yaml b/stable/prometheus-blackbox-exporter/values.yaml index e52e3511c9f0..53e2f33e77e6 100644 --- a/stable/prometheus-blackbox-exporter/values.yaml +++ b/stable/prometheus-blackbox-exporter/values.yaml @@ -58,6 +58,8 @@ extraSecretMounts: [] # readOnly: true # defaultMode: 420 +allowIcmp: false + resources: {} # limits: # memory: 300Mi From 3e00094e2ad77aaad118d7d32c19d174fbd55c40 Mon Sep 17 00:00:00 2001 From: Chris Schaefer Date: Mon, 3 Feb 2020 16:39:26 -0500 Subject: [PATCH 009/304] [stable/spring-cloud-data-flow] Update to new SCDF version 2.4.0 (#20517) - update scdf version to 2.4.0 - update skipper version to 2.3.0 - update chart dependency versions Signed-off-by: Chris Schaefer --- stable/spring-cloud-data-flow/Chart.yaml | 4 ++-- stable/spring-cloud-data-flow/README.md | 13 +++++++------ stable/spring-cloud-data-flow/requirements.lock | 16 ++++++++-------- stable/spring-cloud-data-flow/requirements.yaml | 12 ++++++------ .../templates/_helpers.tpl | 2 +- stable/spring-cloud-data-flow/values.yaml | 9 ++++++--- 6 files changed, 30 insertions(+), 26 deletions(-) diff --git a/stable/spring-cloud-data-flow/Chart.yaml b/stable/spring-cloud-data-flow/Chart.yaml index 72cbe25e6716..aab6dd0e259c 100644 --- a/stable/spring-cloud-data-flow/Chart.yaml +++ b/stable/spring-cloud-data-flow/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Toolkit for building data processing pipelines. name: spring-cloud-data-flow -version: 2.5.3 -appVersion: 2.3.1.RELEASE +version: 2.6.0 +appVersion: 2.4.0.RELEASE home: http://cloud.spring.io/spring-cloud-dataflow/ sources: - https://github.com/spring-cloud/spring-cloud-dataflow diff --git a/stable/spring-cloud-data-flow/README.md b/stable/spring-cloud-data-flow/README.md index 257fd3cdb8d2..73967dc91f43 100644 --- a/stable/spring-cloud-data-flow/README.md +++ b/stable/spring-cloud-data-flow/README.md @@ -111,7 +111,7 @@ The following tables list the configurable parameters and their default values. | Parameter | Description | Default | | --------------------------------------- | ------------------------------------------------------------------ | ---------------- | -| server.version | The version/tag of the Data Flow server | 2.3.1.RELEASE +| server.version | The version/tag of the Data Flow server | 2.4.0.RELEASE | server.imagePullPolicy | The imagePullPolicy of the Data Flow server | IfNotPresent | server.service.type | The service type for the Data Flow server | LoadBalancer | server.service.annotations | Extra annotations for service resource | {} @@ -126,7 +126,7 @@ The following tables list the configurable parameters and their default values. | Parameter | Description | Default | | --------------------------------- | ---------------------------------------------------------------- | ---------------- | -| skipper.version | The version/tag of the Skipper server | 2.2.2.RELEASE +| skipper.version | The version/tag of the Skipper server | 2.3.0.RELEASE | skipper.imagePullPolicy | The imagePullPolicy of the Skipper server | IfNotPresent | skipper.platformName | The name of the configured platform account | default | skipper.service.type | The service type for the Skipper server | ClusterIP @@ -146,10 +146,11 @@ The following tables list the configurable parameters and their default values. ### RabbitMQ Configuration -| Parameter | Description | Default | -| -------------------------- | ---------------------------------------- | ------------------------- | -| rabbitmq.enabled | Enable RabbitMQ as the middleware to use | true -| rabbitmq.rabbitmqUsername | RabbitMQ user name | user +| Parameter | Description | Default | +| --------------------------- | ------------------------------------------- | ------------------------- | +| rabbitmq.enabled | Enable RabbitMQ as the middleware to use | true +| rabbitmq.rabbitmq.username | RabbitMQ user name | user +| rabbitmq.rabbitmq.password | RabbitMQ password to encode into the secret | changeme ### RabbitMQ HA Configuration diff --git a/stable/spring-cloud-data-flow/requirements.lock b/stable/spring-cloud-data-flow/requirements.lock index 1f2c134e806f..2863ce8f3ddf 100644 --- a/stable/spring-cloud-data-flow/requirements.lock +++ b/stable/spring-cloud-data-flow/requirements.lock @@ -1,21 +1,21 @@ dependencies: - name: mysql repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.1.0 + version: 1.6.2 - name: rabbitmq repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.6.16 + version: 6.16.6 - name: rabbitmq-ha repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.27.1 + version: 1.38.2 - name: kafka repository: https://kubernetes-charts-incubator.storage.googleapis.com/ - version: 0.13.11 + version: 0.20.8 - name: prometheus repository: https://kubernetes-charts.storage.googleapis.com/ - version: 9.3.1 + version: 10.4.0 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ - version: 4.0.2 -digest: sha256:67025c3ac98c98e9b1530c00d199217fb74b50202226b36756c213ac0617795d -generated: "2019-12-06T09:19:02.158505764-05:00" + version: 4.5.0 +digest: sha256:02cce6791cbddab650f8165cb4865133b497bde53b9103f1c714129efc1e2671 +generated: "2020-01-31T14:36:49.309488742-05:00" diff --git a/stable/spring-cloud-data-flow/requirements.yaml b/stable/spring-cloud-data-flow/requirements.yaml index b7b7036bcced..e789de00efe9 100644 --- a/stable/spring-cloud-data-flow/requirements.yaml +++ b/stable/spring-cloud-data-flow/requirements.yaml @@ -1,25 +1,25 @@ dependencies: - name: mysql - version: 1.1.0 + version: 1.6.2 repository: https://kubernetes-charts.storage.googleapis.com/ condition: mysql.enabled - name: rabbitmq - version: 0.6.16 + version: 6.16.6 repository: https://kubernetes-charts.storage.googleapis.com/ condition: rabbitmq.enabled - name: rabbitmq-ha - version: 1.27.1 + version: 1.38.2 repository: https://kubernetes-charts.storage.googleapis.com/ condition: rabbitmq-ha.enabled - name: kafka - version: 0.13.11 + version: 0.20.8 repository: https://kubernetes-charts-incubator.storage.googleapis.com/ condition: kafka.enabled - name: prometheus - version: 9.3.1 + version: 10.4.0 repository: https://kubernetes-charts.storage.googleapis.com/ condition: features.monitoring.enabled - name: grafana - version: 4.0.2 + version: 4.5.0 repository: https://kubernetes-charts.storage.googleapis.com/ condition: features.monitoring.enabled diff --git a/stable/spring-cloud-data-flow/templates/_helpers.tpl b/stable/spring-cloud-data-flow/templates/_helpers.tpl index 6cff13dd3e1f..882e8720085d 100644 --- a/stable/spring-cloud-data-flow/templates/_helpers.tpl +++ b/stable/spring-cloud-data-flow/templates/_helpers.tpl @@ -125,6 +125,6 @@ Create the name of the service account to use {{- if index .Values "rabbitmq-ha" "enabled" -}} {{ index .Values "rabbitmq-ha" "rabbitmqUsername" }} {{- else if .Values.rabbitmq.enabled -}} - {{ .Values.rabbitmq.rabbitmqUsername }} + {{ .Values.rabbitmq.rabbitmq.username }} {{- end -}} {{- end -}} diff --git a/stable/spring-cloud-data-flow/values.yaml b/stable/spring-cloud-data-flow/values.yaml index 87128d995d2e..21c9117287e1 100644 --- a/stable/spring-cloud-data-flow/values.yaml +++ b/stable/spring-cloud-data-flow/values.yaml @@ -18,7 +18,7 @@ initContainers: server: image: springcloud/spring-cloud-dataflow-server - version: 2.3.1.RELEASE + version: 2.4.0.RELEASE imagePullPolicy: IfNotPresent platformName: default trustCerts: false @@ -40,7 +40,7 @@ server: skipper: enabled: true image: springcloud/spring-cloud-skipper-server - version: 2.2.2.RELEASE + version: 2.3.0.RELEASE imagePullPolicy: IfNotPresent platformName: default trustCerts: false @@ -68,7 +68,10 @@ deployer: rabbitmq: enabled: true - rabbitmqUsername: user + rabbitmq: + username: user + # this value will be encoded into a secret + password: changeme rabbitmq-ha: enabled: false From ff4dcc73b9bbf045a55f6938cd49c454a0a66cbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Hanz=C3=ADk?= Date: Tue, 4 Feb 2020 02:05:26 +0100 Subject: [PATCH 010/304] update alantis version (#20507) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Hanzík --- stable/atlantis/Chart.yaml | 4 ++-- stable/atlantis/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml index d77828bc793a..01836eff5688 100644 --- a/stable/atlantis/Chart.yaml +++ b/stable/atlantis/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "v0.8.2" +appVersion: "v0.11.1" description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 3.10.1 +version: 3.11.0 keywords: - terraform home: https://www.runatlantis.io diff --git a/stable/atlantis/values.yaml b/stable/atlantis/values.yaml index fc7d72fb04c7..99d95db1adcf 100644 --- a/stable/atlantis/values.yaml +++ b/stable/atlantis/values.yaml @@ -82,7 +82,7 @@ serviceAccountSecrets: image: repository: runatlantis/atlantis - tag: v0.8.2 + tag: v0.11.1 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 78c68b31b9daf69989da153166b8448ecfed96cc Mon Sep 17 00:00:00 2001 From: Naseem Date: Mon, 3 Feb 2020 20:11:26 -0500 Subject: [PATCH 011/304] [stable/prometheus-redis-exporter] Update image for exporter (#19317) * Update image for exporter Signed-off-by: Naseem * bump chart version Signed-off-by: David Karlsen Co-authored-by: David J. M. Karlsen --- stable/prometheus-redis-exporter/Chart.yaml | 4 ++-- stable/prometheus-redis-exporter/README.md | 2 +- stable/prometheus-redis-exporter/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-redis-exporter/Chart.yaml b/stable/prometheus-redis-exporter/Chart.yaml index 326ed0df955b..16aa140e4c9e 100644 --- a/stable/prometheus-redis-exporter/Chart.yaml +++ b/stable/prometheus-redis-exporter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 1.0.4 +appVersion: 1.3.4 description: Prometheus exporter for Redis metrics name: prometheus-redis-exporter -version: 3.2.1 +version: 3.2.2 home: https://github.com/oliver006/redis_exporter sources: - https://github.com/oliver006/redis_exporter diff --git a/stable/prometheus-redis-exporter/README.md b/stable/prometheus-redis-exporter/README.md index f21457e0961b..b25b0043ffd5 100644 --- a/stable/prometheus-redis-exporter/README.md +++ b/stable/prometheus-redis-exporter/README.md @@ -44,7 +44,7 @@ The following table lists the configurable parameters and their default values. | ---------------------- | --------------------------------------------------- | ------------------------- | | `replicaCount` | desired number of prometheus-redis-exporter pods | `1` | | `image.repository` | prometheus-redis-exporter image repository | `oliver006/redis_exporter`| -| `image.tag` | prometheus-redis-exporter image tag | `v1.0.4` | +| `image.tag` | prometheus-redis-exporter image tag | `v1.3.4` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `image.pullSecrets` | image pull secrets | {} | | `extraArgs` | extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter#flags)| {} diff --git a/stable/prometheus-redis-exporter/values.yaml b/stable/prometheus-redis-exporter/values.yaml index aacdb14e7eae..2fce50cd94cd 100644 --- a/stable/prometheus-redis-exporter/values.yaml +++ b/stable/prometheus-redis-exporter/values.yaml @@ -13,7 +13,7 @@ serviceAccount: replicaCount: 1 image: repository: oliver006/redis_exporter - tag: v1.0.4 + tag: v1.3.4 pullPolicy: IfNotPresent extraArgs: {} # Additional Environment variables From 8491cc01adf0a87147f861d99e8ed347beef0950 Mon Sep 17 00:00:00 2001 From: Andrey Voronkov Date: Tue, 4 Feb 2020 08:43:26 +0300 Subject: [PATCH 012/304] [stable/moodle] Set MOODLE_SKIP_INSTALL environment variable via values.yaml config. (#20523) It is very useful for data migration or restoring database from backup. Signed-off-by: Andrey Voronkov --- stable/moodle/Chart.yaml | 2 +- stable/moodle/README.md | 1 + stable/moodle/templates/deployment.yaml | 2 ++ stable/moodle/values.yaml | 5 +++++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index 67b8ab75459a..440bf23659b0 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: moodle -version: 7.0.8 +version: 7.1.0 appVersion: 3.8.1 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/README.md b/stable/moodle/README.md index f57bf21370c6..8567ccce4321 100644 --- a/stable/moodle/README.md +++ b/stable/moodle/README.md @@ -61,6 +61,7 @@ The following table lists the configurable parameters of the Moodle chart and th | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | `nameOverride` | String to partially override moodle.fullname template with a string (will prepend the release name) | `nil` | | `fullnameOverride` | String to fully override moodle.fullname template with a string | `nil` | +| `moodleSkipInstall` | Skip moodle installation wizard (`no` / `yes`) | `no` | | `moodleUsername` | User of the application | `user` | | `moodlePassword` | Application password | _random 10 character alphanumeric string_ | | `moodleEmail` | Admin email | `user@example.com` | diff --git a/stable/moodle/templates/deployment.yaml b/stable/moodle/templates/deployment.yaml index 8dd4c08298c1..62a343f7346c 100644 --- a/stable/moodle/templates/deployment.yaml +++ b/stable/moodle/templates/deployment.yaml @@ -73,6 +73,8 @@ spec: name: {{ printf "%s-%s" .Release.Name "externaldb" }} key: db-password {{- end }} + - name: MOODLE_SKIP_INSTALL + value: {{ default "no" .Values.moodleSkipInstall | quote }} - name: MOODLE_USERNAME value: {{ default "" .Values.moodleUsername | quote }} - name: MOODLE_PASSWORD diff --git a/stable/moodle/values.yaml b/stable/moodle/values.yaml index 49920791b316..ab28c2625ce0 100644 --- a/stable/moodle/values.yaml +++ b/stable/moodle/values.yaml @@ -35,6 +35,11 @@ image: ## # fullnameOverride: +## Skip Moodle installation wizard. Useful for migrations and restoring from SQL dump +## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration +## +moodleSkipInstall: "no" + ## User of the application ## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration ## From 384f57f9601dbf391eec28873af65923c3a0e68c Mon Sep 17 00:00:00 2001 From: Adam Chester Date: Tue, 4 Feb 2020 19:15:26 +1000 Subject: [PATCH 013/304] Seq: use deployment strategy (#20526) Signed-off-by: Adam Chester --- stable/seq/Chart.yaml | 2 +- stable/seq/templates/deployment.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/seq/Chart.yaml b/stable/seq/Chart.yaml index 2a4ec17338ae..e1e31adf3b3b 100644 --- a/stable/seq/Chart.yaml +++ b/stable/seq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: seq -version: 1.0.4 +version: 1.0.5 appVersion: 5 description: Seq is the easiest way for development teams to capture, search and visualize structured log events! This page will walk you through the very quick setup process. keywords: diff --git a/stable/seq/templates/deployment.yaml b/stable/seq/templates/deployment.yaml index 49f32df4f499..3f8faa1c4350 100644 --- a/stable/seq/templates/deployment.yaml +++ b/stable/seq/templates/deployment.yaml @@ -12,6 +12,8 @@ spec: matchLabels: app: {{ template "seq.name" . }} release: {{ .Release.Name }} + strategy: + type: Recreate template: metadata: labels: From 7787b35f32d5c36e924ce16165991c3fb6c00e33 Mon Sep 17 00:00:00 2001 From: rowanr Date: Tue, 4 Feb 2020 11:21:26 +0100 Subject: [PATCH 014/304] [stable/pgadmin] removed abundance curly bracket (#20530) * [stable/pgadmin] removed abundance curly bracket Signed-off-by: Rowan Ruseler * [stable/pgadmin] version bump Signed-off-by: Rowan Ruseler --- stable/pgadmin/Chart.yaml | 2 +- stable/pgadmin/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/pgadmin/Chart.yaml b/stable/pgadmin/Chart.yaml index ae1186605662..eb31d806ae22 100644 --- a/stable/pgadmin/Chart.yaml +++ b/stable/pgadmin/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: pgAdmin is a web based administration tool for PostgreSQL database name: pgadmin -version: 1.1.0 +version: 1.1.1 appVersion: 4.17.0 home: https://www.pgadmin.org/ source: https://github.com/rowanruseler/pgadmin diff --git a/stable/pgadmin/templates/deployment.yaml b/stable/pgadmin/templates/deployment.yaml index dad90a94e954..4108068984ed 100644 --- a/stable/pgadmin/templates/deployment.yaml +++ b/stable/pgadmin/templates/deployment.yaml @@ -88,5 +88,5 @@ spec: {{- end }} {{- if .Values.tolerations }} tolerations: - {{- .Values.tolerations | toYaml | nindent 8 }}} + {{- .Values.tolerations | toYaml | nindent 8 }} {{- end }} From 6bd9551d39739a6a3564c8f9b666480921e8c1de Mon Sep 17 00:00:00 2001 From: kvaps Date: Tue, 4 Feb 2020 11:43:26 +0100 Subject: [PATCH 015/304] [stable/nfs-server-provisioner] New nfs-provisioner with NFSv3 support (#19260) * Enable NFSv3 support, set NFSv3 by default Signed-off-by: kvaps * remove relatime Signed-off-by: kvaps * Use nindents Signed-off-by: kvaps * add kvaps to OWNERS of nfs-server-provisioner Signed-off-by: kvaps * fix imagePullSecrets for nfs-provisioner Signed-off-by: kvaps * update default rpcbind port for nfs-server-provisioner Signed-off-by: kvaps * bump chart version Signed-off-by: kvaps --- stable/nfs-server-provisioner/Chart.yaml | 4 +- stable/nfs-server-provisioner/OWNERS | 2 + stable/nfs-server-provisioner/README.md | 4 +- .../templates/service.yaml | 82 ++++++++++++++++--- .../templates/statefulset.yaml | 73 +++++++++++------ .../templates/storageclass.yaml | 8 +- stable/nfs-server-provisioner/values.yaml | 11 ++- 7 files changed, 138 insertions(+), 46 deletions(-) diff --git a/stable/nfs-server-provisioner/Chart.yaml b/stable/nfs-server-provisioner/Chart.yaml index 74db72203794..1450d6c033d8 100644 --- a/stable/nfs-server-provisioner/Chart.yaml +++ b/stable/nfs-server-provisioner/Chart.yaml @@ -2,10 +2,12 @@ apiVersion: v1 appVersion: 2.3.0 description: nfs-server-provisioner is an out-of-tree dynamic provisioner for Kubernetes. You can use it to quickly & easily deploy shared storage that works almost anywhere. name: nfs-server-provisioner -version: 0.5.0 +version: 1.0.0 maintainers: - name: kiall email: kiall@macinnes.ie +- name: kvaps + email: kvapss@gmail.com - name: joaocc email: joaocc-dev@live.com - name: naseemkullah diff --git a/stable/nfs-server-provisioner/OWNERS b/stable/nfs-server-provisioner/OWNERS index e1452755397e..b65278579a54 100644 --- a/stable/nfs-server-provisioner/OWNERS +++ b/stable/nfs-server-provisioner/OWNERS @@ -1,6 +1,8 @@ approvers: - kiall +- kvaps - naseemkullah reviewers: - kiall +- kvaps - naseemkullah diff --git a/stable/nfs-server-provisioner/README.md b/stable/nfs-server-provisioner/README.md index 6d0478e0a13b..0c30e923ec4b 100644 --- a/stable/nfs-server-provisioner/README.md +++ b/stable/nfs-server-provisioner/README.md @@ -62,7 +62,7 @@ their default values. | `service.type` | service type | `ClusterIP` | | `service.nfsPort` | TCP port on which the nfs-server-provisioner NFS service is exposed | `2049` | | `service.mountdPort` | TCP port on which the nfs-server-provisioner mountd service is exposed | `20048` | -| `service.rpcbindPort` | TCP port on which the nfs-server-provisioner RPC service is exposed | `51413` | +| `service.rpcbindPort` | TCP port on which the nfs-server-provisioner RPC service is exposed | `111` | | `service.nfsNodePort` | if `service.type` is `NodePort` and this is non-empty, sets the nfs-server-provisioner node port of the NFS service | `nil` | | `service.mountdNodePort` | if `service.type` is `NodePort` and this is non-empty, sets the nfs-server-provisioner node port of the mountd service | `nil` | | `service.rpcbindNodePort` | if `service.type` is `NodePort` and this is non-empty, sets the nfs-server-provisioner node port of the RPC service | `nil` | @@ -76,7 +76,7 @@ their default values. | `storageClass.name` | The name to assign the created StorageClass | `nfs` | | `storageClass.allowVolumeExpansion` | Allow base storage PCV to be dynamically resizeable (set to null to disable ) | `true | | `storageClass.parameters` | Parameters for StorageClass | `{}` | -| `storageClass.mountOptions` | Mount options for StorageClass | `[ "vers=4.1", "noatime" ]` | +| `storageClass.mountOptions` | Mount options for StorageClass | `[ "vers=3" ]` | | `storageClass.reclaimPolicy` | ReclaimPolicy field of the class, which can be either Delete or Retain | `Delete` | | `resources` | Resource limits for nfs-server-provisioner pod | `{}` | | `nodeSelector` | Map of node labels for pod assignment | `{}` | diff --git a/stable/nfs-server-provisioner/templates/service.yaml b/stable/nfs-server-provisioner/templates/service.yaml index b2d299e2844e..84a7593efaf4 100644 --- a/stable/nfs-server-provisioner/templates/service.yaml +++ b/stable/nfs-server-provisioner/templates/service.yaml @@ -14,34 +14,90 @@ spec: targetPort: nfs protocol: TCP name: nfs -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nfsNodePort))) }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nfsNodePort))) }} nodePort: {{ .Values.service.nfsNodePort }} -{{- end }} + {{- end }} + - port: {{ .Values.service.nfsPort }} + targetPort: nfs-udp + protocol: UDP + name: nfs-udp + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nfsNodePort))) }} + nodePort: {{ .Values.service.nfsNodePort }} + {{- end }} + - port: {{ .Values.service.nlockmgrPort }} + targetPort: nlockmgr + protocol: TCP + name: nlockmgr + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nlockmgrNodePort))) }} + nodePort: {{ .Values.service.nlockmgrNodePort }} + {{- end }} + - port: {{ .Values.service.nlockmgrPort }} + targetPort: nlockmgr-udp + protocol: UDP + name: nlockmgr-udp + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nlockmgrPort))) }} + nodePort: {{ .Values.service.nlockmgrNodePort }} + {{- end }} - port: {{ .Values.service.mountdPort }} targetPort: mountd protocol: TCP name: mountd -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.mountdNodePort))) }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.mountdNodePort))) }} + nodePort: {{ .Values.service.mountdNodePort }} + {{- end }} + - port: {{ .Values.service.mountdPort }} + targetPort: mountd-udp + protocol: UDP + name: mountd-udp + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.mountdNodePort))) }} nodePort: {{ .Values.service.mountdNodePort }} -{{- end }} + {{- end }} + - port: {{ .Values.service.rquotadPort }} + targetPort: rquotad + protocol: TCP + name: rquotad + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.rquotadNodePort))) }} + nodePort: {{ .Values.service.rquotadNodePort }} + {{- end }} + - port: {{ .Values.service.rquotadPort }} + targetPort: rquotad-udp + protocol: UDP + name: rquotad-udp + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.rquotadNodePort))) }} + nodePort: {{ .Values.service.rquotadNodePort }} + {{- end }} - port: {{ .Values.service.rpcbindPort }} - targetPort: rpcbind-tcp + targetPort: rpcbind protocol: TCP - name: rpcbind-tcp -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.rpcbindNodePort))) }} + name: rpcbind + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.rpcbindNodePort))) }} nodePort: {{ .Values.service.rpcbindNodePort }} -{{- end }} + {{- end }} - port: {{ .Values.service.rpcbindPort }} targetPort: rpcbind-udp protocol: UDP name: rpcbind-udp -{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.rpcbindNodePort))) }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.rpcbindNodePort))) }} nodePort: {{ .Values.service.rpcbindNodePort }} -{{- end }} -{{- if .Values.service.externalIPs }} + {{- end }} + - port: {{ .Values.service.statdPort }} + targetPort: statd + protocol: TCP + name: statd + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.statdPort))) }} + nodePort: {{ .Values.service.statdPort }} + {{- end }} + - port: {{ .Values.service.statdPort }} + targetPort: statd-udp + protocol: UDP + name: statd-udp + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.statdPort))) }} + nodePort: {{ .Values.service.statdPort }} + {{- end }} + {{- if .Values.service.externalIPs }} externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} + {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} selector: app: {{ template "nfs-provisioner.name" . }} release: {{ .Release.Name }} diff --git a/stable/nfs-server-provisioner/templates/statefulset.yaml b/stable/nfs-server-provisioner/templates/statefulset.yaml index a872ca78c16e..0c03609917c6 100644 --- a/stable/nfs-server-provisioner/templates/statefulset.yaml +++ b/stable/nfs-server-provisioner/templates/statefulset.yaml @@ -26,6 +26,10 @@ spec: # NOTE: This is 10 seconds longer than the default nfs-provisioner --grace-period value of 90sec terminationGracePeriodSeconds: 100 serviceAccountName: {{ if .Values.rbac.create }}{{ template "nfs-provisioner.fullname" . }}{{ else }}{{ .Values.rbac.serviceAccountName | quote }}{{ end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -34,15 +38,39 @@ spec: - name: nfs containerPort: 2049 protocol: TCP + - name: nfs-udp + containerPort: 2049 + protocol: UDP + - name: nlockmgr + containerPort: 32803 + protocol: TCP + - name: nlockmgr-udp + containerPort: 32803 + protocol: UDP - name: mountd containerPort: 20048 protocol: TCP - - name: rpcbind-tcp + - name: mountd-udp + containerPort: 20048 + protocol: UDP + - name: rquotad + containerPort: 875 + protocol: TCP + - name: rquotad-udp + containerPort: 875 + protocol: UDP + - name: rpcbind containerPort: 111 protocol: TCP - name: rpcbind-udp containerPort: 111 protocol: UDP + - name: statd + containerPort: 662 + protocol: TCP + - name: statd-udp + containerPort: 662 + protocol: UDP securityContext: capabilities: add: @@ -67,44 +95,43 @@ spec: volumeMounts: - name: data mountPath: /export + {{- with .Values.resources }} resources: - {{- with .Values.resources }} - resources: -{{ toYaml . | indent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} tolerations: -{{ toYaml . | indent 8 }} - {{- end }} + {{- toYaml . | nindent 8 }} + {{- end }} -{{- if not .Values.persistence.enabled }} + {{- if not .Values.persistence.enabled }} volumes: - name: data emptyDir: {} -{{- end }} + {{- end }} -{{- if .Values.persistence.enabled }} + {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: name: data spec: accessModes: [ {{ .Values.persistence.accessMode | quote }} ] - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" - {{- else }} + {{- else }} storageClassName: {{ .Values.persistence.storageClass | quote }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} resources: requests: storage: {{ .Values.persistence.size | quote }} -{{- end }} + {{- end }} diff --git a/stable/nfs-server-provisioner/templates/storageclass.yaml b/stable/nfs-server-provisioner/templates/storageclass.yaml index e2c202260617..be1787aed82c 100644 --- a/stable/nfs-server-provisioner/templates/storageclass.yaml +++ b/stable/nfs-server-provisioner/templates/storageclass.yaml @@ -8,10 +8,10 @@ metadata: chart: {{ template "nfs-provisioner.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} -{{- if .Values.storageClass.defaultClass }} + {{- if .Values.storageClass.defaultClass }} annotations: storageclass.kubernetes.io/is-default-class: "true" -{{- end }} + {{- end }} provisioner: {{ template "nfs-provisioner.provisionerName" . }} reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }} {{ if .Values.storageClass.allowVolumeExpansion }} @@ -19,10 +19,10 @@ allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} {{ end }} {{- with .Values.storageClass.parameters }} parameters: -{{ toYaml . | indent 2 }} +{{- toYaml . | nindent 2 }} {{- end }} {{- with .Values.storageClass.mountOptions }} mountOptions: -{{ toYaml . | indent 2 }} +{{- toYaml . | nindent 2 }} {{- end }} {{ end -}} diff --git a/stable/nfs-server-provisioner/values.yaml b/stable/nfs-server-provisioner/values.yaml index 7a63a2224aea..6da0e1327188 100644 --- a/stable/nfs-server-provisioner/values.yaml +++ b/stable/nfs-server-provisioner/values.yaml @@ -20,11 +20,17 @@ service: type: ClusterIP nfsPort: 2049 + nlockmgrPort: 32803 mountdPort: 20048 - rpcbindPort: 51413 + rquotadPort: 875 + rpcbindPort: 111 + statdPort: 662 # nfsNodePort: + # nlockmgrNodePort: # mountdNodePort: + # rquotadNodePort: # rpcbindNodePort: + # statdNodePort: externalIPs: [] @@ -64,8 +70,7 @@ storageClass: parameters: {} mountOptions: - - vers=4.1 - - noatime + - vers=3 ## ReclaimPolicy field of the class, which can be either Delete or Retain reclaimPolicy: Delete From 424ed073c7cd734540f6dd7c0e6b6a599de9a05e Mon Sep 17 00:00:00 2001 From: Marcus Date: Tue, 4 Feb 2020 02:51:27 -0800 Subject: [PATCH 016/304] [stable/superset] Update Maintainers List (#20493) * updating maintainers list due to significant improvement in how app is started and big jump in version. Ongoing improvements to follow. Signed-off-by: marcussorealheis * add CI directory and security manager custom test values. Signed-off-by: marcussorealheis * update maintainer. Signed-off-by: marcussorealheis * add an owners file. Signed-off-by: marcussorealheis --- stable/superset/Chart.yaml | 6 +++--- stable/superset/OWNERS | 4 ++++ stable/superset/ci/superset_security-values.yaml | 6 ++++++ 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 stable/superset/OWNERS create mode 100644 stable/superset/ci/superset_security-values.yaml diff --git a/stable/superset/Chart.yaml b/stable/superset/Chart.yaml index 6db76a2be672..681b5fe96ee2 100644 --- a/stable/superset/Chart.yaml +++ b/stable/superset/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Apache Superset (incubating) is a modern, enterprise-ready business intelligence web application name: superset -version: 1.1.8 +version: 1.1.9 appVersion: "0.35.2" keywords: - bi @@ -10,5 +10,5 @@ icon: https://superset.incubator.apache.org/_images/s.png sources: - https://github.com/apache/incubator-superset maintainers: -- name: alitari - email: alitari67@gmail.com +- name: marcussorealheis + email: marcuseagan@gmail.com diff --git a/stable/superset/OWNERS b/stable/superset/OWNERS new file mode 100644 index 000000000000..09683087251f --- /dev/null +++ b/stable/superset/OWNERS @@ -0,0 +1,4 @@ +approvers: +- marcussorealheis +reviewers: +- marcussorealheis diff --git a/stable/superset/ci/superset_security-values.yaml b/stable/superset/ci/superset_security-values.yaml new file mode 100644 index 000000000000..34be3dbb7f2c --- /dev/null +++ b/stable/superset/ci/superset_security-values.yaml @@ -0,0 +1,6 @@ +--- +# enable the superset security manager + +extraConfigFiles: + custom_sso_security_manager.py: |- + from superset.security import SupersetSecurityManager From 42d32d22c7fa3427d90ef4e4ff336cc5953f35cf Mon Sep 17 00:00:00 2001 From: rowanr Date: Tue, 4 Feb 2020 11:51:35 +0100 Subject: [PATCH 017/304] Rr/strategy (#20533) * [stable/pgadmin] added strategy to the deployment Signed-off-by: Rowan Ruseler * [stable/pgadmin] removed white-line Signed-off-by: Rowan Ruseler --- stable/pgadmin/Chart.yaml | 2 +- stable/pgadmin/README.md | 1 + stable/pgadmin/templates/deployment.yaml | 4 ++++ stable/pgadmin/values.yaml | 9 +++++++++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/stable/pgadmin/Chart.yaml b/stable/pgadmin/Chart.yaml index eb31d806ae22..2c0720f8c2f6 100644 --- a/stable/pgadmin/Chart.yaml +++ b/stable/pgadmin/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: pgAdmin is a web based administration tool for PostgreSQL database name: pgadmin -version: 1.1.1 +version: 1.1.2 appVersion: 4.17.0 home: https://www.pgadmin.org/ source: https://github.com/rowanruseler/pgadmin diff --git a/stable/pgadmin/README.md b/stable/pgadmin/README.md index 8f2141614c14..ea7e4f968574 100644 --- a/stable/pgadmin/README.md +++ b/stable/pgadmin/README.md @@ -46,6 +46,7 @@ The command removes nearly all the Kubernetes components associated with the cha | `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | | `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | | `service.port` | Service port | `80` | +| `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.hosts` | Ingress accepted hostnames | `nil` | diff --git a/stable/pgadmin/templates/deployment.yaml b/stable/pgadmin/templates/deployment.yaml index 4108068984ed..4633e8e11bdd 100644 --- a/stable/pgadmin/templates/deployment.yaml +++ b/stable/pgadmin/templates/deployment.yaml @@ -11,6 +11,10 @@ spec: matchLabels: app.kubernetes.io/name: {{ include "pgadmin.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.strategy }} + strategy: + {{- .Values.strategy | toYaml | nindent 4 }}} +{{- end }} template: metadata: labels: diff --git a/stable/pgadmin/values.yaml b/stable/pgadmin/values.yaml index 26156e1d8443..4d063ec36708 100644 --- a/stable/pgadmin/values.yaml +++ b/stable/pgadmin/values.yaml @@ -13,6 +13,15 @@ service: type: ClusterIP port: 80 +## Strategy used to replace old Pods by new ones +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + ingress: ## If true, pgAdmin Ingress will be created ## From 57aebcc1a5a6c377292ed09cd32c490c8348c10a Mon Sep 17 00:00:00 2001 From: Daniel Arteaga Date: Tue, 4 Feb 2020 12:23:25 +0100 Subject: [PATCH 018/304] [stable/testlink] add service annotations (#20531) * add service annotations Signed-off-by: darteaga * PR commented changes Signed-off-by: darteaga * fix lint errors Signed-off-by: darteaga * bump minor version as suggested Signed-off-by: darteaga --- stable/testlink/Chart.yaml | 2 +- stable/testlink/README.md | 131 +++++++++++++------------ stable/testlink/templates/_helpers.tpl | 13 +++ stable/testlink/templates/svc.yaml | 3 + stable/testlink/values.yaml | 4 + 5 files changed, 87 insertions(+), 66 deletions(-) diff --git a/stable/testlink/Chart.yaml b/stable/testlink/Chart.yaml index 55664e603ab6..f5ee738e2736 100644 --- a/stable/testlink/Chart.yaml +++ b/stable/testlink/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: testlink -version: 7.0.3 +version: 7.1.0 appVersion: 1.9.19 description: Web-based test management system that facilitates software quality assurance. icon: https://bitnami.com/assets/stacks/testlink/img/testlink-stack-220x234.png diff --git a/stable/testlink/README.md b/stable/testlink/README.md index 0132a0cf83ff..f0f41715f897 100644 --- a/stable/testlink/README.md +++ b/stable/testlink/README.md @@ -49,71 +49,72 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the TestLink chart and their default values. -| Parameter | Description | Default | -|-------------------------------------|-----------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | TestLink image registry | `docker.io` | -| `image.repository` | TestLink image name | `bitnami/testlink` | -| `image.tag` | TestLink image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `nameOverride` | String to partially override testlink.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override testlink.fullname template with a string | `nil` | -| `testlinkUsername` | Admin username | `user` | -| `testlinkPassword` | Admin user password | _random 10 character long alphanumeric string_ | -| `testlinkEmail` | Admin user email | `user@example.com` | -| `smtpEnable` | Enable SMTP | `false` | -| `smtpHost` | SMTP host | `nil` | -| `smtpPort` | SMTP port | `nil` | -| `smtpUser` | SMTP user | `nil` | -| `smtpPassword` | SMTP password | `nil` | -| `smtpConnectionMode` | SMTP connection mode [`ssl`, `tls`] | `nil` | -| `allowEmptyPassword` | Allow DB blank passwords | `yes` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.annotations` | Ingress annotations | `[]` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.hosts[0].name` | Hostname to your testlink installation | `testlink.local` | -| `ingress.hosts[0].path` | Path within the url structure | `/` | -| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | -| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` | -| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `testlink.local-tls-secret` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | -| `externalDatabase.host` | Host of the external database | `nil` | -| `externalDatabase.port` | Port of the external database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_testlink` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.database` | Name of the existing database | `bitnami_testlink` | -| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | -| `mariadb.db.name` | Database name to create | `bitnami_testlink` | -| `mariadb.db.user` | Database user to create | `bn_testlink` | -| `mariadb.db.password` | Password for the database | `nil` | -| `mariadb.rootUser.password` | MariaDB admin password | `nil` | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.nodePorts.https` | Kubernetes https node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.testlink.storageClass` | PVC Storage Class for TestLink volume | `nil` (uses alpha storage class annotation) | -| `persistence.testlink.accessMode` | PVC Access Mode for TestLink volume | `ReadWriteOnce` | -| `persistence.testlink.size` | PVC Storage Request for TestLink volume | `8Gi` | -| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | -| `podAnnotations` | Pod annotations | `{}` | -| `affinity` | Map of node/pod affinities | `{}` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | -| `metrics.resources` | Exporter resource requests/limit | {} | +| Parameter | Description | Default | +|-------------------------------------|-------------------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | TestLink image registry | `docker.io` | +| `image.repository` | TestLink image name | `bitnami/testlink` | +| `image.tag` | TestLink image tag | `{TAG_NAME}` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `nameOverride` | String to partially override testlink.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override testlink.fullname template with a string | `nil` | +| `testlinkUsername` | Admin username | `user` | +| `testlinkPassword` | Admin user password | _random 10 character long alphanumeric string_ | +| `testlinkEmail` | Admin user email | `user@example.com` | +| `smtpEnable` | Enable SMTP | `false` | +| `smtpHost` | SMTP host | `nil` | +| `smtpPort` | SMTP port | `nil` | +| `smtpUser` | SMTP user | `nil` | +| `smtpPassword` | SMTP password | `nil` | +| `smtpConnectionMode` | SMTP connection mode [`ssl`, `tls`] | `nil` | +| `allowEmptyPassword` | Allow DB blank passwords | `yes` | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.annotations` | Ingress annotations | `[]` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.hosts[0].name` | Hostname to your testlink installation | `testlink.local` | +| `ingress.hosts[0].path` | Path within the url structure | `/` | +| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | +| `ingress.hosts[0].tlsHosts` | Array of TLS hosts for ingress record (defaults to `ingress.hosts[0].name` if `nil`) | `nil` | +| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `testlink.local-tls-secret` | +| `ingress.secrets[0].name` | TLS Secret Name | `nil` | +| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | +| `ingress.secrets[0].key` | TLS Secret Key | `nil` | +| `externalDatabase.host` | Host of the external database | `nil` | +| `externalDatabase.port` | Port of the external database | `3306` | +| `externalDatabase.user` | Existing username in the external db | `bn_testlink` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `externalDatabase.database` | Name of the existing database | `bitnami_testlink` | +| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | +| `mariadb.db.name` | Database name to create | `bitnami_testlink` | +| `mariadb.db.user` | Database user to create | `bn_testlink` | +| `mariadb.db.password` | Password for the database | `nil` | +| `mariadb.rootUser.password` | MariaDB admin password | `nil` | +| `service.type` | Kubernetes Service type | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.httpsPort` | Service HTTPS port | `443` | +| `service.nodePorts.http` | Kubernetes http node port | `""` | +| `service.nodePorts.https` | Kubernetes https node port | `""` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | +| `service.annotations` | Kubernetes service annotations, evaluated as a template | `{}` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.testlink.storageClass` | PVC Storage Class for TestLink volume | `nil` (uses alpha storage class annotation) | +| `persistence.testlink.accessMode` | PVC Access Mode for TestLink volume | `ReadWriteOnce` | +| `persistence.testlink.size` | PVC Storage Request for TestLink volume | `8Gi` | +| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | +| `podAnnotations` | Pod annotations | `{}` | +| `affinity` | Map of node/pod affinities | `{}` | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Apache exporter image registry | `docker.io` | +| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | +| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | +| `metrics.resources` | Exporter resource requests/limit | {} | The above parameters map to the env variables defined in [bitnami/testlink](http://github.com/bitnami/bitnami-docker-testlink). For more information please refer to the [bitnami/testlink](http://github.com/bitnami/bitnami-docker-testlink) image documentation. diff --git a/stable/testlink/templates/_helpers.tpl b/stable/testlink/templates/_helpers.tpl index 9c35e5448c8c..5c0e8591008c 100644 --- a/stable/testlink/templates/_helpers.tpl +++ b/stable/testlink/templates/_helpers.tpl @@ -164,3 +164,16 @@ Return the appropriate apiVersion for deployment. {{- print "apps/v1" -}} {{- end -}} {{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "testlink.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "testlink.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/stable/testlink/templates/svc.yaml b/stable/testlink/templates/svc.yaml index ea5ddbf93985..76b7e2185331 100644 --- a/stable/testlink/templates/svc.yaml +++ b/stable/testlink/templates/svc.yaml @@ -7,6 +7,9 @@ metadata: chart: "{{ template "testlink.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Name | quote }} +{{- if .Values.service.annotations }} + annotations: {{ include "testlink.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} +{{- end }} spec: type: {{ .Values.service.type }} {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} diff --git a/stable/testlink/values.yaml b/stable/testlink/values.yaml index 69da08d8e2a6..f1bd96676cb2 100644 --- a/stable/testlink/values.yaml +++ b/stable/testlink/values.yaml @@ -162,6 +162,10 @@ service: ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster + ## Provide any additional annotations which may be required. + ## Evaluated as a template + ## + annotations: {} ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ From 381f2c29e3b3140b4276ce14c43ff692f1317aef Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 4 Feb 2020 12:53:25 +0100 Subject: [PATCH 019/304] [stable/mongodb] Release 7.8.2 updating components versions (#20537) Signed-off-by: Bitnami Containers --- stable/mongodb/Chart.yaml | 4 ++-- stable/mongodb/values-production.yaml | 4 ++-- stable/mongodb/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index a6ad88c71bac..64a4884326fa 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: mongodb -version: 7.8.1 -appVersion: 4.2.2 +version: 7.8.2 +appVersion: 4.2.3 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: - mongodb diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index b64e0e91ebba..6bc9e621bb2b 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -18,7 +18,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.2.2-debian-10-r0 + tag: 4.2.3-debian-10-r10 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -437,7 +437,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.10.0-debian-10-r0 + tag: 0.10.0-debian-10-r9 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 2569efd73627..1d15f9c56592 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -18,7 +18,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.2.2-debian-10-r0 + tag: 4.2.3-debian-10-r10 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -439,7 +439,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.10.0-debian-10-r0 + tag: 0.10.0-debian-10-r9 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 98a5b827fb7800eef21f24c29317d16695553971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Tue, 4 Feb 2020 17:19:27 +0100 Subject: [PATCH 020/304] update grafana sidecar to 0.1.75 (#20538) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 2 +- stable/grafana/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index f30bfa543934..98bab39ef428 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 4.5.1 +version: 4.6.2 appVersion: 6.6.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index e75b634076de..c2ba923b6add 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -114,7 +114,7 @@ This version requires Helm >= 2.12.0. | `podAnnotations` | Pod annotations | `{}` | | `podLabels` | Pod labels | `{}` | | `podPortName` | Name of the grafana port on the pod | `grafana` | -| `sidecar.image` | Sidecar image | `kiwigrid/k8s-sidecar:0.1.20` | +| `sidecar.image` | Sidecar image | `kiwigrid/k8s-sidecar:0.1.75` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index b68df027cabc..4e6c35429a40 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -429,7 +429,7 @@ smtp: ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: - image: kiwigrid/k8s-sidecar:0.1.20 + image: kiwigrid/k8s-sidecar:0.1.75 imagePullPolicy: IfNotPresent resources: {} # limits: From 6097dab16e56bda98c4a5550a7ecd8fec2a5b4f9 Mon Sep 17 00:00:00 2001 From: Steven Davidovitz Date: Tue, 4 Feb 2020 09:29:26 -0800 Subject: [PATCH 021/304] [stable/nginx-ingress] allow clusterIP values to be set empty (#20518) Signed-off-by: Steven Davidovitz --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/README.md | 8 ++++---- .../templates/controller-metrics-service.yaml | 4 +++- stable/nginx-ingress/templates/controller-service.yaml | 4 +++- .../templates/controller-webhook-service.yaml | 4 +++- .../nginx-ingress/templates/default-backend-service.yaml | 4 +++- 6 files changed, 17 insertions(+), 9 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 3e67b8ef8ee3..6cf35c292f3a 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.29.6 +version: 1.29.7 appVersion: 0.28.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index 87351c8aeae7..e6e99e4f7696 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -98,7 +98,7 @@ Parameter | Description | Default `controller.publishService.enabled` | if true, the controller will set the endpoint records on the ingress objects to reflect those on the service | `false` `controller.publishService.pathOverride` | override of the default publish-service name | `""` `controller.service.enabled` | if disabled no service will be created. This is especially useful when `controller.kind` is set to `DaemonSet` and `controller.daemonset.useHostPorts` is `true` | true -`controller.service.clusterIP` | internal controller cluster service IP | `nil` +`controller.service.clusterIP` | internal controller cluster service IP (set to `"-"` to pass an empty value) | `nil` `controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false` `controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]` `controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"` @@ -130,7 +130,7 @@ Parameter | Description | Default `controller.readinessProbe.port` | The port number that the readiness probe will listen on. | 10254 `controller.metrics.enabled` | if `true`, enable Prometheus metrics | `false` `controller.metrics.service.annotations` | annotations for Prometheus metrics service | `{}` -`controller.metrics.service.clusterIP` | cluster IP address to assign to service | `nil` +`controller.metrics.service.clusterIP` | cluster IP address to assign to service (set to `"-"` to pass an empty value) | `nil` `controller.metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false` `controller.metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]` `controller.metrics.service.labels` | labels for metrics service | `{}` @@ -153,7 +153,7 @@ Parameter | Description | Default `controller.admissionWebhooks.port` | Admission webhook port | `8080` `controller.admissionWebhooks.service.annotations` | Annotations for admission webhook service | `{}` `controller.admissionWebhooks.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the admission webhook service | `false` -`controller.admissionWebhooks.service.clusterIP` | cluster IP address to assign to admission webhook service | `nil` +`controller.admissionWebhooks.service.clusterIP` | cluster IP address to assign to admission webhook service (set to `"-"` to pass an empty value) | `nil` `controller.admissionWebhooks.service.externalIPs` | Admission webhook service external IP addresses | `[]` `controller.admissionWebhooks.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` `controller.admissionWebhooks.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` @@ -205,7 +205,7 @@ Parameter | Description | Default `defaultBackend.priorityClassName` | default backend priorityClassName | `nil` `defaultBackend.podSecurityContext` | Security context policies to add to the default backend | `{}` `defaultBackend.service.annotations` | annotations for default backend service | `{}` -`defaultBackend.service.clusterIP` | internal default backend cluster service IP | `nil` +`defaultBackend.service.clusterIP` | internal default backend cluster service IP (set to `"-"` to pass an empty value) | `nil` `defaultBackend.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the default backend service | `false` `defaultBackend.service.externalIPs` | default backend service external IP addresses | `[]` `defaultBackend.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` diff --git a/stable/nginx-ingress/templates/controller-metrics-service.yaml b/stable/nginx-ingress/templates/controller-metrics-service.yaml index 98d2046c1d8f..f38dca01da96 100644 --- a/stable/nginx-ingress/templates/controller-metrics-service.yaml +++ b/stable/nginx-ingress/templates/controller-metrics-service.yaml @@ -20,7 +20,9 @@ metadata: name: {{ template "nginx-ingress.controller.fullname" . }}-metrics spec: {{- if not .Values.controller.metrics.service.omitClusterIP }} - {{ with .Values.controller.metrics.service.clusterIP }}clusterIP: {{ . | quote }}{{ end }} + {{- with .Values.controller.metrics.service.clusterIP }} + clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} + {{- end }} {{- end }} {{- if .Values.controller.metrics.service.externalIPs }} externalIPs: diff --git a/stable/nginx-ingress/templates/controller-service.yaml b/stable/nginx-ingress/templates/controller-service.yaml index 54608baf1e34..2cd248972ad7 100644 --- a/stable/nginx-ingress/templates/controller-service.yaml +++ b/stable/nginx-ingress/templates/controller-service.yaml @@ -20,7 +20,9 @@ metadata: name: {{ template "nginx-ingress.controller.fullname" . }} spec: {{- if not .Values.controller.service.omitClusterIP }} - {{ with .Values.controller.service.clusterIP }}clusterIP: {{ . | quote }}{{ end }} + {{- with .Values.controller.service.clusterIP }} + clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} + {{- end }} {{- end }} {{- if .Values.controller.service.externalIPs }} externalIPs: diff --git a/stable/nginx-ingress/templates/controller-webhook-service.yaml b/stable/nginx-ingress/templates/controller-webhook-service.yaml index 6c6d0cfed22e..0b2a4ca79c9e 100644 --- a/stable/nginx-ingress/templates/controller-webhook-service.yaml +++ b/stable/nginx-ingress/templates/controller-webhook-service.yaml @@ -17,7 +17,9 @@ metadata: name: {{ template "nginx-ingress.controller.fullname" . }}-admission spec: {{- if not .Values.controller.admissionWebhooks.service.omitClusterIP }} - {{ with .Values.controller.admissionWebhooks.service.clusterIP }}clusterIP: {{ . | quote }}{{ end }} + {{- with .Values.controller.admissionWebhooks.service.clusterIP }} + clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} + {{- end }} {{- end }} {{- if .Values.controller.admissionWebhooks.service.externalIPs }} externalIPs: diff --git a/stable/nginx-ingress/templates/default-backend-service.yaml b/stable/nginx-ingress/templates/default-backend-service.yaml index 9f47c6fcdcce..c7d336eeaf32 100644 --- a/stable/nginx-ingress/templates/default-backend-service.yaml +++ b/stable/nginx-ingress/templates/default-backend-service.yaml @@ -17,7 +17,9 @@ metadata: name: {{ template "nginx-ingress.defaultBackend.fullname" . }} spec: {{- if not .Values.defaultBackend.service.omitClusterIP }} - {{ with .Values.defaultBackend.service.clusterIP }}clusterIP: {{ . | quote }}{{ end }} + {{- with .Values.defaultBackend.service.clusterIP }} + clusterIP: {{ if eq "-" . }}""{{ else }}{{ . | quote }}{{ end }} + {{- end }} {{- end }} {{- if .Values.defaultBackend.service.externalIPs }} externalIPs: From e4039a801241435b5ad95eaf0cd6b1cad6cf2a75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Tue, 4 Feb 2020 20:25:27 +0100 Subject: [PATCH 022/304] [stable/kube-state-metrics] Version bump to 1.9.4 (#20543) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Rüger --- stable/kube-state-metrics/Chart.yaml | 4 ++-- stable/kube-state-metrics/README.md | 2 +- stable/kube-state-metrics/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index 643961678636..2c3e2a24302b 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -6,8 +6,8 @@ keywords: - monitoring - prometheus - kubernetes -version: 2.6.3 -appVersion: 1.9.3 +version: 2.6.4 +appVersion: 1.9.4 home: https://github.com/kubernetes/kube-state-metrics/ sources: - https://github.com/kubernetes/kube-state-metrics/ diff --git a/stable/kube-state-metrics/README.md b/stable/kube-state-metrics/README.md index 558f07c2cd14..e7fe09728429 100644 --- a/stable/kube-state-metrics/README.md +++ b/stable/kube-state-metrics/README.md @@ -15,7 +15,7 @@ $ helm install stable/kube-state-metrics | Parameter | Description | Default | |:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| | `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.9.3` | +| `image.tag` | The image tag to pull from | `v1.9.4` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicas` | Number of replicas | `1` | | `service.port` | The port of the container | `8080` | diff --git a/stable/kube-state-metrics/values.yaml b/stable/kube-state-metrics/values.yaml index bf9453b82879..5af53834add6 100644 --- a/stable/kube-state-metrics/values.yaml +++ b/stable/kube-state-metrics/values.yaml @@ -2,7 +2,7 @@ prometheusScrape: true image: repository: quay.io/coreos/kube-state-metrics - tag: v1.9.3 + tag: v1.9.4 pullPolicy: IfNotPresent replicas: 1 From ba7742841f6936f74d911d20d2fc52e7983efe47 Mon Sep 17 00:00:00 2001 From: Even Holthe Date: Tue, 4 Feb 2020 22:56:35 +0100 Subject: [PATCH 023/304] [stable/nginx-ingress] Add sessionAffinity to controller service (#20529) * [stable/nginx-ingress] Add sessionAffinity to controller service Signed-off-by: Even Holthe * [stable/nginx-ingress] Bump chart version to 1.30.0 Signed-off-by: Even Holthe --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/README.md | 1 + stable/nginx-ingress/templates/controller-service.yaml | 3 +++ stable/nginx-ingress/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 6cf35c292f3a..7d570226bea7 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.29.7 +version: 1.30.0 appVersion: 0.28.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index e6e99e4f7696..104bf2346d31 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -102,6 +102,7 @@ Parameter | Description | Default `controller.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the controller service | `false` `controller.service.externalIPs` | controller service external IP addresses. Do not set this when `controller.hostNetwork` is set to `true` and `kube-proxy` is used as there will be a port-conflict for port `80` | `[]` `controller.service.externalTrafficPolicy` | If `controller.service.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable [source IP preservation](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport) | `"Cluster"` +`controller.service.sessionAffinity` | Enables client IP based session affinity. Must be `ClientIP` or `None` if set. | `""` `controller.service.healthCheckNodePort` | If `controller.service.type` is `NodePort` or `LoadBalancer` and `controller.service.externalTrafficPolicy` is set to `Local`, set this to [the managed health-check port the kube-proxy will expose](https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typenodeport). If blank, a random port in the `NodePort` range will be assigned | `""` `controller.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` `controller.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` diff --git a/stable/nginx-ingress/templates/controller-service.yaml b/stable/nginx-ingress/templates/controller-service.yaml index 2cd248972ad7..5961fc159480 100644 --- a/stable/nginx-ingress/templates/controller-service.yaml +++ b/stable/nginx-ingress/templates/controller-service.yaml @@ -38,6 +38,9 @@ spec: {{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.externalTrafficPolicy) }} externalTrafficPolicy: "{{ .Values.controller.service.externalTrafficPolicy }}" {{- end }} +{{- if .Values.controller.service.sessionAffinity }} + sessionAffinity: "{{ .Values.controller.service.sessionAffinity }}" +{{- end }} {{- if and (semverCompare ">=1.7-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.service.healthCheckNodePort) }} healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }} {{- end }} diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 3e58fdd71728..1360a442e90e 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -254,6 +254,10 @@ controller: ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer externalTrafficPolicy: "" + # Must be either "None" or "ClusterIP" if set. Kubernetes will default to "None". + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + sessionAffinity: "" + healthCheckNodePort: 0 ports: From 080cbc91c9195f754a337500a49f33ce8579f4c2 Mon Sep 17 00:00:00 2001 From: rowanr Date: Wed, 5 Feb 2020 00:11:54 +0100 Subject: [PATCH 024/304] [stable/pgadmin] abundance curly bracket (#20540) Signed-off-by: Rowan Ruseler --- stable/pgadmin/Chart.yaml | 2 +- stable/pgadmin/README.md | 4 ++-- stable/pgadmin/templates/deployment.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/pgadmin/Chart.yaml b/stable/pgadmin/Chart.yaml index 2c0720f8c2f6..04e97c1274c9 100644 --- a/stable/pgadmin/Chart.yaml +++ b/stable/pgadmin/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: pgAdmin is a web based administration tool for PostgreSQL database name: pgadmin -version: 1.1.2 +version: 1.1.3 appVersion: 4.17.0 home: https://www.pgadmin.org/ source: https://github.com/rowanruseler/pgadmin diff --git a/stable/pgadmin/README.md b/stable/pgadmin/README.md index ea7e4f968574..382146fa2cf7 100644 --- a/stable/pgadmin/README.md +++ b/stable/pgadmin/README.md @@ -66,7 +66,7 @@ The command removes nearly all the Kubernetes components associated with the cha | `tolerations` | Node tolerations for pod assignment | `[]` | | `affinity` | Node affinity for pod assignment | `{}` | -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: ```bash $ helm install stable/pgadmin --name my-release \ @@ -74,7 +74,7 @@ $ helm install stable/pgadmin --name my-release \ ``` Alternatively, a YAML file that specifies the values for the parameters can be -provided while installing the chart. For example, +provided while installing the chart. For example: ```bash $ helm install stable/pgadmin --name my-release -f values.yaml diff --git a/stable/pgadmin/templates/deployment.yaml b/stable/pgadmin/templates/deployment.yaml index 4633e8e11bdd..a94af6f436a4 100644 --- a/stable/pgadmin/templates/deployment.yaml +++ b/stable/pgadmin/templates/deployment.yaml @@ -13,7 +13,7 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.strategy }} strategy: - {{- .Values.strategy | toYaml | nindent 4 }}} + {{- .Values.strategy | toYaml | nindent 4 }} {{- end }} template: metadata: From a1da8b790d01f1a89c5535488a268bb166b58a26 Mon Sep 17 00:00:00 2001 From: Alessandro De Blasis Date: Wed, 5 Feb 2020 10:15:55 +0000 Subject: [PATCH 025/304] [stable/airflow] fix(requirements): updated versions (#20228) * fix(requirements): updated versions Fixes installation errors on recent K8S versions Signed-off-by: Alessandro De Blasis * chore(version): chart version bump Signed-off-by: Alessandro De Blasis * chore(lockfile): removed lockfile Signed-off-by: Alessandro De Blasis * chore(bump): bumping again since it was updated Signed-off-by: Alessandro De Blasis * fix(postgresql): updated config keys Signed-off-by: Alessandro De Blasis * fix(redis): updated config keys Signed-off-by: Alessandro De Blasis * chore(README.md): upgrade guide Signed-off-by: Alessandro De Blasis * chore(lint): trailing spaces Signed-off-by: Alessandro De Blasis * fix(postgres): renamed secret key Signed-off-by: Alessandro De Blasis --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 21 +++++++++++++++++---- stable/airflow/requirements.lock | 9 --------- stable/airflow/requirements.yaml | 4 ++-- stable/airflow/values.yaml | 16 +++++++++------- 5 files changed, 29 insertions(+), 23 deletions(-) delete mode 100644 stable/airflow/requirements.lock diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 9bbee90dfd88..d35dd4e5b668 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 5.2.5 +version: 6.0.0 appVersion: 1.10.4 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 036c786aced2..45501ef65503 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -486,18 +486,19 @@ The following table lists the configurable parameters of the Airflow chart and t | `postgresql.existingSecretKey` | The name of the key containing the password in the secret named `postgresql.existingSecret` | `postgres-password` | | `postgresql.uri` | full URL to custom postgres setup | (undefined) | | `postgresql.postgresHost` | PostgreSQL Hostname | (undefined) | -| `postgresql.postgresUser` | PostgreSQL User | `postgres` | -| `postgresql.postgresPassword` | PostgreSQL Password | `airflow` | -| `postgresql.postgresDatabase` | PostgreSQL Database name | `airflow` | +| `postgresql.postgresqlUsername` | PostgreSQL User | `postgres` | +| `postgresql.postgresqlPassword` | PostgreSQL Password | `airflow` | +| `postgresql.postgresqlDatabase` | PostgreSQL Database name | `airflow` | | `postgresql.persistence.enabled` | Enable Postgres PVC | `true` | | `postgresql.persistence.storageClass` | Persistent class | (undefined) | -| `postgresql.persistence.accessMode` | Access mode | `ReadWriteOnce` | +| `postgresql.persistence.accessModes` | Access modes | `[ ReadWriteOnce ]` | | `redis.enabled` | Create a Redis cluster | `true` | | `redis.existingSecret` | The name of an existing secret with a key named `redis.existingSecretKey` to use as the password | `nil` | | `redis.existingSecretKey` | The name of the key containing the password in the secret named `redis.existingSecret` | `redis-password` | | `redis.redisHost` | Redis Hostname | (undefined) | | `redis.password` | Redis password | `airflow` | | `redis.master.persistence.enabled` | Enable Redis PVC | `false` | +| `redis.master.persistence.accessModes` | Access modes | `[ ReadWriteOnce ]` | | `redis.cluster.enabled` | enable master-slave cluster | `false` | | `serviceMonitor.enabled` | enable service monitor | `false` | | `serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | @@ -513,6 +514,18 @@ Full and up-to-date documentation can be found in the comments of the `values.ya ## Upgrading +### To 6.0.0 +This version updates `postgresql` and `redis` dependencies. +There are a few config key changes, in order to upgrade from a 5.x chart, modify your `values.yaml` by mapping the keys as follows: + +| 5.x.x | 6.x.x | Notes | +|--------------------------------------|---------------------------------------|-----------------------------------------------------------| +|`postgresql.postgresUser` |`postgresql.postgresqlUsername` | | +|`postgresql.postgresPassword` |`postgresql.postgresqlPassword` | | +|`postgresql.postgresDatabase` |`postgresql.postgresqlDatabase` | | +|`postgresql.persistence.accessMode` |`postgresql.persistence.accessModes` | Instead of a single value, now the config accepts an array| +|`redis.master.persistence.accessMode` |`redis.master.persistence.accessModes` | Instead of a single value, now the config accepts an array| + ### To 5.0.0 This version splits the configuration for webserver and flower web UI from ingress configurations for separation of concerns. diff --git a/stable/airflow/requirements.lock b/stable/airflow/requirements.lock deleted file mode 100644 index fe05c3d622b7..000000000000 --- a/stable/airflow/requirements.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.13.1 -- name: redis - repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.0.0 -digest: sha256:b69868c9f0a2f73e76764c7aef0e738d77c4af2010d0d2b808fa82bedd239389 -generated: "2019-05-23T17:08:16.898581+07:00" diff --git a/stable/airflow/requirements.yaml b/stable/airflow/requirements.yaml index f9683d145a24..047b0fbca80c 100644 --- a/stable/airflow/requirements.yaml +++ b/stable/airflow/requirements.yaml @@ -1,9 +1,9 @@ dependencies: - name: postgresql - version: 0.13.1 + version: 8.1.4 repository: https://kubernetes-charts.storage.googleapis.com/ condition: postgresql.enabled - name: redis - version: 7.0.0 + version: 10.3.4 repository: https://kubernetes-charts.storage.googleapis.com/ condition: redis.enabled diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 5ba0b44d8987..baa49b91a39f 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -600,7 +600,7 @@ postgresql: existingSecret: ## Name of the key containing the secret. - existingSecretKey: postgres-password + existingSecretKey: postgresql-password ## ## If you are bringing your own PostgreSQL, you should set postgresHost and @@ -611,14 +611,14 @@ postgresql: service: port: 5432 ## PostgreSQL User to create. - postgresUser: postgres + postgresqlUsername: postgres ## ## PostgreSQL Password for the new user. ## If not set, a random 10 characters password will be used. - postgresPassword: airflow + postgresqlPassword: airflow ## ## PostgreSQL Database to create. - postgresDatabase: airflow + postgresqlDatabase: airflow ## ## Persistent Volume Storage configuration. ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes @@ -630,8 +630,9 @@ postgresql: ## Persistant class # storageClass: classname ## - ## Access mode: - accessMode: ReadWriteOnce + ## Access modes: + accessModes: + - ReadWriteOnce ## Configuration values for the Redis dependency. @@ -676,7 +677,8 @@ redis: # storageClass: classname ## ## Access mode: - accessMode: ReadWriteOnce + accessModes: + - ReadWriteOnce ## ## Disable cluster management by default. cluster: From 0118be48a1411e2568585981442c7e0a2780dc08 Mon Sep 17 00:00:00 2001 From: Mohamed Hazem Date: Wed, 5 Feb 2020 12:37:55 +0100 Subject: [PATCH 026/304] - Allow Graylog provisioner job to use Graylog ServiceAccount (#20550) - Make rbac resources configurable - Fix wrong variable reference in README.md - Bump chart version Signed-off-by: Mohamed Hazem --- stable/graylog/Chart.yaml | 2 +- stable/graylog/README.md | 6 ++++-- stable/graylog/templates/job.yaml | 3 +++ stable/graylog/templates/role.yaml | 3 +-- stable/graylog/values.yaml | 5 +++++ 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/stable/graylog/Chart.yaml b/stable/graylog/Chart.yaml index 60d979d219fc..238d1f59b150 100755 --- a/stable/graylog/Chart.yaml +++ b/stable/graylog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: graylog home: https://www.graylog.org -version: 1.5.3 +version: 1.5.4 appVersion: 3.1 description: Graylog is the centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. keywords: diff --git a/stable/graylog/README.md b/stable/graylog/README.md index c5e6105d3997..5de6841456cf 100644 --- a/stable/graylog/README.md +++ b/stable/graylog/README.md @@ -142,13 +142,15 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.journal.deleteBeforeStart` | Delete all journal files before start Graylog | `false` | | `graylog.init.resources` | Configure resource requests and limits for the Graylog StatefulSet initContainer | `{}` | | `graylog.provisioner.enabled` | Enable optional Job to run an arbitrary Bash script | `false` | +| `graylog.provisioner.useGraylogServiceAccount` | Use the same ServiceAccount used by Graylog pod | `false` | | `graylog.provisioner.script` | The contents of the provisioner Bash script | `` | | `graylog.extraVolumeMounts` | Additional Volume mounts | `[]` | | `graylog.extraVolumes` | Additional Volumes | `[]` | | `graylog.extraInitContainers` | Additional Init containers | `[]` | | `rbac.create` | If true, create & use RBAC resources | `true` | -| `rbac.serviceAccount.create` | If true, create the Graylog service account | `true` | -| `rbac.serviceAccount.name` | Name of the server service account to use or create | `{{ graylog.fullname }}` | +| `rbac.resources` | List of resources | `[pods, secrets]` | +| `serviceAccount.create` | If true, create the Graylog service account | `true` | +| `serviceAccount.name` | Name of the server service account to use or create | `{{ graylog.fullname }}` | | `tags.install-mongodb` | If true, this chart will install MongoDB from requirement dependencies. If you want to install MongoDB by yourself, please set to `false` | `true` | | `tags.install-elasticsearch` | If true, this chart will install Elasticsearch from requirement dependencies. If you want to install Elasticsearch by yourself, please set to `false` | `true` | diff --git a/stable/graylog/templates/job.yaml b/stable/graylog/templates/job.yaml index 1a8d57921b9f..db65291be632 100644 --- a/stable/graylog/templates/job.yaml +++ b/stable/graylog/templates/job.yaml @@ -19,6 +19,9 @@ spec: app.kubernetes.io/instance: "{{ .Release.Name }}" app.kubernetes.io/version: "{{ .Chart.AppVersion }}" spec: + {{ if .Values.graylog.provisioner.useGraylogServiceAccount }} + serviceAccountName: {{ template "graylog.serviceAccountName" . }} + {{ end }} containers: - name: {{ template "graylog.fullname" . }}-provisioner-job image: "alpine" diff --git a/stable/graylog/templates/role.yaml b/stable/graylog/templates/role.yaml index b0390d24757c..c3943cbfddf0 100644 --- a/stable/graylog/templates/role.yaml +++ b/stable/graylog/templates/role.yaml @@ -13,8 +13,7 @@ rules: - apiGroups: - "" resources: - - pods - - secrets +{{ toYaml .Values.rbac.resources | indent 4 }} verbs: - get - list diff --git a/stable/graylog/values.yaml b/stable/graylog/values.yaml index b14e75f86898..7f15587cd0a4 100644 --- a/stable/graylog/values.yaml +++ b/stable/graylog/values.yaml @@ -7,6 +7,10 @@ rbac: ## create: true + resources: + - pods + - secrets + serviceAccount: # Specifies whether a ServiceAccount should be created ## @@ -306,6 +310,7 @@ graylog: ## provisioner: enabled: false + useGraylogServiceAccount: false # script: | # json='{ # "username_header": "X-Auth-Request-User", From 89cb1e0a8c752709c34445e8d2a0290979b50ccc Mon Sep 17 00:00:00 2001 From: ReSearchITEng Date: Wed, 5 Feb 2020 13:45:55 +0200 Subject: [PATCH 027/304] [stable/postgresql]: auto features for hardened OpenShift clusters (#20479) * [postgresql]: auto features for hardened OpenShift clusters, where scc can have different uid ranges; this commit adds options to skip setting runAsUser and try to autodetermine at init Signed-off-by: ReSearchITEng * [postgresql]: auto features for hardened OpenShift clusters, where scc can have different uid ranges; this commit adds options to skip setting runAsUser and try to autodetermine at init-readme Signed-off-by: ReSearchITEng * [postgresql]: auto features for hardened OpenShift clusters, where scc can have different uid ranges; this commit adds options to skip setting runAsUser and try to autodetermine at init-linthappy Signed-off-by: ReSearchITEng * [postgresql]: auto features for hardened OpenShift clusters, where scc can have different uid ranges; this commit adds options to skip setting runAsUser and try to autodetermine at init-toStringComp Signed-off-by: ReSearchITEng * bump major ver-chart interf. was updated;sync values-prod with values Signed-off-by: ReSearchITEng * fix test to use volumePermissions.securityContext Signed-off-by: ReSearchITEng * lint: trailing spaces Signed-off-by: ReSearchITEng --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 5 ++++- .../postgresql/templates/statefulset-slaves.yaml | 15 ++++++++++++--- stable/postgresql/templates/statefulset.yaml | 15 ++++++++++++--- stable/postgresql/values-production.yaml | 9 +++++++++ stable/postgresql/values.yaml | 10 ++++++++++ 6 files changed, 48 insertions(+), 8 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 1a39830c8565..c7c3ed40ece5 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.2.1 +version: 8.3.0 appVersion: 11.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 90402376bee4..c59862abbdd5 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -70,7 +70,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | | `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | | `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | | `ldap.enabled` | Enable LDAP support | `false` | | `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | @@ -121,6 +121,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | [] | | `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | | `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (when shmVolume.enabled is also true) | `true` | | `persistence.enabled` | Enable persistence using PVC | `true` | | `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | | `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | @@ -377,6 +378,8 @@ This label will be displayed in the output of a successful install. - The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. - The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false + ### Deploy chart using Docker Official PostgreSQL Image diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 350619947f2a..e7bd50db5fa3 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -77,17 +77,26 @@ spec: {{- end }} command: - /bin/sh - - -c + - -cx - | + echo "current user id: `id`" mkdir -p {{ .Values.persistence.mountPath }}/data chmod 700 {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- if .Values.shmVolume.enabled }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} chmod -R 777 /dev/shm {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} securityContext: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} volumeMounts: - name: data mountPath: {{ .Values.persistence.mountPath }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 4b8b7913fb70..487a27776aac 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -81,17 +81,26 @@ spec: {{- end }} command: - /bin/sh - - -c + - -cx - | + echo "current user id: `id`" mkdir -p {{ .Values.persistence.mountPath }}/data chmod 700 {{ .Values.persistence.mountPath }}/data - find {{ .Values.persistence.mountPath }} -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} - {{- if .Values.shmVolume.enabled }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} chmod -R 777 /dev/shm {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: + {{- else }} securityContext: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} + {{- end }} volumeMounts: - name: data mountPath: {{ .Values.persistence.mountPath }} diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 24d92c8adcc0..04251126b63b 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -63,6 +63,13 @@ volumePermissions: # pullSecrets: # - myRegistryKeySecretName ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false . securityContext: runAsUser: 0 @@ -263,6 +270,8 @@ service: ## this limitation. shmVolume: enabled: true + chmod: + enabled: true ## PostgreSQL data Persistent Volume Storage Class ## If defined, storageClassName: diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index deaa99ba4ad4..8843d31cff7f 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -63,6 +63,13 @@ volumePermissions: # pullSecrets: # - myRegistryKeySecretName ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false . securityContext: runAsUser: 0 @@ -261,8 +268,11 @@ service: ## If this option is present and value is `true`, ## to the target database pod will be mounted a new tmpfs volume to remove ## this limitation. +## If chmod.enabled is `true`, init container will chmod 777 `/dev/shm`. shmVolume: enabled: true + chmod: + enabled: true ## PostgreSQL data Persistent Volume Storage Class ## If defined, storageClassName: From 1c71165c528dc71eb0be249c48b7fbcc064a6ef5 Mon Sep 17 00:00:00 2001 From: Joachim Mathes Date: Wed, 5 Feb 2020 20:39:55 +0100 Subject: [PATCH 028/304] [stable/cockroachdb] Allow TLS secrets for certificates (#20425) * "bring-your-own-certs" scenario bump cockroachdb version to 19.2.1->19.2.2 Signed-off-by: Artur * version bump 3.0.2 -> 3.0.3 Signed-off-by: Artur * [stable/cockroachdb] Allow tls secrets as certificate source This allows usage of cert-manager: https://github.com/jetstack/cert-manager Signed-off-by: Joachim Mathes * [stable/cockroachdb] Align table fields in documentation Signed-off-by: Joachim Mathes * [stable/cockroachdb] Update documentation Signed-off-by: Joachim Mathes Co-authored-by: arturrez <56270896+arturrez@users.noreply.github.com> --- stable/cockroachdb/Chart.yaml | 2 +- stable/cockroachdb/README.md | 174 +++++++++++------- stable/cockroachdb/templates/clusterrole.yaml | 4 +- .../templates/clusterrolebinding.yaml | 4 +- stable/cockroachdb/templates/job.init.yaml | 29 ++- stable/cockroachdb/templates/role.yaml | 4 + stable/cockroachdb/templates/statefulset.yaml | 29 ++- .../cockroachdb/templates/tests/client.yaml | 34 ++++ stable/cockroachdb/values.yaml | 11 ++ 9 files changed, 210 insertions(+), 81 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index 02f03c9a76c2..8ddcb98f0218 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: cockroachdb home: https://www.cockroachlabs.com -version: 3.0.2 +version: 3.0.3 appVersion: 19.2.2 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index de969ca76a3d..6c23e1ae7113 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -53,7 +53,34 @@ helm install --name my-release stable/cockroachdb Note that for a production cluster, you are very likely to want to modify the `storage.persistentVolume.size` and `storage.persistentVolume.storageClass` parameters. This chart defaults to `100 GiB` of disk space per Pod, but you may want more or less depending on your use case, and the default PersistentVolume `storageClass` in your environment may not be what you want for a database (e.g. on GCE and Azure the default is not SSD). -If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`), then you will have to manually approve the cluster's security certificates as the Pods are created. You can see the pending CSRs (certificate-signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each Node (e.g. `default.node.eerie-horse-cockroachdb-0` and one client certificate for the Job that initializes the cluster (e.g. `default.node.root`). +If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`) and `tls.certs.provided` is set to `no`/`false`, then you will have to manually approve the cluster's security certificates as the Pods are created. You can see the pending CSRs (certificate-signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each Node (e.g. `default.node.eerie-horse-cockroachdb-0` and one client certificate for the Job that initializes the cluster (e.g. `default.node.root`). + +When `tls.certs.provided` is set to `yes`/`true`, this chart will use certificates created outside of Kubernetes. You may want to use this if you want to use a different certificate authority from the one being used by Kubernetes or if your Kubernetes cluster doesn't fully support certificate-signing requests. To use this, first set up your certificates and load them into your Kubernetes cluster as Secrets using the commands below: +``` +mkdir certs +mkdir my-safe-directory +cockroach cert create-ca --certs-dir=certs --ca-key=my-safe-directory/ca.key +cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key +kubectl create secret generic cockroachdb-root --from-file=certs +cockroach cert create-node --certs-dir=certs --ca-key=my-safe-directory/ca.key localhost 127.0.0.1 eerie-horse-cockroachdb-public eerie-horse-cockroachdb-public.default eerie-horse-cockroachdb-public.default.svc.cluster.local *.eerie-horse-cockroachdb *.eerie-horse-cockroachdb.default *.eerie-horse-cockroachdb.default.svc.cluster.local +kubectl create secret generic cockroachdb-node --from-file=certs +``` + +Set `tls.certs.tlsSecret` to `yes/true` if you make use of [cert-manager][3] in your cluster. + +[cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named +* `ca.crt` +* `tls.crt` +* `tls.key` + +On the other hand cockroachdb also demands dedicated certificate filenames: +* `ca.crt` +* `node.crt` +* `node.key` +* `client.root.crt` +* `client.root.key` + +By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according cockroachdb filenames. Confirm that all Pods are `Running` successfully and init has been completed: ```shell @@ -200,76 +227,80 @@ Verify that no Pod is deleted and then upgrade as normal. A new StatefulSet will The following table lists the configurable parameters of the CockroachDB chart and their default values. For details see the `values.yml` file. -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `clusterDomain` | Cluster's default DNS domain | `cluster.local` | -| `conf.attrs` | CockroachDB node attributes | `[]` | -| `conf.cache` | Size of CockroachDB's in-memory cache | `25%` | -| `conf.cluster-name` | Name of CockroachDB cluster | `""` | -| `conf.disable-cluster-name-verification` | Disable CockroachDB cluster name verification | `no` | -| `conf.join` | List of already-existing CockroachDB instances | `[]` | -| `conf.max-disk-temp-storage` | Max storage capacity for temp data | `0` | -| `conf.max-offset` | Max allowed clock offset for CockroachDB cluster | `500ms` | -| `conf.max-sql-memory` | Max memory to use processing SQL querie | `25%` | -| `conf.locality` | Locality attribute for this deployment | `""` | -| `conf.single-node` | Disable CockroachDB clustering (standalone mode) | `no` | -| `conf.sql-audit-dir` | Directory for SQL audit log | `""` | -| `conf.port` | CockroachDB primary serving port in Pods | `26257` | -| `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | -| `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v19.2.2` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | -| `statefulset.replicas` | StatefulSet replicas number | `3` | -| `statefulset.updateStrategy` | Update strategy for StatefulSet Pods | `{"type": "RollingUpdate"}` | -| `statefulset.podManagementPolicy` | `OrderedReady`/`Parallel` Pods creation/deletion order | `Parallel` | -| `statefulset.budget.maxUnavailable` | k8s PodDisruptionBudget parameter | `1` | -| `statefulset.args` | Extra command-line arguments | `[]` | -| `statefulset.env` | Extra env vars | `[]` | -| `statefulset.secretMounts` | Additional Secrets to mount at cluster members | `[]` | -| `statefulset.labels` | Additional labels of StatefulSet and its Pods | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `statefulset.annotations` | Additional annotations of StatefulSet Pods | `{}` | -| `statefulset.nodeAffinity` | [Node affinity rules][2] of StatefulSet Pods | `{}` | -| `statefulset.podAffinity` | [Inter-Pod affinity rules][1] of StatefulSet Pods | `{}` | -| `statefulset.podAntiAffinity` | [Anti-affinity rules][1] of StatefulSet Pods | auto | -| `statefulset.podAntiAffinity.type` | Type of auto [anti-affinity rules][1] | `soft` | -| `statefulset.podAntiAffinity.weight` | Weight for `soft` auto [anti-affinity rules][1] | `100` | -| `statefulset.nodeSelector` | Node labels for StatefulSet Pods assignment | `{}` | -| `statefulset.tolerations` | Node taints to tolerate by StatefulSet Pods | `[]` | -| `statefulset.resources` | Resource requests and limits for StatefulSet Pods | `{}` | -| `service.ports.grpc.external.port` | CockroachDB primary serving port in Services | `26257` | -| `service.ports.grpc.external.name` | CockroachDB primary serving port name in Services | `grpc` | -| `service.ports.grpc.internal.port` | CockroachDB inter-communication port in Services | `26257` | -| `service.ports.grpc.internal.name` | CockroachDB inter-communication port name in Services | `grpc-internal` | -| `service.ports.http.port` | CockroachDB HTTP port in Services | `8080` | -| `service.ports.http.name` | CockroachDB HTTP port name in Services | `http` | -| `service.public.type` | Public Service type | `ClusterIP` | -| `service.public.labels` | Additional labels of public Service | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `service.public.annotations` | Additional annotations of public Service | `{}` | -| `service.discovery.labels` | Additional labels of discovery Service | `{"app.kubernetes.io/component": "cockroachdb"}` | -| `service.discovery.annotations` | Additional annotations of discovery Service | `{}` | -| `storage.hostPath` | Absolute path on host to store data | `""` | -| `storage.persistentVolume.enabled` | Whether to use PersistentVolume to store data | `yes` | -| `storage.persistentVolume.size` | PersistentVolume size | `100Gi` | -| `storage.persistentVolume.storageClass` | PersistentVolume class | `""` | -| `storage.persistentVolume.labels` | Additional labels of PersistentVolumeClaim | `{}` | -| `storage.persistentVolume.annotations` | Additional annotations of PersistentVolumeClaim | `{}` | -| `init.labels` | Additional labels of init Job and its Pod | `{"app.kubernetes.io/component": "init"}` | -| `init.annotations` | Additional labels of the Pod of init Job | `{}` | -| `init.affinity` | [Affinity rules][2] of init Job Pod | `{}` | -| `init.nodeSelector` | Node labels for init Job Pod assignment | `{}` | -| `init.tolerations` | Node taints to tolerate by init Job Pod | `[]` | -| `init.resources` | Resource requests and limits for the Pod of init Job | `{}` | -| `tls.enabled` | Whether to run securely using TLS certificates | `no` | -| `tls.serviceAccount.create` | Whether to create a new RBAC service account | `yes` | -| `tls.serviceAccount.name` | Name of RBAC service account to use | `""` | -| `tls.init.image.repository` | Image to use for requesting TLS certificates | `cockroachdb/cockroach-k8s-request-cert` | -| `tls.init.image.tag` | Image tag to use for requesting TLS certificates | `0.4` | -| `tls.init.image.pullPolicy` | Requesting TLS certificates container pull policy | `IfNotPresent` | -| `tls.init.image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | -| `networkPolicy.enabled` | Enable NetworkPolicy for CockroachDB's Pods | `no` | -| `networkPolicy.ingress.grpc` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | -| `networkPolicy.ingress.http` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `clusterDomain` | Cluster's default DNS domain | `cluster.local` | +| `conf.attrs` | CockroachDB node attributes | `[]` | +| `conf.cache` | Size of CockroachDB's in-memory cache | `25%` | +| `conf.cluster-name` | Name of CockroachDB cluster | `""` | +| `conf.disable-cluster-name-verification` | Disable CockroachDB cluster name verification | `no` | +| `conf.join` | List of already-existing CockroachDB instances | `[]` | +| `conf.max-disk-temp-storage` | Max storage capacity for temp data | `0` | +| `conf.max-offset` | Max allowed clock offset for CockroachDB cluster | `500ms` | +| `conf.max-sql-memory` | Max memory to use processing SQL querie | `25%` | +| `conf.locality` | Locality attribute for this deployment | `""` | +| `conf.single-node` | Disable CockroachDB clustering (standalone mode) | `no` | +| `conf.sql-audit-dir` | Directory for SQL audit log | `""` | +| `conf.port` | CockroachDB primary serving port in Pods | `26257` | +| `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | +| `image.repository` | Container image name | `cockroachdb/cockroach` | +| `image.tag` | Container image tag | `v19.2.2` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | +| `statefulset.replicas` | StatefulSet replicas number | `3` | +| `statefulset.updateStrategy` | Update strategy for StatefulSet Pods | `{"type": "RollingUpdate"}` | +| `statefulset.podManagementPolicy` | `OrderedReady`/`Parallel` Pods creation/deletion order | `Parallel` | +| `statefulset.budget.maxUnavailable` | k8s PodDisruptionBudget parameter | `1` | +| `statefulset.args` | Extra command-line arguments | `[]` | +| `statefulset.env` | Extra env vars | `[]` | +| `statefulset.secretMounts` | Additional Secrets to mount at cluster members | `[]` | +| `statefulset.labels` | Additional labels of StatefulSet and its Pods | `{"app.kubernetes.io/component": "cockroachdb"}` | +| `statefulset.annotations` | Additional annotations of StatefulSet Pods | `{}` | +| `statefulset.nodeAffinity` | [Node affinity rules][2] of StatefulSet Pods | `{}` | +| `statefulset.podAffinity` | [Inter-Pod affinity rules][1] of StatefulSet Pods | `{}` | +| `statefulset.podAntiAffinity` | [Anti-affinity rules][1] of StatefulSet Pods | auto | +| `statefulset.podAntiAffinity.type` | Type of auto [anti-affinity rules][1] | `soft` | +| `statefulset.podAntiAffinity.weight` | Weight for `soft` auto [anti-affinity rules][1] | `100` | +| `statefulset.nodeSelector` | Node labels for StatefulSet Pods assignment | `{}` | +| `statefulset.tolerations` | Node taints to tolerate by StatefulSet Pods | `[]` | +| `statefulset.resources` | Resource requests and limits for StatefulSet Pods | `{}` | +| `service.ports.grpc.external.port` | CockroachDB primary serving port in Services | `26257` | +| `service.ports.grpc.external.name` | CockroachDB primary serving port name in Services | `grpc` | +| `service.ports.grpc.internal.port` | CockroachDB inter-communication port in Services | `26257` | +| `service.ports.grpc.internal.name` | CockroachDB inter-communication port name in Services | `grpc-internal` | +| `service.ports.http.port` | CockroachDB HTTP port in Services | `8080` | +| `service.ports.http.name` | CockroachDB HTTP port name in Services | `http` | +| `service.public.type` | Public Service type | `ClusterIP` | +| `service.public.labels` | Additional labels of public Service | `{"app.kubernetes.io/component": "cockroachdb"}` | +| `service.public.annotations` | Additional annotations of public Service | `{}` | +| `service.discovery.labels` | Additional labels of discovery Service | `{"app.kubernetes.io/component": "cockroachdb"}` | +| `service.discovery.annotations` | Additional annotations of discovery Service | `{}` | +| `storage.hostPath` | Absolute path on host to store data | `""` | +| `storage.persistentVolume.enabled` | Whether to use PersistentVolume to store data | `yes` | +| `storage.persistentVolume.size` | PersistentVolume size | `100Gi` | +| `storage.persistentVolume.storageClass` | PersistentVolume class | `""` | +| `storage.persistentVolume.labels` | Additional labels of PersistentVolumeClaim | `{}` | +| `storage.persistentVolume.annotations` | Additional annotations of PersistentVolumeClaim | `{}` | +| `init.labels` | Additional labels of init Job and its Pod | `{"app.kubernetes.io/component": "init"}` | +| `init.annotations` | Additional labels of the Pod of init Job | `{}` | +| `init.affinity` | [Affinity rules][2] of init Job Pod | `{}` | +| `init.nodeSelector` | Node labels for init Job Pod assignment | `{}` | +| `init.tolerations` | Node taints to tolerate by init Job Pod | `[]` | +| `init.resources` | Resource requests and limits for the Pod of init Job | `{}` | +| `tls.enabled` | Whether to run securely using TLS certificates | `no` | +| `tls.serviceAccount.create` | Whether to create a new RBAC service account | `yes` | +| `tls.serviceAccount.name` | Name of RBAC service account to use | `""` | +| `tls.certs.provided` | Bring your own certs scenario, i.e certificates are provided | `no` | +| `tls.certs.clientRootSecret` | If certs are provided, secret name for client root cert | `cockroachdb-root` | +| `tls.certs.nodeSecret` | If certs are provided, secret name for node cert | `cockroachdb-node` | +| `tls.certs.tlsSecret` | Own certs are stored in TLS secret | `no` | +| `tls.init.image.repository` | Image to use for requesting TLS certificates | `cockroachdb/cockroach-k8s-request-cert` | +| `tls.init.image.tag` | Image tag to use for requesting TLS certificates | `0.4` | +| `tls.init.image.pullPolicy` | Requesting TLS certificates container pull policy | `IfNotPresent` | +| `tls.init.image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | +| `networkPolicy.enabled` | Enable NetworkPolicy for CockroachDB's Pods | `no` | +| `networkPolicy.ingress.grpc` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | +| `networkPolicy.ingress.http` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. @@ -425,3 +456,4 @@ Note, that if you are running in secure mode (`tls.enabled` is `yes`/`true`) and [1]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity [2]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity +[3]: https://cert-manager.io/ diff --git a/stable/cockroachdb/templates/clusterrole.yaml b/stable/cockroachdb/templates/clusterrole.yaml index 0d2d3736e21d..77f1ffea1b7d 100644 --- a/stable/cockroachdb/templates/clusterrole.yaml +++ b/stable/cockroachdb/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.tls.enabled }} +{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -16,4 +16,4 @@ rules: - apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] verbs: ["create", "get", "watch"] -{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/cockroachdb/templates/clusterrolebinding.yaml b/stable/cockroachdb/templates/clusterrolebinding.yaml index b2d7cf9febb1..3222317ffebf 100644 --- a/stable/cockroachdb/templates/clusterrolebinding.yaml +++ b/stable/cockroachdb/templates/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.tls.enabled }} +{{- if and .Values.tls.enabled (not .Values.tls.certs.provided) }} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -20,4 +20,4 @@ subjects: - kind: ServiceAccount name: {{ template "cockroachdb.tls.serviceAccount.name" . }} namespace: {{ .Release.Namespace | quote }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/cockroachdb/templates/job.init.yaml b/stable/cockroachdb/templates/job.init.yaml index b17f0c68f894..cb3ea3934a29 100644 --- a/stable/cockroachdb/templates/job.init.yaml +++ b/stable/cockroachdb/templates/job.init.yaml @@ -30,16 +30,16 @@ spec: spec: restartPolicy: OnFailure terminationGracePeriodSeconds: 0 - {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials) }} + {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} imagePullSecrets: {{- if .Values.image.credentials }} - name: {{ template "cockroachdb.fullname" . }}.db.registry {{- end }} - {{- if and .Values.tls.enabled .Values.tls.init.image.credentials }} + {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry {{- end }} {{- end }} - {{- if .Values.tls.enabled }} + {{- if and .Values.tls.enabled (not .Values.tls.certs.provided)}} serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} initContainers: # The init-certs container sends a CSR (certificate signing request) to @@ -126,6 +126,29 @@ spec: {{- if .Values.tls.enabled }} volumes: - name: client-certs + {{- if .Values.tls.certs.provided }} + {{- if .Values.tls.certs.tlsSecret }} + projected: + sources: + - secret: + name: {{ .Values.tls.certs.clientRootSecret }} + items: + - key: ca.crt + path: ca.crt + mode: 0400 + - key: tls.crt + path: client.root.crt + mode: 0400 + - key: tls.key + path: client.root.key + mode: 0400 + {{- else }} + secret: + secretName: {{ .Values.tls.certs.clientRootSecret }} + defaultMode: 0400 + {{- end }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} {{- end }} diff --git a/stable/cockroachdb/templates/role.yaml b/stable/cockroachdb/templates/role.yaml index e9f5e861e321..62a044ddcec5 100644 --- a/stable/cockroachdb/templates/role.yaml +++ b/stable/cockroachdb/templates/role.yaml @@ -15,5 +15,9 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] + {{- if .Values.tls.certs.provided }} + verbs: ["get"] + {{- else }} verbs: ["create", "get"] + {{- end }} {{- end }} diff --git a/stable/cockroachdb/templates/statefulset.yaml b/stable/cockroachdb/templates/statefulset.yaml index f3f9b9f11b5e..f2bac4168171 100644 --- a/stable/cockroachdb/templates/statefulset.yaml +++ b/stable/cockroachdb/templates/statefulset.yaml @@ -41,17 +41,18 @@ spec: annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials) }} + {{- if or .Values.image.credentials (and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided)) }} imagePullSecrets: {{- if .Values.image.credentials }} - name: {{ template "cockroachdb.fullname" . }}.db.registry {{- end }} - {{- if and .Values.tls.enabled .Values.tls.init.image.credentials }} + {{- if and .Values.tls.enabled .Values.tls.init.image.credentials (not .Values.tls.certs.provided) }} - name: {{ template "cockroachdb.fullname" . }}.init-certs.registry {{- end }} {{- end }} {{- if .Values.tls.enabled }} serviceAccountName: {{ template "cockroachdb.tls.serviceAccount.name" . }} + {{- if not .Values.tls.certs.provided }} initContainers: # The init-certs container sends a CSR (certificate signing request) to # the Kubernetes cluster. @@ -86,6 +87,7 @@ spec: volumeMounts: - name: certs mountPath: /cockroach-certs/ + {{- end }} {{- end }} {{- if or .Values.statefulset.nodeAffinity .Values.statefulset.podAffinity .Values.statefulset.podAntiAffinity }} affinity: @@ -268,7 +270,30 @@ spec: {{- end }} {{- if .Values.tls.enabled }} - name: certs + {{- if .Values.tls.certs.provided }} + {{- if .Values.tls.certs.tlsSecret }} + projected: + sources: + - secret: + name: {{ .Values.tls.certs.nodeSecret }} + items: + - key: ca.crt + path: ca.crt + mode: 0400 + - key: tls.crt + path: node.crt + mode: 0400 + - key: tls.key + path: node.key + mode: 0400 + {{- else }} + secret: + secretName: {{ .Values.tls.certs.nodeSecret }} + defaultMode: 0400 + {{- end }} + {{- else }} emptyDir: {} + {{- end }} {{- end }} {{- range .Values.statefulset.secretMounts }} - name: {{ printf "secret-%s" . | quote }} diff --git a/stable/cockroachdb/templates/tests/client.yaml b/stable/cockroachdb/templates/tests/client.yaml index 9ed947b33454..8c8f96be7313 100644 --- a/stable/cockroachdb/templates/tests/client.yaml +++ b/stable/cockroachdb/templates/tests/client.yaml @@ -15,14 +15,48 @@ spec: imagePullSecrets: - name: {{ template "cockroachdb.fullname" . }}.db.registry {{- end }} + {{- if .Values.tls.certs.provided }} + volumes: + - name: client-certs + {{- if .Values.tls.certs.tlsSecret }} + projected: + sources: + - secret: + name: {{ .Values.tls.certs.clientRootSecret }} + items: + - key: ca.crt + path: ca.crt + mode: 0400 + - key: tls.crt + path: client.root.crt + mode: 0400 + - key: tls.key + path: client.root.key + mode: 0400 + {{- else }} + secret: + secretName: {{ .Values.tls.certs.clientRootSecret }} + defaultMode: 0400 + {{- end }} + {{- end }} containers: - name: client-test image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.tls.certs.provided }} + volumeMounts: + - name: client-certs + mountPath: /cockroach-certs + {{- end }} command: - /cockroach/cockroach - sql + {{- if .Values.tls.certs.provided }} + - --certs-dir + - /cockroach-certs + {{- else }} - --insecure + {{- end}} - --host - {{ template "cockroachdb.fullname" . }}-public.{{ .Release.Namespace }} - --port diff --git a/stable/cockroachdb/values.yaml b/stable/cockroachdb/values.yaml index 25a4951ead42..32b9d0efeaa2 100644 --- a/stable/cockroachdb/values.yaml +++ b/stable/cockroachdb/values.yaml @@ -318,6 +318,17 @@ tls: # The name of this ServiceAccount to use. # If not set and `create` is `true`, then a name is auto-generated. name: "" + certs: + # Bring your own certs scenario. If provided, tls.init section will be ignored. + provided: no + # Secret name for the client root cert. + clientRootSecret: cockroachdb-root + # Secret name for node cert. + nodeSecret: cockroachdb-node + # Enable if the secret is a dedicated TLS. + # TLS secrets are created by cert-mananger, for example. + tlsSecret: no + init: # Image to use for requesting TLS certificates. image: From f965844fda6551cc7e26e3f2ec091197d576f5db Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Wed, 5 Feb 2020 22:21:54 +0100 Subject: [PATCH 029/304] [stable/grafana] Make watch METHOD environment variable of dashboard sidecar container configurable (#20558) Starting with kiwigrid/k8s-sidecar:0.1.75 METHOD also supports a SLEEP mode that lists all ConfigMaps and sleeps for 60s. This fixes issues where long running watch requests may break because of assumptions in software defined network solutions. See also https://github.com/kiwigrid/k8s-sidecar/pull/52 Signed-off-by: Bastian Hofmann --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 1 + stable/grafana/templates/_pod.tpl | 2 ++ stable/grafana/values.yaml | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 98bab39ef428..247c13cfc8ff 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 4.6.2 +version: 4.6.3 appVersion: 6.6.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index c2ba923b6add..12d8c4811caf 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -125,6 +125,7 @@ This version requires Helm >= 2.12.0. | `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | | `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | | `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | | `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | | `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | | `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | diff --git a/stable/grafana/templates/_pod.tpl b/stable/grafana/templates/_pod.tpl index ae141cceaea3..23842821be83 100644 --- a/stable/grafana/templates/_pod.tpl +++ b/stable/grafana/templates/_pod.tpl @@ -100,6 +100,8 @@ containers: image: "{{ .Values.sidecar.image }}" imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} - name: LABEL value: "{{ .Values.sidecar.dashboards.label }}" - name: FOLDER diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index 4e6c35429a40..809047f531e7 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -442,6 +442,8 @@ sidecar: # skipTlsVerify: true dashboards: enabled: false + ## Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH SCProvider: true # label that the configmaps with dashboards are marked with label: grafana_dashboard From 626dca1e3184842b17ccda0d81751c825ba4d123 Mon Sep 17 00:00:00 2001 From: Nathan Stilwell Date: Wed, 5 Feb 2020 16:27:54 -0500 Subject: [PATCH 030/304] [stable/cockroachdb]: Update version to v19.2.3 (#20567) Signed-off-by: Nathan Stilwell --- stable/cockroachdb/Chart.yaml | 4 ++-- stable/cockroachdb/README.md | 10 +++++----- stable/cockroachdb/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index 8ddcb98f0218..eac9e22f83ab 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: cockroachdb home: https://www.cockroachlabs.com -version: 3.0.3 -appVersion: 19.2.2 +version: 3.0.4 +appVersion: 19.2.3 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png sources: diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index 6c23e1ae7113..f3ec78dedea3 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -158,10 +158,10 @@ kubectl get pods \ -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}' ``` ``` -my-release-cockroachdb-0 cockroachdb/cockroach:v19.2.2 -my-release-cockroachdb-1 cockroachdb/cockroach:v19.2.2 -my-release-cockroachdb-2 cockroachdb/cockroach:v19.2.2 -my-release-cockroachdb-3 cockroachdb/cockroach:v19.2.2 +my-release-cockroachdb-0 cockroachdb/cockroach:v19.2.3 +my-release-cockroachdb-1 cockroachdb/cockroach:v19.2.3 +my-release-cockroachdb-2 cockroachdb/cockroach:v19.2.3 +my-release-cockroachdb-3 cockroachdb/cockroach:v19.2.3 ``` Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post upgrade, finalize it by running the following: @@ -244,7 +244,7 @@ For details see the `values.yml` file. | `conf.port` | CockroachDB primary serving port in Pods | `26257` | | `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | | `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v19.2.2` | +| `image.tag` | Container image tag | `v19.2.3` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | | `statefulset.replicas` | StatefulSet replicas number | `3` | diff --git a/stable/cockroachdb/values.yaml b/stable/cockroachdb/values.yaml index 32b9d0efeaa2..5a4722d53129 100644 --- a/stable/cockroachdb/values.yaml +++ b/stable/cockroachdb/values.yaml @@ -1,6 +1,6 @@ image: repository: cockroachdb/cockroach - tag: v19.2.2 + tag: v19.2.3 pullPolicy: IfNotPresent credentials: {} # registry: docker.io From 0c93a822a64759bd5db738d4e5638dc7bc21cb18 Mon Sep 17 00:00:00 2001 From: Chaoran Yu Date: Wed, 5 Feb 2020 22:39:33 -0500 Subject: [PATCH 031/304] Fixed validation (#20570) * Fixed validation Signed-off-by: Chaoran Yu * Added sparkJobNamespace for Helm 3 in README Signed-off-by: Chaoran Yu --- incubator/sparkoperator/Chart.yaml | 2 +- incubator/sparkoperator/README.md | 25 +- incubator/sparkoperator/templates/crds.yaml | 4564 +++++++------------ 3 files changed, 1746 insertions(+), 2845 deletions(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index 5602351e5297..1928f0355f48 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.6.2 +version: 0.6.3 appVersion: v1beta2-1.0.1-2.4.4 keywords: - spark diff --git a/incubator/sparkoperator/README.md b/incubator/sparkoperator/README.md index fda44296c98b..156679c44f6a 100644 --- a/incubator/sparkoperator/README.md +++ b/incubator/sparkoperator/README.md @@ -8,15 +8,34 @@ The Operator requires Kubernetes version 1.8 and above because it relies on garb #### Installing the chart -The chart can be installed by running: +First add the incubator repo: ```bash $ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator +``` + +If using Helm 2, then the chart can be installed by running: + +```bash $ helm install incubator/sparkoperator --namespace spark-operator --set sparkJobNamespace=default ``` Note that you need to use the `--namespace` flag during `helm install` to specify in which namespace you want to install the operator. The namespace can be existing or not. When it's not available, Helm would take care of creating the namespace. Note that this namespace has no relation to the namespace where you would like to deploy Spark jobs (i.e. the setting `sparkJobNamespace` shown in the table below). They can be the same namespace or different ones. +If using Helm 3, then install the chart by running: + +```bash +$ helm install incubator/sparkoperator --generate-name --namespace spark-operator --set sparkJobNamespace=default +``` + +or + +```bash +$ helm install [RELEASE-NAME] incubator/sparkoperator --namespace spark-operator --set sparkJobNamespace=default +``` + +if you don't want Helm to automatically generate a name for you. + #### Configuration The following table lists the configurable parameters of the Spark operator chart and their default values. @@ -45,8 +64,7 @@ The following table lists the configurable parameters of the Spark operator char | `enableBatchScheduler` | Whether to enable batch scheduler for pod scheduling | false | | `enableResourceQuotaEnforcement` | Whether to enable the ResourceQuota enforcement for SparkApplication resources. Requires the webhook to be enabled by setting enableWebhook to true. | false | | `enableLeaderElection` | Whether to enable leader election when the operator Deployment has more than one replica, i.e., when `replicas` is greater than 1. | false | -| `securityContext` | Defines security context for operator container | `{}` - +| `securityContext` | Defines security context for operator container. | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. #### Upgrading @@ -64,3 +82,4 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm #### Contributing When making changes to values.yaml, update the files in `ci/` by running `hack/update-ci.sh`. + diff --git a/incubator/sparkoperator/templates/crds.yaml b/incubator/sparkoperator/templates/crds.yaml index a7a4e6cbbea8..0ec2ade1c455 100644 --- a/incubator/sparkoperator/templates/crds.yaml +++ b/incubator/sparkoperator/templates/crds.yaml @@ -1955,3118 +1955,2000 @@ spec: - Scala - R type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - type: string - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - driver - - executor - - mainApplicationFile - - sparkVersion - - type - type: object - required: - - metadata - - spec - type: object - version: v1beta2 - versions: - - name: v1beta2 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: scheduledsparkapplications.sparkoperator.k8s.io - labels: - "app.kubernetes.io/name": sparkoperator - annotations: - "helm.sh/hook-delete-policy": "before-hook-creation" -spec: - group: sparkoperator.k8s.io - names: - kind: ScheduledSparkApplication - listKind: ScheduledSparkApplicationList - plural: scheduledsparkapplications - shortNames: - - scheduledsparkapp - singular: scheduledsparkapplication - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - concurrencyPolicy: - type: string - failedRunHistoryLimit: - format: int32 - type: integer - schedule: - type: string - successfulRunHistoryLimit: - format: int32 - type: integer - suspend: - type: boolean - template: - properties: - arguments: - items: - type: string - type: array - batchScheduler: - type: string - batchSchedulerOptions: - properties: - priorityClassName: - type: string - queue: - type: string - type: object - deps: - properties: - downloadTimeout: - format: int32 - minimum: 1 - type: integer - files: - items: - type: string - type: array - filesDownloadDir: - type: string - jars: - items: - type: string - type: array - jarsDownloadDir: - type: string - maxSimultaneousDownloads: - format: int32 - minimum: 1 - type: integer - pyFiles: - items: - type: string - type: array - type: object - driver: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - configMaps: - items: - properties: - name: - type: string - path: - type: string - required: - - name - - path - type: object - type: array - coreLimit: + required: + - driver + - executor + - mainApplicationFile + - sparkVersion + - type + type: object + required: + - metadata + - spec + type: object + version: v1beta2 + versions: + - name: v1beta2 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledsparkapplications.sparkoperator.k8s.io + labels: + "app.kubernetes.io/name": sparkoperator + annotations: + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: sparkoperator.k8s.io + names: + kind: ScheduledSparkApplication + listKind: ScheduledSparkApplicationList + plural: scheduledsparkapplications + shortNames: + - scheduledsparkapp + singular: scheduledsparkapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + concurrencyPolicy: + type: string + failedRunHistoryLimit: + format: int32 + type: integer + schedule: + type: string + successfulRunHistoryLimit: + format: int32 + type: integer + suspend: + type: boolean + template: + properties: + arguments: + items: + type: string + type: array + batchScheduler: + type: string + batchSchedulerOptions: + properties: + priorityClassName: type: string - cores: + queue: + type: string + type: object + deps: + properties: + downloadTimeout: format: int32 minimum: 1 type: integer - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - envSecretKeyRefs: - additionalProperties: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - type: object - envVars: - additionalProperties: - type: string - type: object - gpu: - properties: - name: - type: string - quantity: - format: int64 - type: integer - required: - - name - - quantity - type: object - hostNetwork: - type: boolean - image: - type: string - javaOptions: - type: string - labels: - additionalProperties: + files: + items: type: string - type: object - memory: - type: string - memoryOverhead: + type: array + filesDownloadDir: type: string - nodeSelector: - additionalProperties: + jars: + items: type: string - type: object - podName: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - schedulerName: + type: array + jarsDownloadDir: type: string - secrets: + maxSimultaneousDownloads: + format: int32 + minimum: 1 + type: integer + pyFiles: items: - properties: - name: - type: string - path: - type: string - secretType: - type: string - required: - - name - - path - - secretType - type: object + type: string type: array - securityContext: + type: object + driver: + properties: + affinity: properties: - fsGroup: - format: int64 - type: integer - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: + nodeAffinity: properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - type: object - serviceAccount: - type: string - sidecars: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - exec: + preference: properties: - command: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: + matchFields: items: properties: - name: + key: type: string - value: + operator: type: string + values: + items: + type: string + type: array required: - - name - - value + - key + - operator type: object type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port type: object + weight: + format: int32 + type: integer + required: + - preference + - weight type: object - preStop: - properties: - exec: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: properties: - command: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: + matchFields: items: properties: - name: + key: type: string - value: + operator: type: string + values: + items: + type: string + type: array required: - - name - - value + - key + - operator type: object type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port type: object - tcpSocket: + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: properties: - host: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - port: - anyOf: - - type: string - - type: integer required: - - port + - topologyKey type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer + weight: + format: int32 + type: integer required: - - port + - podAffinityTerm + - weight type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - command: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: items: type: string type: array + topologyKey: + type: string + required: + - topologyKey type: object - failureThreshold: - format: int32 - type: integer - httpGet: + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer required: - - port + - podAffinityTerm + - weight type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - host: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - port: - anyOf: - - type: string - - type: integer required: - - port + - topologyKey type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: + type: string + path: + type: string + required: + - name + - path + type: object + type: array + coreLimit: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: properties: - limits: - additionalProperties: - type: string - type: object - requests: - additionalProperties: - type: string - type: object + name: + type: string + value: + type: string type: object - securityContext: + type: array + searches: + items: + type: string + type: array + type: object + envSecretKeyRefs: + additionalProperties: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: + properties: + name: + type: string + quantity: + format: int64 + type: integer + required: + - name + - quantity + type: object + hostNetwork: + type: boolean + image: + type: string + javaOptions: + type: string + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podName: + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' + type: string + schedulerName: + type: string + secrets: + items: + properties: + name: + type: string + path: + type: string + secretType: + type: string + required: + - name + - path + - secretType + type: object + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: + name: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object + value: + type: string + required: + - name + - value type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: + type: array + type: object + serviceAccount: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: items: properties: - devicePath: - type: string name: type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object required: - - devicePath - name type: object type: array - volumeMounts: + envFrom: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: type: string - required: - - mountPath - - name + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object type: object type: array - workingDir: - type: string - required: - - name - type: object - type: array - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: + image: type: string - readOnly: - type: boolean - subPath: + imagePullPolicy: type: string - required: - - mountPath - - name - type: object - type: array - type: object - executor: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + lifecycle: + properties: + postStart: properties: - preference: + exec: properties: - matchExpressions: + command: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - matchFields: + type: object + httpGet: + properties: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - operator: + value: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name + - value type: object type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port type: object - weight: - format: int32 - type: integer - required: - - preference - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: + preStop: + properties: + exec: properties: - matchExpressions: + command: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - matchFields: + type: object + httpGet: + properties: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - operator: + value: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name + - value type: object type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: + tcpSocket: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + host: type: string + port: + anyOf: + - type: string + - type: integer required: - - topologyKey + - port type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + type: object + livenessProbe: + properties: + exec: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: type: string - type: object - type: object - namespaces: + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + failureThreshold: + format: int32 + type: integer + httpGet: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + host: + type: string + httpHeaders: + items: + properties: + name: type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + value: type: string - type: object - type: object - namespaces: - items: - type: string + required: + - name + - value + type: object type: array - topologyKey: + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: type: string required: - - topologyKey + - port type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - configMaps: - items: - properties: - name: - type: string - path: - type: string - required: - - name - - path - type: object - type: array - coreLimit: - type: string - coreRequest: - type: string - cores: - format: int32 - minimum: 1 - type: integer - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - envSecretKeyRefs: - additionalProperties: - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - type: object - envVars: - additionalProperties: - type: string - type: object - gpu: - properties: - name: - type: string - quantity: - format: int64 - type: integer - required: - - name - - quantity - type: object - hostNetwork: - type: boolean - image: - type: string - instances: - format: int32 - minimum: 1 - type: integer - javaOptions: - type: string - labels: - additionalProperties: - type: string - type: object - memory: - type: string - memoryOverhead: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - schedulerName: - type: string - secrets: - items: - properties: - name: - type: string - path: - type: string - secretType: - type: string - required: - - name - - path - - secretType - type: object - type: array - securityContext: - properties: - fsGroup: - format: int64 - type: integer - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: properties: - name: - type: string - value: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: type: string - required: - - name - - value + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object type: object - type: array - type: object - sidecars: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: properties: - name: + devicePath: type: string - value: + name: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object required: + - devicePath - name type: object type: array - envFrom: + volumeMounts: items: properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: + mountPath: type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name type: object type: array - image: + workingDir: type: string - imagePullPolicy: + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: type: string - lifecycle: - properties: - postStart: + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + type: object + executor: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - exec: + preference: properties: - command: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: + matchFields: items: properties: - name: + key: type: string - value: + operator: type: string + values: + items: + type: string + type: array required: - - name - - value + - key + - operator type: object type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port type: object + weight: + format: int32 + type: integer + required: + - preference + - weight type: object - preStop: - properties: - exec: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: properties: - command: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: + matchFields: items: properties: - name: + key: type: string - value: + operator: type: string + values: + items: + type: string + type: array required: - - name - - value + - key + - operator type: object type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port type: object - tcpSocket: + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: properties: - host: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - port: - anyOf: - - type: string - - type: integer required: - - port + - topologyKey type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer + weight: + format: int32 + type: integer required: - - port + - podAffinityTerm + - weight type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - command: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: items: type: string type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: string - - type: integer - scheme: + topologyKey: type: string required: - - port + - topologyKey type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - host: - type: string - port: - anyOf: - - type: string - - type: integer + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - type: string - type: object - requests: - additionalProperties: - type: string + - podAffinityTerm + - weight type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - add: - items: - type: string - type: array - drop: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: items: type: string type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: + topologyKey: type: string + required: + - topologyKey type: object - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + configMaps: + items: + properties: + name: type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: + path: type: string required: - name + - path type: object type: array - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: + coreLimit: + type: string + coreRequest: + type: string + cores: + format: int32 + minimum: 1 + type: integer + dnsConfig: + properties: + nameservers: + items: type: string - tolerationSeconds: - format: int64 - type: integer - value: + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: type: string - type: object - type: array - volumeMounts: - items: + type: array + type: object + envSecretKeyRefs: + additionalProperties: properties: - mountPath: - type: string - mountPropagation: + key: type: string name: type: string - readOnly: - type: boolean - subPath: - type: string required: - - mountPath + - key - name type: object - type: array - type: object - failureRetries: - format: int32 - type: integer - hadoopConf: - additionalProperties: - type: string - type: object - hadoopConfigMap: - type: string - image: - type: string - imagePullPolicy: - type: string - imagePullSecrets: - items: - type: string - type: array - initContainerImage: - type: string - mainApplicationFile: - type: string - mainClass: - type: string - memoryOverheadFactor: - type: string - mode: - enum: - - cluster - - client - type: string - monitoring: - properties: - exposeDriverMetrics: - type: boolean - exposeExecutorMetrics: - type: boolean - metricsProperties: - type: string - prometheus: + type: object + envVars: + additionalProperties: + type: string + type: object + gpu: properties: - configFile: - type: string - configuration: - type: string - jmxExporterJar: + name: type: string - port: - format: int32 - minimum: 1024 - maximum: 49151 + quantity: + format: int64 type: integer required: - - jmxExporterJar + - name + - quantity type: object - required: - - exposeDriverMetrics - - exposeExecutorMetrics - type: object - nodeSelector: - additionalProperties: - type: string - type: object - pythonVersion: - enum: - - "2" - - "3" - type: string - restartPolicy: - properties: - onFailureRetries: - format: int32 - minimum: 0 - type: integer - onFailureRetryInterval: - format: int64 - minimum: 1 - type: integer - onSubmissionFailureRetries: + hostNetwork: + type: boolean + image: + type: string + instances: format: int32 - minimum: 0 - type: integer - onSubmissionFailureRetryInterval: - format: int64 minimum: 1 type: integer - type: - enum: - - Never - - Always - - OnFailure + javaOptions: type: string - type: object - retryInterval: - format: int64 - type: integer - sparkConf: - additionalProperties: - type: string - type: object - sparkConfigMap: - type: string - sparkVersion: - type: string - timeToLiveSeconds: - format: int64 - type: integer - type: - enum: - - Java - - Python - - Scala - - R - type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: + labels: + additionalProperties: + type: string + type: object + memory: + type: string + memoryOverhead: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + schedulerName: + type: string + secrets: + items: properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: + name: type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: + path: type: string - shareName: + secretType: type: string required: - - secretName - - shareName + - name + - path + - secretType type: object - cephfs: - properties: - monitors: - items: + type: array + securityContext: + properties: + fsGroup: + format: int64 + type: integer + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: properties: name: type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: + value: type: string + required: + - name + - value type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: + type: array + type: object + sidecars: + items: properties: - defaultMode: - format: int32 - type: integer - items: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: items: properties: - key: + name: type: string - mode: - format: int32 - type: integer - path: + value: type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object required: - - key - - path + - name type: object type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: + envFrom: items: properties: - fieldRef: + configMapRef: properties: - apiVersion: + name: type: string - fieldPath: + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: type: string - required: - - fieldPath + optional: + type: boolean type: object - mode: + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: format: int32 type: integer - path: + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object required: - - path + - containerPort type: object type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - type: string - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + readinessProbe: properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: + exec: + properties: + command: items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - type: string - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: string + - type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: string + - type: integer + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: properties: - name: - type: string + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: + securityContext: properties: - name: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object type: object - sslEnabled: + stdin: type: boolean - storageMode: - type: string - storagePool: - type: string - system: + stdinOnce: + type: boolean + terminationMessagePath: type: string - volumeName: + terminationMessagePolicy: type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: + tty: + type: boolean + volumeDevices: items: properties: - key: + devicePath: type: string - mode: - format: int32 - type: integer - path: + name: type: string required: - - key - - path + - devicePath + - name type: object type: array - optional: - type: boolean - secretName: + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: type: string + required: + - name type: object - storageos: + type: array + tolerations: + items: properties: - fsType: + effect: type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: + key: + type: string + operator: type: string - volumeNamespace: + tolerationSeconds: + format: int64 + type: integer + value: type: string type: object - vsphereVolume: + type: array + volumeMounts: + items: properties: - fsType: + mountPath: type: string - storagePolicyID: + mountPropagation: type: string - storagePolicyName: + name: type: string - volumePath: + readOnly: + type: boolean + subPath: type: string required: - - volumePath + - mountPath + - name type: object - required: - - name - type: object + type: array + type: object + failureRetries: + format: int32 + type: integer + hadoopConf: + additionalProperties: + type: string + type: object + hadoopConfigMap: + type: string + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + type: string type: array + initContainerImage: + type: string + mainApplicationFile: + type: string + mainClass: + type: string + memoryOverheadFactor: + type: string + mode: + enum: + - cluster + - client + type: string + monitoring: + properties: + exposeDriverMetrics: + type: boolean + exposeExecutorMetrics: + type: boolean + metricsProperties: + type: string + prometheus: + properties: + configFile: + type: string + configuration: + type: string + jmxExporterJar: + type: string + port: + format: int32 + minimum: 1024 + maximum: 49151 + type: integer + required: + - jmxExporterJar + type: object + required: + - exposeDriverMetrics + - exposeExecutorMetrics + type: object + nodeSelector: + additionalProperties: + type: string + type: object + pythonVersion: + enum: + - "2" + - "3" + type: string + restartPolicy: + properties: + onFailureRetries: + format: int32 + minimum: 0 + type: integer + onFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + onSubmissionFailureRetries: + format: int32 + minimum: 0 + type: integer + onSubmissionFailureRetryInterval: + format: int64 + minimum: 1 + type: integer + type: + enum: + - Never + - Always + - OnFailure + type: string + type: object + retryInterval: + format: int64 + type: integer + sparkConf: + additionalProperties: + type: string + type: object + sparkConfigMap: + type: string + sparkVersion: + type: string + timeToLiveSeconds: + format: int64 + type: integer + type: + enum: + - Java + - Python + - Scala + - R + type: string required: - driver - executor From ebdd1921c15a4fd1805f6a11d3070d7d29c90351 Mon Sep 17 00:00:00 2001 From: Douglas Camata Date: Thu, 6 Feb 2020 11:45:34 +0100 Subject: [PATCH 032/304] Add missing cluster role permissions for secrets (#20576) These are required for the control plane monitoring feature. Signed-off-by: Douglas Camata --- stable/newrelic-infrastructure/Chart.yaml | 2 +- stable/newrelic-infrastructure/templates/clusterrole.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index ccc387a13c6d..3a1c078a8f63 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.13.19 +version: 0.13.20 appVersion: 1.13.2 home: https://hub.docker.com/r/newrelic/infrastructure-k8s/ source: diff --git a/stable/newrelic-infrastructure/templates/clusterrole.yaml b/stable/newrelic-infrastructure/templates/clusterrole.yaml index 340a31ca2b12..2d83076a2cd0 100644 --- a/stable/newrelic-infrastructure/templates/clusterrole.yaml +++ b/stable/newrelic-infrastructure/templates/clusterrole.yaml @@ -13,6 +13,7 @@ rules: - "nodes/proxy" - "pods" - "services" + - "secrets" verbs: ["get", "list"] {{- if .Values.rbac.pspEnabled }} - apiGroups: From aa8d3e94c1de7f9f5f00f991c94220e95b5933a9 Mon Sep 17 00:00:00 2001 From: Ofek Lev Date: Thu, 6 Feb 2020 05:57:33 -0500 Subject: [PATCH 033/304] Fix typo (#20066) Signed-off-by: Ofek Lev --- stable/datadog/Chart.yaml | 2 +- stable/datadog/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 7981763e4762..e87639394a02 100644 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 1.39.6 +version: 1.39.7 appVersion: "7" description: DataDog Agent keywords: diff --git a/stable/datadog/README.md b/stable/datadog/README.md index 741d0d738cd5..98bd3854a5ee 100644 --- a/stable/datadog/README.md +++ b/stable/datadog/README.md @@ -157,7 +157,7 @@ Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rba ### conf.d and checks.d -The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/check.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. +The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/checks.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your [datadog-values.yaml](values.yaml) file with the check configurations: From 6a89e5f7ae2086729150056e41d0f9ca0eb7a6bb Mon Sep 17 00:00:00 2001 From: Christian Staude Date: Thu, 6 Feb 2020 13:53:34 +0100 Subject: [PATCH 034/304] Add feature to annotate resulting statefulset (#20506) Signed-off-by: cstaud --- stable/mongodb-replicaset/Chart.yaml | 2 +- stable/mongodb-replicaset/README.md | 1 + stable/mongodb-replicaset/templates/mongodb-statefulset.yaml | 4 ++++ stable/mongodb-replicaset/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/mongodb-replicaset/Chart.yaml b/stable/mongodb-replicaset/Chart.yaml index 675ba48afb1f..5fbff66a8a11 100644 --- a/stable/mongodb-replicaset/Chart.yaml +++ b/stable/mongodb-replicaset/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: mongodb-replicaset home: https://github.com/mongodb/mongo -version: 3.11.4 +version: 3.11.5 appVersion: 3.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. diff --git a/stable/mongodb-replicaset/README.md b/stable/mongodb-replicaset/README.md index c9729c059253..3b09202b3368 100644 --- a/stable/mongodb-replicaset/README.md +++ b/stable/mongodb-replicaset/README.md @@ -50,6 +50,7 @@ The following table lists the configurable parameters of the mongodb chart and t | `image.tag` | MongoDB image tag | `3.6` | | `image.pullPolicy` | MongoDB image pull policy | `IfNotPresent` | | `podAnnotations` | Annotations to be added to MongoDB pods | `{}` | +| `statefulSetAnnotations` | Annotations to be added to MongoDB statefulSet | `{}` | | `securityContext.enabled` | Enable security context | `true` | | `securityContext.fsGroup` | Group ID for the container | `999` | | `securityContext.runAsUser` | User ID for the container | `999` | diff --git a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml index 60c043aa6ff2..f7367412fc7f 100644 --- a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml +++ b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml @@ -8,6 +8,10 @@ metadata: release: {{ .Release.Name }} {{- if .Values.extraLabels }} {{ toYaml .Values.extraLabels | indent 4 }} +{{- end }} +{{- if .Values.statefulSetAnnotations }} + annotations: +{{ toYaml .Values.statefulSetAnnotations | indent 4 }} {{- end }} name: {{ template "mongodb-replicaset.fullname" . }} spec: diff --git a/stable/mongodb-replicaset/values.yaml b/stable/mongodb-replicaset/values.yaml index 7e750af0ee80..8e2b671579d1 100644 --- a/stable/mongodb-replicaset/values.yaml +++ b/stable/mongodb-replicaset/values.yaml @@ -123,6 +123,9 @@ persistentVolume: # Annotations to be added to the service serviceAnnotations: {} +# Annotations to be added to the statefulSet +statefulSetAnnotations: {} + terminationGracePeriodSeconds: 30 tls: From 0b90eeab60d59cbd64c7145c4ed53faa93eb4bfd Mon Sep 17 00:00:00 2001 From: Osama Nabil Date: Fri, 7 Feb 2020 00:17:34 +0800 Subject: [PATCH 035/304] [stable/drone] add logs, database and private repo pull-secret configs (#20415) * add logs, database and private repo pull-secret configs Signed-off-by: Osama Nabil * fix duplicated mapping value `debug` Signed-off-by: Osama Nabil * change to minor version bump rather than patch version bump Signed-off-by: Osama Nabil --- stable/drone/Chart.yaml | 2 +- stable/drone/README.md | 168 +++++++++--------- stable/drone/templates/deployment-server.yaml | 18 ++ stable/drone/values.yaml | 15 +- 4 files changed, 117 insertions(+), 86 deletions(-) diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index e2283142ce67..4181e0800d30 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.5.1 +version: 2.6.0 appVersion: 1.6.1 description: Drone is a Continuous Delivery system built on container technology keywords: diff --git a/stable/drone/README.md b/stable/drone/README.md index 80dc08e59c2a..c5ff492fd593 100644 --- a/stable/drone/README.md +++ b/stable/drone/README.md @@ -52,83 +52,91 @@ chart and deletes the release. The following table lists the configurable parameters of the drone charts and their default values. -| Parameter | Description | Default | -|-----------------------------|-----------------------------------------------------------------------------------------------|-----------------------------| -| `images.server.repository` | Drone **server** image | `docker.io/drone/drone` | -| `images.server.tag` | Drone **server** image tag | `1.6.1` | -| `images.server.pullPolicy` | Drone **server** image pull policy | `IfNotPresent` | -| `images.agent.repository` | Drone **agent** image | `docker.io/drone/agent` | -| `images.agent.tag` | Drone **agent** image tag | `1.6.1` | -| `images.agent.pullPolicy` | Drone **agent** image pull policy | `IfNotPresent` | -| `images.dind.repository` | Docker **dind** image | `docker.io/library/docker` | -| `images.dind.tag` | Docker **dind** image tag | `18.06.1-ce-dind` | -| `images.dind.pullPolicy` | Docker **dind** image pull policy | `IfNotPresent` | -| `service.annotations` | Service annotations | `{}` | -| `service.httpPort` | Drone's Web GUI HTTP port | `80` | -| `service.nodePort` | If `service.type` is `NodePort` and this is non-empty, sets the http node port of the service | `32015` | -| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | -| `ingress.enabled` | Enables Ingress for Drone | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.hosts` | Ingress accepted hostnames | `nil` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `ingress.path` | Ingress path mapping | `` | -| `licenseKey` | Enterprise License Key | `` | -| `licenseKeySecret` | Enterprise License Key Secret Name | `` | -| `sourceControl.provider` | name of source control provider [github,gitlab,gitea,gogs,bitbucketCloud,bitbucketServer] | `` | -| `sourceControl.secret` | name of secret containing source control keys and passwords | `` | -| `sourceControl.github` | values to configure github | see values.yaml | -| `sourceControl.gitlab` | values to configure gitlab | see values.yaml | -| `sourceControl.gitea` | values to configure gitea | see values.yaml | -| `sourceControl.gogs` | values to configure gogs | see values.yaml | -| `sourceControl.bitbucketCloud` | values to configure bitbucket cloud | see values.yaml | -| `sourceControl.bitbucketServer` | values to configure bitbucket server (stash) | see values.yaml | -| `server.host` | Drone **server** hostname (should match callback url in oauth config) | `(internal hostname)` | -| `server.protocol` | Drone **server** scheme/protocol [http,https] | `http` | -| `server.httpPort` | Drone **server** http port | `80` | -| `server.env` | Drone **server** environment variables | `(default values)` | -| `server.envSecrets`        | Drone **server** secret environment variables                                                 | `(default values)`         | -| `server.adminUser`        | Initial user to create and set as admin                                                 | ``         | -| `server.alwaysAuth`        | whether to authenticate when cloning public repositories                                                 | `false`         | -| `server.kubernetes.enabled`        | whether to use kubernetes to run pipelines (if `false` will run agents instead)                                            | `true`         | -| `server.kubernetes.namespace`        | namespace in which to run pipelines, defaults to release namespace.                                            | ``         | -| `server.kubernetes.pipelineServiceAccount`        | if rbac is enabled, what should name of pipeline service account be?                                            | ``         | -| `server.annotations` | Drone **server** annotations | `{}` | -| `server.resources` | Drone **server** pod resource requests & limits | `{}` | -| `server.schedulerName` | Drone **server** alternate scheduler name | `nil` | -| `server.affinity` | Drone **server** scheduling preferences | `{}` | -| `server.nodeSelector` | Drone **server** node labels for pod assignment | `{}` | -| `server.tolerations` | Drone **server** node taints to tolerate | `[]` | -| `server.securityContext` | Drone **server** securityContext | `{}` | -| `server.extraContainers` | Additional sidecar containers | `""` | -| `server.extraVolumes` | Additional volumes for use in extraContainers | `""` | -| `agent.env` | Drone **agent** environment variables | `(default values)` | -| `agent.replicas` | Drone **agent** replicas | `1` | -| `agent.annotations` | Drone **agent** annotations | `{}` | -| `agent.resources` | Drone **agent** pod resource requests & limits | `{}` | -| `agent.schedulerName` | Drone **agent** alternate scheduler name | `nil` | -| `agent.affinity` | Drone **agent** scheduling preferences | `{}` | -| `agent.nodeSelector` | Drone **agent** node labels for pod assignment | `{}` | -| `agent.tolerations` | Drone **agent** node taints to tolerate | `[]` | -| `agent.livenessProbe` | Not currently used. | `{}` | -| `agent.readinessProbe` | Not currently used | `{}` | -| `agent.volumes` | Additional volumes to make available to agent (shared by dind if used) | `nil` | -| `agent.volumeMounts` | Mount points for volumes | `nil` | -| `agent.rpcServerOverride` | Override rpc server url | `nil` | -| `dind.enabled` | Enable or disable **DinD** | `true` | -| `dind.driver` | **DinD** storage driver | `overlay2` | -| `dind.volumeMounts` | Mount points for volumes (defined in agent.volumes) | `nil` | -| `dind.resources` | **DinD** pod resource requests & limits | `{}` | -| `dind.env` | **DinD** environment variables | `nil` | -| `dind.command` | **DinD** custom command instead of default entry point | `nil` | -| `dind.args` | **DinD** arguments for custom command or entry point | `nil` | -| `metrics.prometheus.enabled` | Enable Prometheus metrics endpoint | `false` | -| `persistence.enabled` | Use a PVC to persist data | `true` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | -| `persistence.storageClass` | Storage class of backing PVC | `nil` | -| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | -| `persistence.size` | Size of data volume | `1Gi` | -| `sharedSecret` | Drone server and agent shared secret (Note: The Default random value changes on every `helm upgrade` causing a rolling update of server and agents) | `(random value)` | -| `rbac.create` | Specifies whether RBAC resources should be created. | `true` | -| `rbac.apiVersion` | RBAC API version | `v1` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created. | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template. | `(fullname template)` | +| Parameter | Description | Default | +| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | +| `images.server.repository` | Drone **server** image | `docker.io/drone/drone` | +| `images.server.tag` | Drone **server** image tag | `1.6.1` | +| `images.server.pullSecret` | Drone **server** image pull secret | `` | +| `images.server.pullPolicy` | Drone **server** image pull policy | `IfNotPresent` | +| `images.agent.repository` | Drone **agent** image | `docker.io/drone/agent` | +| `images.agent.tag` | Drone **agent** image tag | `1.6.1` | +| `images.agent.pullPolicy` | Drone **agent** image pull policy | `IfNotPresent` | +| `images.dind.repository` | Docker **dind** image | `docker.io/library/docker` | +| `images.dind.tag` | Docker **dind** image tag | `18.06.1-ce-dind` | +| `images.dind.pullPolicy` | Docker **dind** image pull policy | `IfNotPresent` | +| `service.annotations` | Service annotations | `{}` | +| `service.httpPort` | Drone's Web GUI HTTP port | `80` | +| `service.nodePort` | If `service.type` is `NodePort` and this is non-empty, sets the http node port of the service | `32015` | +| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | +| `ingress.enabled` | Enables Ingress for Drone | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts` | Ingress accepted hostnames | `nil` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `ingress.path` | Ingress path mapping | `` | +| `licenseKey` | Enterprise License Key | `` | +| `licenseKeySecret` | Enterprise License Key Secret Name | `` | +| `sourceControl.provider` | name of source control provider [github,gitlab,gitea,gogs,bitbucketCloud,bitbucketServer] | `` | +| `sourceControl.secret` | name of secret containing source control keys and passwords | `` | +| `sourceControl.github` | values to configure github | see values.yaml | +| `sourceControl.gitlab` | values to configure gitlab | see values.yaml | +| `sourceControl.gitea` | values to configure gitea | see values.yaml | +| `sourceControl.gogs` | values to configure gogs | see values.yaml | +| `sourceControl.bitbucketCloud` | values to configure bitbucket cloud | see values.yaml | +| `sourceControl.bitbucketServer` | values to configure bitbucket server (stash) | see values.yaml | +| `server.host` | Drone **server** hostname (should match callback url in oauth config) | `(internal hostname)` | +| `server.protocol` | Drone **server** scheme/protocol [http,https] | `http` | +| `server.httpPort` | Drone **server** http port | `80` | +| `server.env` | Drone **server** environment variables | `(default values)` | +| `server.database.driver` | Drone **server** database driver, options are (`mysql`, `postgres`, `sqlite3`) | `sqlite3` | +| `server.database.dataSource` | Drone **server** database DataSource | `/var/lib/drone/drone.sqlite` | +| `server.logs.debug` | Drone **server** enables debug mode | `false` | +| `server.logs.trace` | Drone **server** enables trace mode | `false` | +| `server.logs.color` | Drone **server** enables colored logs | `false` | +| `server.logs.pretty` | Drone **server** enables pretty logs | `false` | +| `server.logs.text` | Drone **server** enables text logs rather than `json` logs | `true` | +| `server.envSecrets`        | Drone **server** secret environment variables                                                 | `(default values)`         | +| `server.adminUser`        | Initial user to create and set as admin                                                 | `` | +| `server.alwaysAuth` | whether to authenticate when cloning public repositories | `false` | +| `server.kubernetes.enabled` | whether to use kubernetes to run pipelines (if `false` will run agents instead) | `true` | +| `server.kubernetes.namespace` | namespace in which to run pipelines, defaults to release namespace. | ``         | +| `server.kubernetes.pipelineServiceAccount`        | if rbac is enabled, what should name of pipeline service account be?                                            | ``         | +| `server.annotations` | Drone **server** annotations | `{}` | +| `server.resources` | Drone **server** pod resource requests & limits | `{}` | +| `server.schedulerName` | Drone **server** alternate scheduler name | `nil` | +| `server.affinity` | Drone **server** scheduling preferences | `{}` | +| `server.nodeSelector` | Drone **server** node labels for pod assignment | `{}` | +| `server.tolerations` | Drone **server** node taints to tolerate | `[]` | +| `server.securityContext` | Drone **server** securityContext | `{}` | +| `server.extraContainers` | Additional sidecar containers | `""` | +| `server.extraVolumes` | Additional volumes for use in extraContainers | `""` | +| `agent.env` | Drone **agent** environment variables | `(default values)` | +| `agent.replicas` | Drone **agent** replicas | `1` | +| `agent.annotations` | Drone **agent** annotations | `{}` | +| `agent.resources` | Drone **agent** pod resource requests & limits | `{}` | +| `agent.schedulerName` | Drone **agent** alternate scheduler name | `nil` | +| `agent.affinity` | Drone **agent** scheduling preferences | `{}` | +| `agent.nodeSelector` | Drone **agent** node labels for pod assignment | `{}` | +| `agent.tolerations` | Drone **agent** node taints to tolerate | `[]` | +| `agent.livenessProbe` | Not currently used. | `{}` | +| `agent.readinessProbe` | Not currently used | `{}` | +| `agent.volumes` | Additional volumes to make available to agent (shared by dind if used) | `nil` | +| `agent.volumeMounts` | Mount points for volumes | `nil` | +| `agent.rpcServerOverride` | Override rpc server url | `nil` | +| `dind.enabled` | Enable or disable **DinD** | `true` | +| `dind.driver` | **DinD** storage driver | `overlay2` | +| `dind.volumeMounts` | Mount points for volumes (defined in agent.volumes) | `nil` | +| `dind.resources` | **DinD** pod resource requests & limits | `{}` | +| `dind.env` | **DinD** environment variables | `nil` | +| `dind.command` | **DinD** custom command instead of default entry point | `nil` | +| `dind.args` | **DinD** arguments for custom command or entry point | `nil` | +| `metrics.prometheus.enabled` | Enable Prometheus metrics endpoint | `false` | +| `persistence.enabled` | Use a PVC to persist data | `true` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Storage class of backing PVC | `nil` | +| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | +| `persistence.size` | Size of data volume | `1Gi` | +| `sharedSecret` | Drone server and agent shared secret (Note: The Default random value changes on every `helm upgrade` causing a rolling update of server and agents) | `(random value)` | +| `rbac.create` | Specifies whether RBAC resources should be created. | `true` | +| `rbac.apiVersion` | RBAC API version | `v1` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created. | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template. | `(fullname template)` | diff --git a/stable/drone/templates/deployment-server.yaml b/stable/drone/templates/deployment-server.yaml index 5ff49ce8841a..2ba8a8259cbf 100644 --- a/stable/drone/templates/deployment-server.yaml +++ b/stable/drone/templates/deployment-server.yaml @@ -48,6 +48,10 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} serviceAccountName: {{ template "drone.serviceAccountName" . }} +{{- if .Values.images.server.pullSecret }} + imagePullSecrets: + - name: {{ .Values.images.server.pullSecret }} +{{- end }} containers: - name: server image: "{{ .Values.images.server.repository }}:{{ .Values.images.server.tag }}" @@ -84,6 +88,20 @@ spec: value: {{ template "drone.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.httpPort }} - name: DRONE_SERVER_PROTO value: {{ .Values.server.protocol }} + - name: DRONE_DATABASE_DRIVER + value: {{ .Values.server.database.driver }} + - name: DRONE_DATABASE_DATASOURCE + value: {{ .Values.server.database.dataSource }} + - name: DRONE_LOGS_COLOR + value: {{ .Values.server.logs.color | quote }} + - name: DRONE_LOGS_DEBUG + value: {{ .Values.server.logs.debug | quote }} + - name: DRONE_LOGS_PRETTY + value: {{ .Values.server.logs.pretty | quote }} + - name: DRONE_LOGS_TRACE + value: {{ .Values.server.logs.trace | quote }} + - name: DRONE_LOGS_TEXT + value: {{ .Values.server.logs.text | quote }} {{- if .Values.server.adminUser }} - name: DRONE_USER_CREATE value: username:{{ .Values.server.adminUser }},machine:false,admin:true diff --git a/stable/drone/values.yaml b/stable/drone/values.yaml index 4dd5c8b88059..867c9b66484b 100644 --- a/stable/drone/values.yaml +++ b/stable/drone/values.yaml @@ -117,6 +117,15 @@ server: ## protocol should be http or https protocol: http + database: + driver: "sqlite3" + dataSource: "/var/lib/drone/drone.sqlite" + logs: + color: false + debug: false + pretty: false + trace: false + text: true ## http port ## Set to > 1024 if you want to run the pod as non-root user @@ -155,10 +164,6 @@ server: ## ref: https://docs.drone.io/reference/server/ ## env: - DRONE_LOGS_DEBUG: "false" - DRONE_DATABASE_DRIVER: "sqlite3" - DRONE_DATABASE_DATASOURCE: "/var/lib/drone/drone.sqlite" - ## Secret environment variables are configured in `server.envSecrets`. ## Each item in `server.envSecrets` references a Kubernetes Secret. ## These Secrets should be created before they are referenced. @@ -223,7 +228,7 @@ agent: ## ref: https://docs.drone.io/reference/agent/ ## env: - DRONE_LOGS_DEBUG: "false" + # DRONE_LOGS_DEBUG: "false" ## Number of drone agent replicas replicas: 1 From 53abaeae29551265fcbe5f81840160112cfc1d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20M=2E=20Cust=C3=B3dio?= Date: Thu, 6 Feb 2020 21:05:26 +0000 Subject: [PATCH 036/304] [stable/sealed-secrets] Support specifying pod annotations. (#20580) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bruno Miguel Custódio --- stable/sealed-secrets/Chart.yaml | 2 +- stable/sealed-secrets/README.md | 1 + stable/sealed-secrets/templates/deployment.yaml | 4 ++++ stable/sealed-secrets/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index 405d2d6d41fd..00d3b18f1e54 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,6 +1,6 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.7.1 +version: 1.7.2 appVersion: 0.9.6 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets diff --git a/stable/sealed-secrets/README.md b/stable/sealed-secrets/README.md index 18a44d82a037..6f1ca8ba38bb 100644 --- a/stable/sealed-secrets/README.md +++ b/stable/sealed-secrets/README.md @@ -65,6 +65,7 @@ Read about kubeseal usage on [sealed-secrets docs](https://github.com/bitnami-la | **ingress.path** | Ingress path | `/v1/cert.pem` | | **ingress.hosts** | Ingress accepted hostnames | `["chart-example.local"]` | | **ingress.tls** | Ingress TLS configuration | `[]` | +| **podAnnotations** | Annotations to annotate pods with. | `{}` | - In the case that **serviceAccount.create** is `false` and **rbac.create** is `true` it is expected for a service account with the name **serviceAccount.name** to exist _in the same namespace as this chart_ before installation. diff --git a/stable/sealed-secrets/templates/deployment.yaml b/stable/sealed-secrets/templates/deployment.yaml index ca115df1cfa8..9680174a13fe 100644 --- a/stable/sealed-secrets/templates/deployment.yaml +++ b/stable/sealed-secrets/templates/deployment.yaml @@ -16,6 +16,10 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/sealed-secrets/values.yaml b/stable/sealed-secrets/values.yaml index 3b446505cbd1..ab06eaec7ef2 100644 --- a/stable/sealed-secrets/values.yaml +++ b/stable/sealed-secrets/values.yaml @@ -50,3 +50,5 @@ networkPolicy: false securityContext: # securityContext.runAsUser defines under which user the operator Pod and its containers/processes run. runAsUser: 1001 + +podAnnotations: {} From f1b36a1013c3824c78a45af4383d72240d8e05e2 Mon Sep 17 00:00:00 2001 From: gml3ff Date: Thu, 6 Feb 2020 17:51:24 -0500 Subject: [PATCH 037/304] [stable/datadog] clarify that nonLocalTraffic must be set to true to use APM (#20590) * clarify that nonLocalTraffic must be set to true to use APM Signed-off-by: Morgan Lupton Signed-off-by: gml3ff * bump chart version Signed-off-by: gml3ff --- stable/datadog/Chart.yaml | 2 +- stable/datadog/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index e87639394a02..2a50a6b928ce 100644 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 1.39.7 +version: 1.39.8 appVersion: "7" description: DataDog Agent keywords: diff --git a/stable/datadog/values.yaml b/stable/datadog/values.yaml index 9ed6ef5d9f63..c653c0d2a716 100644 --- a/stable/datadog/values.yaml +++ b/stable/datadog/values.yaml @@ -162,6 +162,7 @@ datadog: ## @param nonLocalTraffic - boolean - optional - default: false ## Enable this to make each node accept non-local statsd traffic. + ## This option must be set to "true" in order to use APM. ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables # # nonLocalTraffic: false From 61c95cb9b72472f932c882f9d3f01513f94c7add Mon Sep 17 00:00:00 2001 From: Ravi <1299606+rustycl0ck@users.noreply.github.com> Date: Fri, 7 Feb 2020 08:09:43 +0000 Subject: [PATCH 038/304] [stable/oauth2-proxy] Add htpasswd file checksum to annotations (#20280) Signed-off-by: rustyclock --- stable/oauth2-proxy/Chart.yaml | 2 +- stable/oauth2-proxy/templates/deployment.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/stable/oauth2-proxy/Chart.yaml b/stable/oauth2-proxy/Chart.yaml index d06e6d05d210..118d50e2ea46 100644 --- a/stable/oauth2-proxy/Chart.yaml +++ b/stable/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 2.2.1 +version: 2.2.2 apiVersion: v1 appVersion: 4.0.0 home: https://pusher.github.io/oauth2_proxy/ diff --git a/stable/oauth2-proxy/templates/deployment.yaml b/stable/oauth2-proxy/templates/deployment.yaml index 312e5f44cf66..e4adcda2f5ed 100644 --- a/stable/oauth2-proxy/templates/deployment.yaml +++ b/stable/oauth2-proxy/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }} +{{- if .Values.htpasswdFile.enabled }} + checksum/htpasswd: {{ include (print $.Template.BasePath "/configmap-htpasswd-file.yaml") . | sha256sum }} +{{- end }} {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} From 1d07dadf21433aa169b174f0aaa4d766010bcdf1 Mon Sep 17 00:00:00 2001 From: Maxime Fouilleul Date: Fri, 7 Feb 2020 09:17:42 +0100 Subject: [PATCH 039/304] [stable/elasticsearch-exporter] Feature flap the flag es.uri (#20589) * Feature flap the flag es.uri to allow fallback to env var ES_URI Signed-off-by: Maxime Fouilleul * Bump chart Signed-off-by: Maxime Fouilleul --- stable/elasticsearch-exporter/Chart.yaml | 2 +- stable/elasticsearch-exporter/templates/deployment.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/elasticsearch-exporter/Chart.yaml b/stable/elasticsearch-exporter/Chart.yaml index b165e4229cd5..84d7fb0f8528 100644 --- a/stable/elasticsearch-exporter/Chart.yaml +++ b/stable/elasticsearch-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Elasticsearch stats exporter for Prometheus name: elasticsearch-exporter -version: 2.2.0 +version: 2.3.0 kubeVersion: ">=1.10.0-0" appVersion: 1.1.0 home: https://github.com/justwatchcom/elasticsearch_exporter diff --git a/stable/elasticsearch-exporter/templates/deployment.yaml b/stable/elasticsearch-exporter/templates/deployment.yaml index 605851834673..bbbf6885cd89 100644 --- a/stable/elasticsearch-exporter/templates/deployment.yaml +++ b/stable/elasticsearch-exporter/templates/deployment.yaml @@ -63,7 +63,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["elasticsearch_exporter", + {{- if .Values.es.uri }} "--es.uri={{ .Values.es.uri }}", + {{- end }} {{- if .Values.es.all }} "--es.all", {{- end }} From 09ff371ed6804010e459c667d76519da8376a044 Mon Sep 17 00:00:00 2001 From: georgekaz Date: Fri, 7 Feb 2020 09:01:42 +0000 Subject: [PATCH 040/304] add back support for ingress in k8s < 1.14 (#20591) Signed-off-by: George Kaz --- stable/drone/Chart.yaml | 2 +- stable/drone/templates/_helpers.tpl | 11 +++++++++++ stable/drone/templates/ingress.yaml | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index 4181e0800d30..44dc5ec84370 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.6.0 +version: 2.6.1 appVersion: 1.6.1 description: Drone is a Continuous Delivery system built on container technology keywords: diff --git a/stable/drone/templates/_helpers.tpl b/stable/drone/templates/_helpers.tpl index ede20f81f268..e435fcef2dae 100644 --- a/stable/drone/templates/_helpers.tpl +++ b/stable/drone/templates/_helpers.tpl @@ -69,3 +69,14 @@ Create the name of the secret for an enterprise license key {{ printf "%s-%s" (include "drone.fullname" .) "license-key" | trunc 63 }} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "drone.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/stable/drone/templates/ingress.yaml b/stable/drone/templates/ingress.yaml index 6d6e6a335eac..0f1c23fcf441 100644 --- a/stable/drone/templates/ingress.yaml +++ b/stable/drone/templates/ingress.yaml @@ -1,7 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "drone.fullname" . }} {{- $httpPort := .Values.service.httpPort }} -apiVersion: networking.k8s.io/v1beta1 +apiVersion: {{ template "drone.ingress.apiVersion" . }} kind: Ingress metadata: annotations: From 4f1eb6cdecd4e807fbc8ff70dd2be9717a324ab9 Mon Sep 17 00:00:00 2001 From: rowanr Date: Fri, 7 Feb 2020 11:37:43 +0100 Subject: [PATCH 041/304] [stable/pgadmin] version 4.17 to 4.18 (#20603) This version ensures Postfix starts in the container: ``` sudo /usr/sbin/postfix start ``` Version 4.18 release notes can be found here: https://www.pgadmin.org/docs/pgadmin4/development/release_notes_4_18.html Signed-off-by: Rowan Ruseler --- stable/pgadmin/Chart.yaml | 4 ++-- stable/pgadmin/README.md | 2 +- stable/pgadmin/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/pgadmin/Chart.yaml b/stable/pgadmin/Chart.yaml index 04e97c1274c9..ab492c6fe16b 100644 --- a/stable/pgadmin/Chart.yaml +++ b/stable/pgadmin/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: pgAdmin is a web based administration tool for PostgreSQL database name: pgadmin -version: 1.1.3 -appVersion: 4.17.0 +version: 1.1.4 +appVersion: 4.18.0 home: https://www.pgadmin.org/ source: https://github.com/rowanruseler/pgadmin maintainers: diff --git a/stable/pgadmin/README.md b/stable/pgadmin/README.md index 382146fa2cf7..c578d427b686 100644 --- a/stable/pgadmin/README.md +++ b/stable/pgadmin/README.md @@ -42,7 +42,7 @@ The command removes nearly all the Kubernetes components associated with the cha | --------- | ----------- | ------- | | `replicaCount` | Number of pgadmin replicas | `1` | | `image.repository` | Docker image | `dpage/pgadmin4` | -| `image.tag` | Docker image tag | `4.17` | +| `image.tag` | Docker image tag | `4.18` | | `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | | `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | | `service.port` | Service port | `80` | diff --git a/stable/pgadmin/values.yaml b/stable/pgadmin/values.yaml index 4d063ec36708..ba33f61935c6 100644 --- a/stable/pgadmin/values.yaml +++ b/stable/pgadmin/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 ## image: repository: dpage/pgadmin4 - tag: 4.17 + tag: 4.18 pullPolicy: IfNotPresent service: From 5c49710644c9914a3d5daa867612ec9f65c78a85 Mon Sep 17 00:00:00 2001 From: Isa Aguilar Date: Fri, 7 Feb 2020 03:03:43 -0800 Subject: [PATCH 042/304] upgrade apiVersion (#20592) Signed-off-by: Isa Aguilar --- stable/k8s-spot-rescheduler/Chart.yaml | 2 +- stable/k8s-spot-rescheduler/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/k8s-spot-rescheduler/Chart.yaml b/stable/k8s-spot-rescheduler/Chart.yaml index a9b19d898223..73929b3c69f7 100644 --- a/stable/k8s-spot-rescheduler/Chart.yaml +++ b/stable/k8s-spot-rescheduler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "v0.2.0" description: A k8s-spot-rescheduler Helm chart for Kubernetes name: k8s-spot-rescheduler -version: 0.4.2 +version: 0.4.3 keywords: - spot - rescheduler diff --git a/stable/k8s-spot-rescheduler/templates/deployment.yaml b/stable/k8s-spot-rescheduler/templates/deployment.yaml index df5345221a94..474ef07d7725 100644 --- a/stable/k8s-spot-rescheduler/templates/deployment.yaml +++ b/stable/k8s-spot-rescheduler/templates/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "k8s-spot-rescheduler.fullname" . }} From 03fc26fbcb1bfc74d1debd9a0b15c5970d18eec8 Mon Sep 17 00:00:00 2001 From: Ryuichi Inagaki Date: Fri, 7 Feb 2020 22:47:45 +1100 Subject: [PATCH 043/304] [stable/spinnaker] Fix for wrong minio image tag spec (#20488) minio image tag can be specified with `minio.image.tag` instead of `minio.imageTag` as reported on https://github.com/helm/charts/issues/14250 Signed-off-by: Ryuichi Inagaki --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/values.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index 49a97ca82102..7b3b129a1d76 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.23.1 +version: 1.23.2 appVersion: 1.16.2 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/values.yaml b/stable/spinnaker/values.yaml index 02814ef9122e..dd5fbd6fedd6 100644 --- a/stable/spinnaker/values.yaml +++ b/stable/spinnaker/values.yaml @@ -256,7 +256,8 @@ redis: # Minio is not exposed publically minio: enabled: true - imageTag: RELEASE.2019-02-13T19-48-27Z + image: + tag: RELEASE.2018-08-25T01-56-38Z serviceType: ClusterIP accessKey: spinnakeradmin secretKey: spinnakeradmin From 1131e01f4a55b43786d7a52d32c34d0936db10e6 Mon Sep 17 00:00:00 2001 From: Manuel Bovo Date: Fri, 7 Feb 2020 15:01:46 +0100 Subject: [PATCH 044/304] [stable/jenkins] FIX #20262 (#20267) * FIX helm3 unable to install chart without cluster-admin permission #20262 Signed-off-by: Manuel Bovo * Bump stable/jenkins version Signed-off-by: Manuel Bovo --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/templates/rbac.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index af4910b54ba4..4d344defc3ce 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: jenkins home: https://jenkins.io/ -version: 1.9.16 +version: 1.9.17 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/templates/rbac.yaml b/stable/jenkins/templates/rbac.yaml index 437271005e11..58c36f1b839e 100644 --- a/stable/jenkins/templates/rbac.yaml +++ b/stable/jenkins/templates/rbac.yaml @@ -16,7 +16,10 @@ metadata: rules: - apiGroups: [""] resources: ["pods", "pods/exec", "pods/log", "persistentvolumeclaims"] - verbs: ["*"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["pods", "pods/exec", "persistentvolumeclaims"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] --- From 549bf53325e89ae3c7510352bd445e4c9c115a6c Mon Sep 17 00:00:00 2001 From: Douglas Camata Date: Fri, 7 Feb 2020 15:45:47 +0100 Subject: [PATCH 045/304] [stable/newrelic-infrastructure] Permissions and privileged mode additions (#20604) * Add missing entries for privileged version Signed-off-by: Douglas Camata * Add non-resource permissions to access `/metrics`. Signed-off-by: Douglas Camata * Bump chart version Signed-off-by: Douglas Camata * Stringify dns policy Signed-off-by: Douglas Camata * Undo stringify dns policy, try another fix for linting Signed-off-by: Douglas Camata --- stable/newrelic-infrastructure/Chart.yaml | 2 +- stable/newrelic-infrastructure/templates/clusterrole.yaml | 2 ++ stable/newrelic-infrastructure/templates/daemonset.yaml | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index 3a1c078a8f63..e8d269c54024 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.13.20 +version: 0.13.21 appVersion: 1.13.2 home: https://hub.docker.com/r/newrelic/infrastructure-k8s/ source: diff --git a/stable/newrelic-infrastructure/templates/clusterrole.yaml b/stable/newrelic-infrastructure/templates/clusterrole.yaml index 2d83076a2cd0..236920145143 100644 --- a/stable/newrelic-infrastructure/templates/clusterrole.yaml +++ b/stable/newrelic-infrastructure/templates/clusterrole.yaml @@ -15,6 +15,8 @@ rules: - "services" - "secrets" verbs: ["get", "list"] + - nonResourceURLs: ["/metrics"] + verbs: ["get"] {{- if .Values.rbac.pspEnabled }} - apiGroups: - extensions diff --git a/stable/newrelic-infrastructure/templates/daemonset.yaml b/stable/newrelic-infrastructure/templates/daemonset.yaml index f0199cc3eae1..f873883efccf 100644 --- a/stable/newrelic-infrastructure/templates/daemonset.yaml +++ b/stable/newrelic-infrastructure/templates/daemonset.yaml @@ -26,6 +26,10 @@ spec: mode: {{ template "newrelic.mode" . }} spec: serviceAccountName: {{ template "newrelic.serviceAccountName" . }} + {{- if .Values.privileged }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- end }} containers: - name: {{ template "newrelic.name" . }} image: {{ template "newrelic.image" . }} From 86c55f9b21c82249b83f2a976622710d7e894d56 Mon Sep 17 00:00:00 2001 From: Noah Krause Date: Fri, 7 Feb 2020 10:05:45 -0500 Subject: [PATCH 046/304] Add deprecation warning to helm chart (#20588) Signed-off-by: Noah Krause --- stable/ambassador/Chart.yaml | 2 +- stable/ambassador/README.md | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index bd9bd204c48a..5f825bad4de3 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.86.1 description: A Helm chart for Datawire Ambassador name: ambassador -version: 5.3.0 +version: 5.3.1 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index 52c7d3f72b84..0693f780a230 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -1,3 +1,12 @@ +# !!DEPRECATED!! Please use https://github.com/datawire/ambassador-chart. + +[helm/charts](https://github.com/helm/charts) has been deprecated and will be obsolete by Nov 13 2020. For this reason, the datawire team as retaken ownership of this chart. + +The Ambassador Chart is now hosted at [datawire/ambassador-chart](https://github.com/datawire/ambassador-chart). + +--- + + # Ambassador Ambassador is an open source, Kubernetes-native [microservices API gateway](https://www.getambassador.io/about/microservices-api-gateways) built on the [Envoy Proxy](https://www.envoyproxy.io/). From 5032aabdcb18a601221430016095cefa34d94c97 Mon Sep 17 00:00:00 2001 From: raffis Date: Fri, 7 Feb 2020 22:39:45 +0100 Subject: [PATCH 047/304] [stable/collabora-code] add option to specify a path for readiness and liveness probes (#20534) * [stable/collabora-code] added option to specify a path for readiness and liveness probes Signed-off-by: Raffael Sahli * dropped trailing new line Signed-off-by: Raffael Sahli * documented new path variables Signed-off-by: Raffael Sahli --- stable/collabora-code/Chart.yaml | 2 +- stable/collabora-code/README.md | 4 +++- stable/collabora-code/templates/deployment.yaml | 4 ++-- stable/collabora-code/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/stable/collabora-code/Chart.yaml b/stable/collabora-code/Chart.yaml index 10dd791cedd6..1b0722ec7441 100644 --- a/stable/collabora-code/Chart.yaml +++ b/stable/collabora-code/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "4.0.3.1" description: A Helm chart for Collabora Office - CODE-Edition name: collabora-code -version: 1.0.5 +version: 1.0.6 icon: https://avatars0.githubusercontent.com/u/22418908?s=200&v=4 sources: - https://github.com/CollaboraOnline/Docker-CODE diff --git a/stable/collabora-code/README.md b/stable/collabora-code/README.md index e6fe5864593c..6207eb7e2aaa 100644 --- a/stable/collabora-code/README.md +++ b/stable/collabora-code/README.md @@ -75,12 +75,13 @@ The following tables lists the configurable parameters of this chart and their d | `ingress.hosts` | | `[]` | | `ingress.tls` | | `[]` | | `livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | | `livenessProbe.periodSeconds` | How often to perform the probe | `10` | | `livenessProbe.timeoutSeconds` | When the probe times out | `2` | | `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | | `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | | `livenessProbe.scheme` | Scheme for the probe | `HTTP` | +| `livenessProbe.path` | Path for the probe | `/` | | `readinessProbe.enabled` | Turn on and off readiness probe | `true` | | `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | | `readinessProbe.periodSeconds` | How often to perform the probe | `10` | @@ -88,6 +89,7 @@ The following tables lists the configurable parameters of this chart and their d | `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | | `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `3` | | `readinessProbe.scheme` | Scheme for the probe | `HTTP` | +| `readinessProbe.path` | Path for the probe | `/` | | `securityContext.allowPrivilegeEscalation` | Create & use Pod Security Policy resources | `true` | | `securitycontext.capabilities.add` | Collabora needs to run with MKNOD as capabibility | `[MKNOD]` | | `resources` | Resources required (e.g. CPU, memory) | `{}` | diff --git a/stable/collabora-code/templates/deployment.yaml b/stable/collabora-code/templates/deployment.yaml index 48ec298ff711..a48df5ccc180 100644 --- a/stable/collabora-code/templates/deployment.yaml +++ b/stable/collabora-code/templates/deployment.yaml @@ -65,7 +65,7 @@ spec: livenessProbe: failureThreshold: 3 httpGet: - path: / + path: {{ .Values.livenessProbe.path }} port: http scheme: {{ .Values.livenessProbe.scheme }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} @@ -78,7 +78,7 @@ spec: readinessProbe: failureThreshold: 3 httpGet: - path: / + path: {{ .Values.readinessProbe.path }} port: http scheme: {{ .Values.readinessProbe.scheme }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} diff --git a/stable/collabora-code/values.yaml b/stable/collabora-code/values.yaml index 7c40499a4cf2..2dcd8cad225e 100644 --- a/stable/collabora-code/values.yaml +++ b/stable/collabora-code/values.yaml @@ -62,6 +62,7 @@ livenessProbe: successThreshold: 1 failureThreshold: 3 scheme: HTTP + path: / readinessProbe: enabled: true @@ -71,3 +72,4 @@ readinessProbe: successThreshold: 1 failureThreshold: 3 scheme: HTTP + path: / From cbfec0b8fa514583ebd220ee4f27a3f278f66207 Mon Sep 17 00:00:00 2001 From: Denis Sventitsky Date: Sat, 8 Feb 2020 07:35:53 +0300 Subject: [PATCH 048/304] [stable/metabase] Support fullnameOverride in _helpers.tpl (#20579) * Support fullnameOverride in _helpers.tpl Signed-off-by: Denis Sventitsky * Bump chart version Signed-off-by: Denis Sventitsky * Update README.md with fullnameOverride parameter Signed-off-by: Denis Sventitsky --- stable/metabase/Chart.yaml | 2 +- stable/metabase/README.md | 1 + stable/metabase/templates/_helpers.tpl | 9 +++++++++ stable/metabase/values.yaml | 4 ++++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 289f3aa83873..3b2849e91d51 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.10.2 +version: 0.10.3 appVersion: v0.34.0 maintainers: - name: pmint93 diff --git a/stable/metabase/README.md b/stable/metabase/README.md index 6375c56535eb..44b580e3ae81 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -50,6 +50,7 @@ The following table lists the configurable parameters of the Metabase chart and | image.repository | controller container image repository | metabase/metabase | | image.tag | controller container image tag | v0.34.0 | | image.pullPolicy | controller container image pull policy | IfNotPresent | +| fullnameOverride | String to fully override metabase.fullname template | null | | listen.host | Listening on a specific network host | 0.0.0.0 | | listen.port | Listening on a specific network port | 3000 | | ssl.enabled | Enable SSL to run over HTTPS | false | diff --git a/stable/metabase/templates/_helpers.tpl b/stable/metabase/templates/_helpers.tpl index 979458530afa..f396a51c4b2c 100644 --- a/stable/metabase/templates/_helpers.tpl +++ b/stable/metabase/templates/_helpers.tpl @@ -9,11 +9,20 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "metabase.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- end -}} +{{- end -}} {{/* Return the apiVersion of deployment. diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index 5b8d87463486..44e7bbca4e3e 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -10,6 +10,10 @@ image: tag: v0.34.0 pullPolicy: IfNotPresent +## String to fully override metabase.fullname template +## +# fullnameOverride: + # Config Jetty web server listen: host: "0.0.0.0" From 15fd25f477eb333cc46b0fb98585271a3508e503 Mon Sep 17 00:00:00 2001 From: Matt Walker Date: Sat, 8 Feb 2020 03:47:53 -0500 Subject: [PATCH 049/304] [incubator/cassandra] Change configOverrides to use an initContainer (#20511) This allows the filesystem of the configs to be r/w. Signed-off-by: Matthew Walker Co-authored-by: matthew-walker-prolucid <55808309+matthew-walker-prolucid@users.noreply.github.com> --- incubator/cassandra/Chart.yaml | 2 +- .../cassandra/templates/statefulset.yaml | 29 +++++++++++++++---- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index 75e1a0dd7206..87843c11719c 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: cassandra -version: 0.13.4 +version: 0.14.0 appVersion: 3.11.5 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/templates/statefulset.yaml b/incubator/cassandra/templates/statefulset.yaml index 01d90efa3e5d..455dfb65e387 100644 --- a/incubator/cassandra/templates/statefulset.yaml +++ b/incubator/cassandra/templates/statefulset.yaml @@ -49,6 +49,20 @@ spec: {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.configOverrides }} + initContainers: + - name: config-copier + image: busybox + command: [ 'sh', '-c', 'cp /configmap-files/* /cassandra-configs/ && chown 999:999 /cassandra-configs/*'] + volumeMounts: +{{- range $key, $value := .Values.configOverrides }} + - name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }} + mountPath: /configmap-files/{{ $key }} + subPath: {{ $key }} +{{- end }} + - name: cassandra-configs + mountPath: /cassandra-configs/ {{- end }} containers: {{- if .Values.exporter.enabled }} @@ -153,11 +167,10 @@ spec: volumeMounts: - name: data mountPath: /var/lib/cassandra -{{- range $key, $value := .Values.configOverrides }} - - name: cassandra-config-{{ $key | replace "." "-" }} - mountPath: /etc/cassandra/{{ $key }} - subPath: {{ $key }} -{{- end }} + {{- if .Values.configOverrides }} + - name: cassandra-configs + mountPath: /etc/cassandra + {{- end }} {{- if not .Values.persistence.enabled }} lifecycle: preStop: @@ -175,7 +188,11 @@ spec: {{- range $key, $value := .Values.configOverrides }} - configMap: name: cassandra - name: cassandra-config-{{ $key | replace "." "-" }} + name: cassandra-config-{{ $key | replace "." "-" | replace "_" "--" }} +{{- end }} +{{- if .Values.configOverrides }} + - name: cassandra-configs + emptyDir: {} {{- end }} {{- if not .Values.persistence.enabled }} - name: data From 4852bbe9c4e68df62a7c68fd3ae58e0046cde191 Mon Sep 17 00:00:00 2001 From: Chris Barton Date: Sat, 8 Feb 2020 00:57:53 -0800 Subject: [PATCH 050/304] [stable/graylog] Add support for extra options in the Graylog chart (#20516) * [graylog] Extract common labels to a template function This allows for subcharting to take advantage of the labels as well as removes the need for duplicating those values when they should be consistent. Signed-off-by: Chris Barton * [graylog] add support for additional JAVA_OPTS Signed-off-by: Chris Barton * [graylog] bump to 1.5.5 Signed-off-by: Chris Barton --- stable/graylog/Chart.yaml | 2 +- stable/graylog/README.md | 1 + stable/graylog/templates/_helpers.tpl | 22 +++++++++++++++ stable/graylog/templates/configmap.yaml | 6 +--- stable/graylog/templates/files-configmap.yaml | 6 +--- stable/graylog/templates/ingress.yaml | 6 +--- stable/graylog/templates/job.yaml | 18 ++---------- stable/graylog/templates/master-service.yaml | 6 +--- stable/graylog/templates/rolebinding.yaml | 6 +--- stable/graylog/templates/secret.yaml | 6 +--- stable/graylog/templates/serviceaccount.yaml | 6 +--- stable/graylog/templates/statefulset.yaml | 28 ++++--------------- stable/graylog/templates/tcp-service.yaml | 6 +--- stable/graylog/templates/udp-service.yaml | 6 +--- stable/graylog/templates/web-service.yaml | 6 +--- 15 files changed, 42 insertions(+), 89 deletions(-) diff --git a/stable/graylog/Chart.yaml b/stable/graylog/Chart.yaml index 238d1f59b150..cb39b3a85fef 100755 --- a/stable/graylog/Chart.yaml +++ b/stable/graylog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: graylog home: https://www.graylog.org -version: 1.5.4 +version: 1.5.5 appVersion: 3.1 description: Graylog is the centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. keywords: diff --git a/stable/graylog/README.md b/stable/graylog/README.md index 5de6841456cf..ae654805443f 100644 --- a/stable/graylog/README.md +++ b/stable/graylog/README.md @@ -108,6 +108,7 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.tolerations` | Graylog server tolerations | `[]` | | `graylog.nodeSelector` | Graylog server node selector | `{}` | | `graylog.env` | Graylog server env variables | `{}` | +| `graylog.additionalJavaOpts` | Graylog service additional `JAVA_OPTS` | `` | | `graylog.service.type` | Kubernetes Service type | `ClusterIP` | | `graylog.service.port` | Graylog Service port | `9000` | | `graylog.service.master.port` | Graylog Master Service port | `9000` | diff --git a/stable/graylog/templates/_helpers.tpl b/stable/graylog/templates/_helpers.tpl index c169085eb1cd..00dd62ccf42a 100644 --- a/stable/graylog/templates/_helpers.tpl +++ b/stable/graylog/templates/_helpers.tpl @@ -81,3 +81,25 @@ Create chart name and version as used by the chart label. {{- define "graylog.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Standard metadata labels used by the chart. +*/}} +{{- define "graylog.metadataLabels" -}} +helm.sh/chart: {{ template "graylog.chart" . }} +{{ template "graylog.selectorLabels" . }} +app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- end -}} + +{{/* +Selector labels used by the chart. +*/}} +{{- define "graylog.selectorLabels" -}} +app.kubernetes.io/name: {{ template "graylog.name" . }} +app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.helm2Compatibility }} +app.kubernetes.io/managed-by: "Tiller" +{{- else }} +app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- end -}} +{{- end -}} diff --git a/stable/graylog/templates/configmap.yaml b/stable/graylog/templates/configmap.yaml index c06729fa5166..850de8ad279c 100644 --- a/stable/graylog/templates/configmap.yaml +++ b/stable/graylog/templates/configmap.yaml @@ -3,11 +3,7 @@ kind: ConfigMap metadata: name: {{ template "graylog.fullname" . }} labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} data: log4j2.xml: |- diff --git a/stable/graylog/templates/files-configmap.yaml b/stable/graylog/templates/files-configmap.yaml index 85d062ea2083..520b3f773c7f 100644 --- a/stable/graylog/templates/files-configmap.yaml +++ b/stable/graylog/templates/files-configmap.yaml @@ -4,11 +4,7 @@ kind: ConfigMap metadata: name: {{ template "graylog.fullname" . }}-files labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} data: {{- range $key, $value := .Values.graylog.serverFiles }} {{ $key }}: | diff --git a/stable/graylog/templates/ingress.yaml b/stable/graylog/templates/ingress.yaml index b5bfa1dd0d30..44539cac4e60 100644 --- a/stable/graylog/templates/ingress.yaml +++ b/stable/graylog/templates/ingress.yaml @@ -8,11 +8,7 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} app.kubernetes.io/component: "web" name: {{ template "graylog.fullname" . }}-web spec: diff --git a/stable/graylog/templates/job.yaml b/stable/graylog/templates/job.yaml index db65291be632..34c842ce29ae 100644 --- a/stable/graylog/templates/job.yaml +++ b/stable/graylog/templates/job.yaml @@ -4,20 +4,12 @@ kind: Job metadata: name: {{ template "graylog.fullname" . }}-provisioner-job labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} spec: template: metadata: labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 8 }} spec: {{ if .Values.graylog.provisioner.useGraylogServiceAccount }} serviceAccountName: {{ template "graylog.serviceAccountName" . }} @@ -56,11 +48,7 @@ kind: ConfigMap metadata: name: {{ template "graylog.fullname" . }}-provisioner-job labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} data: script.sh: | {{ .Values.graylog.provisioner.script | indent 4 }} diff --git a/stable/graylog/templates/master-service.yaml b/stable/graylog/templates/master-service.yaml index 5ac30a1ede4b..1adee25e2dc4 100644 --- a/stable/graylog/templates/master-service.yaml +++ b/stable/graylog/templates/master-service.yaml @@ -7,11 +7,7 @@ metadata: {{- end }} name: {{ template "graylog.fullname" . }}-master labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} graylog-role: "master" spec: ports: diff --git a/stable/graylog/templates/rolebinding.yaml b/stable/graylog/templates/rolebinding.yaml index 06e10de32c40..6be9b83c3825 100644 --- a/stable/graylog/templates/rolebinding.yaml +++ b/stable/graylog/templates/rolebinding.yaml @@ -4,11 +4,7 @@ kind: RoleBinding metadata: name: {{ template "graylog.fullname" . }} labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/stable/graylog/templates/secret.yaml b/stable/graylog/templates/secret.yaml index 2352b63dfacb..834d38aa9cfc 100644 --- a/stable/graylog/templates/secret.yaml +++ b/stable/graylog/templates/secret.yaml @@ -4,11 +4,7 @@ kind: Secret metadata: name: {{ template "graylog.fullname" . }} labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} type: Opaque data: {{- if .Values.graylog.rootPassword }} diff --git a/stable/graylog/templates/serviceaccount.yaml b/stable/graylog/templates/serviceaccount.yaml index 9932790f4d10..4dd5426363bb 100644 --- a/stable/graylog/templates/serviceaccount.yaml +++ b/stable/graylog/templates/serviceaccount.yaml @@ -4,9 +4,5 @@ kind: ServiceAccount metadata: name: {{ template "graylog.serviceAccountName" . }} labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} {{- end -}} diff --git a/stable/graylog/templates/statefulset.yaml b/stable/graylog/templates/statefulset.yaml index dd2785849f93..9d534f3369c1 100644 --- a/stable/graylog/templates/statefulset.yaml +++ b/stable/graylog/templates/statefulset.yaml @@ -3,37 +3,19 @@ kind: StatefulSet metadata: name: {{ template "graylog.fullname" . }} labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} spec: serviceName: {{ template "graylog.fullname" . }} replicas: {{ .Values.graylog.replicas }} selector: matchLabels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - {{- if .Values.helm2Compatibility }} - app.kubernetes.io/managed-by: "Tiller" - {{- else }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- end }} +{{ include "graylog.selectorLabels" . | indent 6 }} updateStrategy: type: {{ .Values.graylog.updateStrategy }} template: metadata: labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - {{- if .Values.helm2Compatibility }} - app.kubernetes.io/managed-by: "Tiller" - {{- else }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - {{- end }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 8 }} annotations: {{- if .Values.graylog.podAnnotations }} {{- range $key, $value := .Values.graylog.podAnnotations }} @@ -106,9 +88,9 @@ spec: - name: GRAYLOG_SERVER_JAVA_OPTS {{- $javaOpts := "-Djava.net.preferIPv4Stack=true -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow" }} {{- if .Values.graylog.heapSize }} - value: "{{ $javaOpts }} {{ printf "-Xms%s -Xmx%s" .Values.graylog.heapSize .Values.graylog.heapSize}}" + value: "{{ $javaOpts }} {{ printf "-Xms%s -Xmx%s" .Values.graylog.heapSize .Values.graylog.heapSize}} {{ .Values.graylog.additionalJavaOpts }}" {{- else }} - value: "{{ $javaOpts }} -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" + value: "{{ $javaOpts }} -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap {{ .Values.graylog.additionalJavaOpts }}" {{- end }} - name: GRAYLOG_PASSWORD_SECRET valueFrom: diff --git a/stable/graylog/templates/tcp-service.yaml b/stable/graylog/templates/tcp-service.yaml index 1bb6a338eae5..87053f418e8e 100644 --- a/stable/graylog/templates/tcp-service.yaml +++ b/stable/graylog/templates/tcp-service.yaml @@ -8,11 +8,7 @@ metadata: {{- end }} name: {{ template "graylog.fullname" . }}-tcp labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} app.kubernetes.io/component: "TCP" spec: ports: diff --git a/stable/graylog/templates/udp-service.yaml b/stable/graylog/templates/udp-service.yaml index 2c11de32769f..142f9d8ae636 100644 --- a/stable/graylog/templates/udp-service.yaml +++ b/stable/graylog/templates/udp-service.yaml @@ -8,11 +8,7 @@ metadata: {{- end }} name: {{ template "graylog.fullname" . }}-udp labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} app.kubernetes.io/component: "UDP" spec: ports: diff --git a/stable/graylog/templates/web-service.yaml b/stable/graylog/templates/web-service.yaml index ee2958b5e9d9..ec1cbc72cbf4 100644 --- a/stable/graylog/templates/web-service.yaml +++ b/stable/graylog/templates/web-service.yaml @@ -7,11 +7,7 @@ metadata: {{- end }} name: {{ template "graylog.fullname" . }}-web labels: - app.kubernetes.io/name: {{ template "graylog.name" . }} - helm.sh/chart: {{ template "graylog.chart" . }} - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{ include "graylog.metadataLabels" . | indent 4 }} app.kubernetes.io/component: "web" spec: ports: From a09366729eb1ecad98d70df81030a28472cadd1a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 10 Feb 2020 08:37:53 +0100 Subject: [PATCH 051/304] [stable/ghost] Release 9.1.5 updating components versions (#20611) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/requirements.lock | 4 ++-- stable/ghost/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 0f82cb4c6e6c..b76b1c918704 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: ghost -version: 9.1.4 -appVersion: 3.4.0 +version: 9.1.5 +appVersion: 3.5.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/requirements.lock b/stable/ghost/requirements.lock index 6cc4829dd88e..b65ee5cbeb0d 100644 --- a/stable/ghost/requirements.lock +++ b/stable/ghost/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.7 digest: sha256:27bef733eb099a7377055cfe2c48e013bd4d55650ff18b50138c80488c812b0b -generated: 2020-01-29T06:22:52.921218702Z +generated: 2020-02-07T14:06:13.501419131Z diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 773269d6b674..4fce63e19e2f 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 3.4.0-debian-10-r0 + tag: 3.5.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From bc3f8730377d7cfd8e1ac8f3f58f599bb648f90a Mon Sep 17 00:00:00 2001 From: devOpsHelm <54980549+devOpsHelm@users.noreply.github.com> Date: Mon, 10 Feb 2020 11:37:53 +0300 Subject: [PATCH 052/304] Adapt for Hazelcast 4.0 (#94) (#20627) Signed-off-by: devOpsHelm --- stable/hazelcast/Chart.yaml | 8 ++++---- stable/hazelcast/templates/mancenter-statefulset.yaml | 6 ++++-- stable/hazelcast/templates/statefulset.yaml | 2 +- stable/hazelcast/values.yaml | 7 ++----- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/stable/hazelcast/Chart.yaml b/stable/hazelcast/Chart.yaml index d18dc802d0be..2f64405fed54 100644 --- a/stable/hazelcast/Chart.yaml +++ b/stable/hazelcast/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: hazelcast -version: 2.10.0 -appVersion: "3.12.4" +version: 3.0.0 +appVersion: "4.0" tillerVersion: ">=2.7.2" kubeVersion: ">=1.9.0-0" description: Hazelcast IMDG is the most widely used in-memory data grid with hundreds of thousands of installed clusters around the world. It offers caching solutions ensuring that data is in the right place when it’s needed for optimal performance. @@ -18,8 +18,8 @@ sources: maintainers: - name: leszko email: rafal@hazelcast.com -- name: googlielmo - email: guglielmo@hazelcast.com +- name: hasancelik + email: hasan@hazelcast.com - name: mesutcelik email: mesut@hazelcast.com engine: gotpl diff --git a/stable/hazelcast/templates/mancenter-statefulset.yaml b/stable/hazelcast/templates/mancenter-statefulset.yaml index 07d6a25d687a..3666f6aa17bb 100644 --- a/stable/hazelcast/templates/mancenter-statefulset.yaml +++ b/stable/hazelcast/templates/mancenter-statefulset.yaml @@ -62,7 +62,7 @@ spec: {{- if .Values.mancenter.livenessProbe.enabled }} livenessProbe: httpGet: - path: /hazelcast-mancenter/health + path: /health port: 8081 initialDelaySeconds: {{ .Values.mancenter.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.mancenter.livenessProbe.periodSeconds }} @@ -73,7 +73,7 @@ spec: {{- if .Values.mancenter.readinessProbe.enabled }} readinessProbe: httpGet: - path: /hazelcast-mancenter/health + path: /health port: 8081 initialDelaySeconds: {{ .Values.mancenter.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.mancenter.readinessProbe.periodSeconds }} @@ -94,6 +94,8 @@ spec: {{- else }} value: {{ .Values.mancenter.licenseKey }} {{- end }} + - name: MC_INIT_CMD + value: "./mc-conf.sh cluster add -H /data -cn {{ if index .Values "hazelcast" "yaml" "hazelcast" "cluster-name" }}{{ index .Values "hazelcast" "yaml" "hazelcast" "cluster-name" }}{{ else }}dev{{ end }} -ma {{ template "hazelcast.serviceName" . }}" - name: JAVA_OPTS value: "{{ if or .Values.mancenter.licenseKey .Values.mancenter.licenseKeySecretName }}-Dhazelcast.mc.license=$(MC_LICENSE_KEY){{ end }} {{ if or .Values.mancenter.readinessProbe.enabled .Values.mancenter.livenessProbe.enabled }}-Dhazelcast.mc.healthCheck.enable=true{{ end }} {{ .Values.mancenter.javaOpts }}" {{- if .Values.securityContext.enabled }} diff --git a/stable/hazelcast/templates/statefulset.yaml b/stable/hazelcast/templates/statefulset.yaml index 044da5734daa..2516ae2c31cc 100644 --- a/stable/hazelcast/templates/statefulset.yaml +++ b/stable/hazelcast/templates/statefulset.yaml @@ -105,7 +105,7 @@ spec: value: "{{ .Values.metrics.service.port }}" {{- end }} - name: JAVA_OPTS - value: "-Dhazelcast.config=/data/hazelcast/hazelcast.yaml -DserviceName={{ template "hazelcast.serviceName" . }} -Dnamespace={{ .Release.Namespace }} -Dhazelcast.mancenter.enabled={{ .Values.mancenter.enabled }} -Dhazelcast.mancenter.url=http://{{ template "mancenter.fullname" . }}:{{ .Values.mancenter.service.port }}/hazelcast-mancenter {{ if .Values.gracefulShutdown.enabled }}-Dhazelcast.shutdownhook.policy=GRACEFUL -Dhazelcast.shutdownhook.enabled=true -Dhazelcast.graceful.shutdown.max.wait={{ .Values.gracefulShutdown.maxWaitSeconds }} {{ end }} {{ if .Values.metrics.enabled }}-Dhazelcast.jmx=true{{ end }} {{ .Values.hazelcast.javaOpts }}" + value: "-Dhazelcast.config=/data/hazelcast/hazelcast.yaml -DserviceName={{ template "hazelcast.serviceName" . }} -Dnamespace={{ .Release.Namespace }} {{ if .Values.gracefulShutdown.enabled }}-Dhazelcast.shutdownhook.policy=GRACEFUL -Dhazelcast.shutdownhook.enabled=true -Dhazelcast.graceful.shutdown.max.wait={{ .Values.gracefulShutdown.maxWaitSeconds }} {{ end }} {{ if .Values.metrics.enabled }}-Dhazelcast.jmx=true{{ end }} {{ .Values.hazelcast.javaOpts }}" {{- if .Values.hazelcast.loggingLevel }} - name: LOGGING_LEVEL value: {{ .Values.hazelcast.loggingLevel }} diff --git a/stable/hazelcast/values.yaml b/stable/hazelcast/values.yaml index c6d68e535fb4..a56d68096363 100644 --- a/stable/hazelcast/values.yaml +++ b/stable/hazelcast/values.yaml @@ -5,7 +5,7 @@ image: # repository is the Hazelcast image name repository: "hazelcast/hazelcast" # tag is the Hazelcast image tag - tag: "3.12.5" + tag: "4.0" # pullPolicy is the Docker image pull policy # It's recommended to change this to 'Always' if the image tag is 'latest' # ref: http://kubernetes.io/docs/user-guide/images/#updating-images @@ -48,9 +48,6 @@ hazelcast: endpoint-groups: HEALTH_CHECK: enabled: true - management-center: - enabled: ${hazelcast.mancenter.enabled} - url: ${hazelcast.mancenter.url} # configurationFiles are any additional Hazelcast configuration files # configurationFiles: @@ -200,7 +197,7 @@ mancenter: # repository is the Hazelcast Management Center image name repository: "hazelcast/management-center" # tag is the Hazelcast Management Center image tag - tag: "3.12.6" + tag: "4.0" # pullPolicy is the Docker image pull policy # It's recommended to change this to 'Always' if the image tag is 'latest' # ref: http://kubernetes.io/docs/user-guide/images/#updating-images From 2053ca44331b54888f4189cd210994ac1c8dda9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 13:17:53 +0100 Subject: [PATCH 053/304] [stable/parse] Replace stretch by buster in minideb secondary containers (#20637) Signed-off-by: Carlos Rodriguez Hernandez --- stable/parse/Chart.yaml | 2 +- stable/parse/README.md | 2 +- stable/parse/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index d9131cee8c06..6394757eb014 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: parse -version: 10.3.3 +version: 10.3.4 appVersion: 3.10.0 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: diff --git a/stable/parse/README.md b/stable/parse/README.md index d703b23e6674..fd223ed2e587 100644 --- a/stable/parse/README.md +++ b/stable/parse/README.md @@ -57,7 +57,7 @@ The following table lists the configurable parameters of the Parse chart and the | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.resources` | Init container resource requests/limit | `nil` | | `service.type` | Kubernetes Service type | `LoadBalancer` | diff --git a/stable/parse/values.yaml b/stable/parse/values.yaml index 60e0245257c6..050018769fd7 100644 --- a/stable/parse/values.yaml +++ b/stable/parse/values.yaml @@ -24,7 +24,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From c93b8356bf77e1d55dd29061346753b4e209bd69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 13:39:53 +0100 Subject: [PATCH 054/304] [stable/mongodb] Replace stretch by buster in minideb secondary containers (#20632) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 2 +- stable/mongodb/values-production.yaml | 2 +- stable/mongodb/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 64a4884326fa..81af84feb476 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mongodb -version: 7.8.2 +version: 7.8.3 appVersion: 4.2.3 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 60ae1c6a0053..adb40ef208e6 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -63,7 +63,7 @@ The following table lists the configurable parameters of the MongoDB chart and t | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.resources` | Init container resource requests/limit | `nil` | | `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index 6bc9e621bb2b..0f876a6edb5c 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -54,7 +54,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 1d15f9c56592..1b9091a02cfa 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -51,7 +51,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From fd8165118b2baa0a3d860dca6e691d4504b92d77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 13:40:01 +0100 Subject: [PATCH 055/304] [stable/mariadb] Replace stretch by buster in minideb secondary containers (#20633) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 2 +- stable/mariadb/values-production.yaml | 2 +- stable/mariadb/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 38c4456a2f37..07ec7bc2f599 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mariadb -version: 7.3.7 +version: 7.3.8 appVersion: 10.3.22 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index e40b3a4dd628..cecc4d9cf040 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -64,7 +64,7 @@ The following table lists the configurable parameters of the MariaDB chart and t | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.resources` | Init container resource requests/limit | `nil` | | `service.type` | Kubernetes service type | `ClusterIP` | diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index df9da5b0880b..459586646e97 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -53,7 +53,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 30375f202a89..3cb9508bf7f8 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -53,7 +53,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 3c0aa42c599f1457affa62f730bd1feb57404001 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 13:40:10 +0100 Subject: [PATCH 056/304] [stable/rabbitmq] Replace stretch by buster in minideb secondary containers (#20635) Signed-off-by: Carlos Rodriguez Hernandez --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 2 +- stable/rabbitmq/values-production.yaml | 2 +- stable/rabbitmq/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index b84a1a0405e7..c61b31c1930b 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.17.0 +version: 6.17.1 appVersion: 3.8.2 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 03058c4548b8..5ec13992b92c 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -178,7 +178,7 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.resources` | Init container resource requests/limit | `nil` | | `forceBoot.enabled` | Executes 'rabbitmqctl force_boot' to force boot cluster shut down unexpectedly in an unknown order. Use it only if you prefer availability over integrity. | `false` | diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index 24d53fbeb86f..f8ea16c32e37 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -542,7 +542,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index a64373a9d958..86ce969e2e9a 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -523,7 +523,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 54e76199a475a38f0c959d5d2aef38e3f66dbdb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 13:40:17 +0100 Subject: [PATCH 057/304] [stable/postgresql] Replace stretch by buster in minideb secondary containers (#20636) Signed-off-by: Carlos Rodriguez Hernandez --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 2 +- stable/postgresql/values-production.yaml | 2 +- stable/postgresql/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index c7c3ed40ece5..26a96eed7c05 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.3.0 +version: 8.3.1 appVersion: 11.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index c59862abbdd5..12857255bad2 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -68,7 +68,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | | `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 04251126b63b..e9690b279ed1 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -50,7 +50,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 8843d31cff7f..672c041261fb 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -50,7 +50,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 72d2d447c15433ad47b8e830ffe41f1e7a2643b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 13:59:53 +0100 Subject: [PATCH 058/304] [stable/redis] Replace stretch by buster in minideb secondary containers (#20634) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 4 ++-- stable/redis/values-production.yaml | 4 ++-- stable/redis/values.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 5ab759731116..8bfaaec5b7f0 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.4.1 +version: 10.4.2 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index a36b9fce6f1c..448d46dcb56f 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -155,7 +155,7 @@ The following table lists the configurable parameters of the Redis chart and the | `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.resources ` | Init container volume-permissions CPU/Memory resource requests/limits | {} | | `slave.service.type` | Kubernetes Service type (redis slave) | `ClusterIP` | @@ -237,7 +237,7 @@ The following table lists the configurable parameters of the Redis chart and the | `sysctlImage.command` | sysctlImage command to execute | [] | | `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | | `sysctlImage.repository` | sysctlImage Init container name | `bitnami/minideb` | -| `sysctlImage.tag` | sysctlImage Init container tag | `stretch` | +| `sysctlImage.tag` | sysctlImage Init container tag | `buster` | | `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` | | `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | | `sysctlImage.resources` | sysctlImage Init container CPU/Memory resource requests/limits | {} | diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index 7e99f5fdebcf..97f3ccb732ec 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -568,7 +568,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -598,7 +598,7 @@ sysctlImage: command: [] registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index 5ef8218ee12a..e6926f5d8d08 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -569,7 +569,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -599,7 +599,7 @@ sysctlImage: command: [] registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From a14414ee497ef85f758b60b247216d30064e7039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 10 Feb 2020 14:51:53 +0100 Subject: [PATCH 059/304] [stable/ghost] Replace stretch by buster in minideb secondary containers (#20631) Signed-off-by: Carlos Rodriguez Hernandez --- stable/ghost/Chart.yaml | 2 +- stable/ghost/README.md | 2 +- stable/ghost/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index b76b1c918704..64b9ed2ec983 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: ghost -version: 9.1.5 +version: 9.1.6 appVersion: 3.5.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: diff --git a/stable/ghost/README.md b/stable/ghost/README.md index 23476df3a50a..954367be5f6f 100644 --- a/stable/ghost/README.md +++ b/stable/ghost/README.md @@ -63,7 +63,7 @@ The following table lists the configurable parameters of the Ghost chart and the | `fullnameOverride` | String to fully override ghost.fullname template with a string | `nil` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository`| Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | `volumePermissions.image.pullPolicy`| Init container volume-permissions image pull policy | `Always` | | `ghostHost` | Ghost host to create application URLs | `nil` | | `ghostPort` | Ghost port to use in application URLs (defaults to `service.port` if `nil`) | `nil` | diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 4fce63e19e2f..c552db2b2339 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -42,7 +42,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 58228fff734b092204803209d8cae115d96f2f7f Mon Sep 17 00:00:00 2001 From: Yinan Li Date: Mon, 10 Feb 2020 09:45:54 -0800 Subject: [PATCH 060/304] [incubator/sparkoperator] Upgraded the operator version (#20641) Signed-off-by: Yinan Li --- incubator/sparkoperator/Chart.yaml | 4 ++-- incubator/sparkoperator/README.md | 2 +- incubator/sparkoperator/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index 1928f0355f48..f1a51d1fc911 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.6.3 -appVersion: v1beta2-1.0.1-2.4.4 +version: 0.6.4 +appVersion: v1beta2-1.1.0-2.4.5 keywords: - spark home: https://github.com/GoogleCloudPlatform/spark-on-k8s-operator diff --git a/incubator/sparkoperator/README.md b/incubator/sparkoperator/README.md index 156679c44f6a..457a6d1adc21 100644 --- a/incubator/sparkoperator/README.md +++ b/incubator/sparkoperator/README.md @@ -43,7 +43,7 @@ The following table lists the configurable parameters of the Spark operator char | Parameter | Description | Default | | ------------------------- | ------------------------------------------------------------ | -------------------------------------- | | `operatorImageName` | The name of the operator image | `gcr.io/spark-operator/spark-operator` | -| `operatorVersion` | The version of the operator to install | `v1beta2-1.0.1-2.4.4` | +| `operatorVersion` | The version of the operator to install | `v1beta2-1.1.0-2.4.5` | | `imagePullPolicy` | Docker image pull policy | `IfNotPresent` | | `imagePullSecrets` | Docker image pull secrets | | | `replicas` | The number of replicas of the operator Deployment | 1 | diff --git a/incubator/sparkoperator/values.yaml b/incubator/sparkoperator/values.yaml index 6147a06983ec..0879fcc2d613 100644 --- a/incubator/sparkoperator/values.yaml +++ b/incubator/sparkoperator/values.yaml @@ -1,5 +1,5 @@ operatorImageName: gcr.io/spark-operator/spark-operator -operatorVersion: v1beta2-1.0.1-2.4.4 +operatorVersion: v1beta2-1.1.0-2.4.5 imagePullPolicy: IfNotPresent imagePullSecrets: [] replicas: 1 From 11e8894f4b2f2125d8e8fd0c3e3c0858c8727fd9 Mon Sep 17 00:00:00 2001 From: leonklingele Date: Mon, 10 Feb 2020 20:23:53 +0100 Subject: [PATCH 061/304] [stable/nginx-ingress] Fix typo in description of "sessionAffinity" (#20615) * [stable/nginx-ingress] Fix typo in description of "sessionAffinity" Kubernetes only supports "ClientIP" and "None" as a value for "sessionAffinity" spec.sessionAffinity: Unsupported value: "ClusterIP": supported values: "ClientIP", "None" Signed-off-by: Leon Klingele * [stable/nginx-ingress] Bump version Signed-off-by: Leon Klingele --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 7d570226bea7..4cfe42148c68 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.30.0 +version: 1.30.1 appVersion: 0.28.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 1360a442e90e..dd8b3881e57a 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -254,7 +254,7 @@ controller: ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer externalTrafficPolicy: "" - # Must be either "None" or "ClusterIP" if set. Kubernetes will default to "None". + # Must be either "None" or "ClientIP" if set. Kubernetes will default to "None". # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies sessionAffinity: "" From 3fe2b4fe078ae49837a7c8e7f0b1dc7317ad1864 Mon Sep 17 00:00:00 2001 From: Ryan Kuo <8740013+taroface@users.noreply.github.com> Date: Mon, 10 Feb 2020 16:25:53 -0500 Subject: [PATCH 062/304] [stable/cockroachdb]: correct and update README (#20201) * Correct and update README Signed-off-by: taroface * update chart version Signed-off-by: taroface * incorporate reviewer feedback Signed-off-by: taroface --- stable/cockroachdb/Chart.yaml | 2 +- stable/cockroachdb/README.md | 118 ++++++++++++++++++---------------- 2 files changed, 62 insertions(+), 58 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index eac9e22f83ab..cce8e0ceea57 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: cockroachdb home: https://www.cockroachlabs.com -version: 3.0.4 +version: 3.0.5 appVersion: 19.2.3 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index f3ec78dedea3..330ffb774f15 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -5,10 +5,10 @@ ## Documentation -Below is a brief overview of operating the CockroachDB Helm Chart and some specific implementation details. For additional information, please see: -> https://www.cockroachlabs.com/docs/stable/orchestrate-cockroachdb-with-kubernetes-insecure.html - +Below is a brief overview of operating the CockroachDB Helm Chart and some specific implementation details. For additional information on deploying CockroachDB, please see: +> https://www.cockroachlabs.com/docs/stable/orchestrate-cockroachdb-with-kubernetes.html +Note that the documentation requires Helm 3.0 or higher. ## Prerequisites Details @@ -48,12 +48,21 @@ This chart will do the following: To install the chart with the release name `my-release`: ```shell -helm install --name my-release stable/cockroachdb +helm install my-release stable/cockroachdb ``` -Note that for a production cluster, you are very likely to want to modify the `storage.persistentVolume.size` and `storage.persistentVolume.storageClass` parameters. This chart defaults to `100 GiB` of disk space per Pod, but you may want more or less depending on your use case, and the default PersistentVolume `storageClass` in your environment may not be what you want for a database (e.g. on GCE and Azure the default is not SSD). +Note that for a production cluster, you will likely want to override the following parameters in [`values.yaml`](values.yaml) with your own values. + +- `statefulset.resources.requests.memory` and `statefulset.resources.limits.memory` allocate memory resources to CockroachDB pods in your cluster. +- `conf.cache` and `conf.max-sql-memory` are memory limits that we recommend setting to 1/4 of the above resource allocation. When running CockroachDB, you must set these limits explicitly to avoid running out of memory. +- `storage.persistentVolume.size` defaults to `100Gi` of disk space per pod, which you may increase or decrease for your use case. +- `storage.persistentVolume.storageClass` uses the default storage class for your environment. We strongly recommend that you specify a storage class which uses an SSD. +- `tls.enabled` must be set to `yes`/`true` to deploy in secure mode. -If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`) and `tls.certs.provided` is set to `no`/`false`, then you will have to manually approve the cluster's security certificates as the Pods are created. You can see the pending CSRs (certificate-signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each Node (e.g. `default.node.eerie-horse-cockroachdb-0` and one client certificate for the Job that initializes the cluster (e.g. `default.node.root`). +For more information on overriding the `values.yaml` parameters, please see: +> https://www.cockroachlabs.com/docs/stable/orchestrate-cockroachdb-with-kubernetes.html#step-2-start-cockroachdb + +If you are running in secure mode (with configuration parameter `tls.enabled` set to `yes`/`true`) and `tls.certs.provided` set to `no`/`false`), then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). When `tls.certs.provided` is set to `yes`/`true`, this chart will use certificates created outside of Kubernetes. You may want to use this if you want to use a different certificate authority from the one being used by Kubernetes or if your Kubernetes cluster doesn't fully support certificate-signing requests. To use this, first set up your certificates and load them into your Kubernetes cluster as Secrets using the commands below: ``` @@ -68,21 +77,23 @@ kubectl create secret generic cockroachdb-node --from-file=certs Set `tls.certs.tlsSecret` to `yes/true` if you make use of [cert-manager][3] in your cluster. -[cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named +[cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named: * `ca.crt` * `tls.crt` * `tls.key` -On the other hand cockroachdb also demands dedicated certificate filenames: +On the other hand, CockroachDB also demands dedicated certificate filenames: * `ca.crt` * `node.crt` * `node.key` * `client.root.crt` * `client.root.key` -By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according cockroachdb filenames. +By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according CockroachDB filenames. + +If you are running in secure mode, then you will have to manually approve the cluster's security certificates as the pods are created. You can see the pending CSRs (certificate signing requests) by running `kubectl get csr`, and approve them by running `kubectl certificate approve `. You'll have to approve one certificate for each CockroachDB node (e.g., `default.node.my-release-cockroachdb-0` and one client certificate for the job that initializes the cluster (e.g., `default.node.root`). -Confirm that all Pods are `Running` successfully and init has been completed: +Confirm that all pods are `Running` successfully and init has been completed: ```shell kubectl get pods ``` @@ -94,9 +105,9 @@ my-release-cockroachdb-2 1/1 Running 0 1m my-release-cockroachdb-init-k6jcr 0/1 Completed 0 1m ``` -Confirm that PersistentVolumes are created and claimed for each Pod: +Confirm that persistent volumes are created and claimed for each pod: ```shell -kubectl get persistentvolumes +kubectl get pv ``` ``` NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE @@ -108,12 +119,12 @@ pvc-649d920d-f3f0-11e8-ab5b-42010a8e0035 100Gi RWO Delete -## Upgrading +## Upgrading the cluster -### From 3.0.0 on +### Chart version 3.0.0 and after -Launch a temporary interactive Pod and start the built-in SQL client: +Launch a temporary interactive pod and start the built-in SQL client: ```shell kubectl run cockroachdb --rm -it \ --image=cockroachdb/cockroach \ @@ -121,17 +132,19 @@ kubectl run cockroachdb --rm -it \ -- sql --insecure --host=my-release-cockroachdb-public ``` -Set the `cluster.preserve_downgrade_option` cluster setting, where `$current_version` is the version of CockroachDB currently running (e.g. `2.1`): +> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. + +Set `cluster.preserve_downgrade_option`, where `$current_version` is the CockroachDB version currently running (e.g., `19.2`): ```sql > SET CLUSTER SETTING cluster.preserve_downgrade_option = '$current_version'; ``` -Exit the shell and delete the temp Pod: +Exit the shell and delete the temporary pod: ```sql > \q ``` -Kick off the upgrade process by changing to the new Docker image, where `$new_version` is the version being upgraded to: +Kick off the upgrade process by changing the new Docker image, where `$new_version` is the CockroachDB version to which you are upgrading: ```shell kubectl delete job my-release-cockroachdb-init ``` @@ -141,7 +154,7 @@ helm upgrade my-release stable/cockroachdb \ --reuse-values ``` -Monitor the cluster's Pods until all have been successfully restarted: +Kubernetes will carry out a safe [rolling upgrade](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) of your CockroachDB nodes one-by-one. Monitor the cluster's pods until all have been successfully restarted: ```shell kubectl get pods ``` @@ -164,7 +177,7 @@ my-release-cockroachdb-2 cockroachdb/cockroach:v19.2.3 my-release-cockroachdb-3 cockroachdb/cockroach:v19.2.3 ``` -Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post upgrade, finalize it by running the following: +Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: ```shell kubectl run cockroachdb --rm -it \ --image=cockroachdb/cockroach \ @@ -176,24 +189,11 @@ kubectl run cockroachdb --rm -it \ > \q ``` +### Chart versions prior to 3.0.0 -### To 2.0.0 - -Due to having no explicit selector set for the StatefulSet before version 2.0.0 of this chart, upgrading from any version that uses a version of Kubernetes that locks the selector labels to any other version is impossible without deleting the StatefulSet. Luckily there is a way to do it without actually deleting all the resources managed by the StatefulSet. Use the workaround below to upgrade from charts versions previous to 2.0.0: -```shell -kubectl delete statefulset my-release-cockroachdb --cascade=false -``` - -Verify that no Pod is deleted and then upgrade as normal. A new StatefulSet will be created taking over the management of the existing Pods upgrading them if needed. - -For more information about the upgrading bug see https://github.com/helm/charts/issues/7680. - +Due to a change in the label format in version 3.0.0 of this chart, upgrading requires that you delete the StatefulSet. Luckily there is a way to do it without actually deleting all the resources managed by the StatefulSet. Use the workaround below to upgrade from charts versions previous to 3.0.0: -### To 3.0.0 - -Due changing in labels format in 3.0.0 version of this chart, upgrading requires deleting the StatefulSet. Luckily there is a way to do it without actually deleting all the resources managed by the StatefulSet. Use the workaround below to upgrade from charts versions previous to 3.0.0: - -Get the new labels from specs rendered by Helm: +Get the new labels from the specs rendered by Helm: ```shell helm template -f deploy.vals.yml stable/cockroachdb -x templates/statefulset.yaml \ | yq r - spec.template.metadata.labels @@ -204,7 +204,7 @@ app.kubernetes.io/instance: my-release app.kubernetes.io/component: cockroachdb ``` -Place the new labels to all Pods of the StatefulSet (change `my-release-cockroachdb-0` with each Pod's name): +Place the new labels on all pods of the StatefulSet (change `my-release-cockroachdb-0` to the name of each pod): ```shell kubectl label pods my-release-cockroachdb-0 \ app.kubernetes.io/name=cockroachdb \ @@ -212,12 +212,12 @@ app.kubernetes.io/instance=my-release \ app.kubernetes.io/component=cockroachdb ``` -Delete the StatefulSet without deleting Pods: +Delete the StatefulSet without deleting pods: ```shell kubectl delete statefulset my-release-cockroachdb --cascade=false ``` -Verify that no Pod is deleted and then upgrade as normal. A new StatefulSet will be created taking over the management of the existing Pods upgrading them if needed. +Verify that no pod is deleted and then upgrade as normal. A new StatefulSet will be created, taking over the management of the existing pods and upgrading them if needed. @@ -225,7 +225,7 @@ Verify that no Pod is deleted and then upgrade as normal. A new StatefulSet will ## Configuration The following table lists the configurable parameters of the CockroachDB chart and their default values. -For details see the `values.yml` file. +For details see the [`values.yaml`](values.yaml) file. | Parameter | Description | Default | | --------- | ----------- | ------- | @@ -302,11 +302,11 @@ For details see the `values.yml` file. | `networkPolicy.ingress.grpc` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | | `networkPolicy.ingress.http` | Whitelist resources to access gRPC port of CockroachDB's Pods | `[]` | -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. +Override the default parameters using the `--set key=value[,key=value]` argument to `helm install`. -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: +Alternatively, a YAML file that specifies custom values for the parameters can be provided while installing the chart. For example: ```shell -helm install --name my-release -f values.yaml stable/cockroachdb +helm install my-release -f my-values.yaml stable/cockroachdb ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -319,7 +319,7 @@ helm install --name my-release -f values.yaml stable/cockroachdb ### Connecting to the CockroachDB cluster -Once you've created the cluster, you can start talking to it by connecting to its `-public` Service. CockroachDB is PostgreSQL wire protocol compatible, so there's a [wide variety of supported clients](https://www.cockroachlabs.com/docs/install-client-drivers.html). For the sake of example, we'll open up a SQL shell using CockroachDB's built-in shell and play around with it a bit, like this (likely needing to replace `my-release-cockroachdb-public` with the name of the `-public` Service that was created with your installed chart): +Once you've created the cluster, you can start talking to it by connecting to its `-public` Service. CockroachDB is PostgreSQL wire protocol compatible, so there's a [wide variety of supported clients](https://www.cockroachlabs.com/docs/install-client-drivers.html). As an example, we'll open up a SQL shell using CockroachDB's built-in shell and play around with it a bit, like this (likely needing to replace `my-release-cockroachdb-public` with the name of the `-public` Service that was created with your installed chart): ```shell kubectl run cockroach-client --rm -it \ --image=cockroachdb/cockroach \ @@ -359,30 +359,29 @@ Waiting for pod default/cockroach-client to terminate, status is Running pod "cockroach-client" deleted ``` -If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. +> If you are running in secure mode, you will have to provide a client certificate to the cluster in order to authenticate, so the above command will not work. See [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/client-secure.yaml) for an example of how to set up an interactive SQL shell against a secure cluster or [here](https://github.com/cockroachdb/cockroach/blob/master/cloud/kubernetes/example-app-secure.yaml) for an example application connecting to a secure cluster. ### Cluster health -Because our Pod spec includes regular health checks of the CockroachDB processes, simply running `kubectl get pods` and looking at the `STATUS` column is sufficient to determine the health of each instance in the cluster. +Because our pod spec includes regular health checks of the CockroachDB processes, simply running `kubectl get pods` and looking at the `STATUS` column is sufficient to determine the health of each instance in the cluster. -If you want more detailed information about the cluster, the best place to look is the admin UI. +If you want more detailed information about the cluster, the best place to look is the Admin UI. -### Accessing the admin UI +### Accessing the Admin UI -If you want to see information about how the cluster is doing, you can try pulling up the CockroachDB admin UI by port-forwarding from your local machine to one of the Pods (replacing `my-release-cockroachdb-0` with one of your Pods' -names): +If you want to see information about how the cluster is doing, you can try pulling up the CockroachDB Admin UI by port-forwarding from your local machine to one of the pods (replacing `my-release-cockroachdb-0` with the name of one of your pods: ```shell kubectl port-forward my-release-cockroachdb-0 8080 ``` -Once you’ve done that, you should be able to access the admin UI by visiting http://localhost:8080/ in your web browser. +You should then be able to access the Admin UI by visiting http://localhost:8080/ in your web browser. ### Failover -If any CockroachDB member fails it gets restarted or recreated automatically by the Kubernetes infrastructure, and will re-join the cluster automatically when it comes back up. You can test this scenario by killing any of the Pods: +If any CockroachDB member fails, it is restarted or recreated automatically by the Kubernetes infrastructure, and will re-join the cluster automatically when it comes back up. You can test this scenario by killing any of the CockroachDB pods: ```shell kubectl delete pod my-release-cockroachdb-1 ``` @@ -406,7 +405,7 @@ my-release-cockroachdb-1 1/1 Running 0 20s my-release-cockroachdb-2 1/1 Running 0 5m ``` -You can check state of re-joining from the new Pod's logs: +You can check the state of re-joining from the new pod's logs: ```shell kubectl logs my-release-cockroachdb-1 ``` @@ -433,19 +432,24 @@ nodeID: 2 To enable NetworkPolicy for CockroachDB, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `yes`/`true`. -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the `DefaultDeny` Namespace annotation. Note: this will enforce policy for _all_ Pods in the Namespace: +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the `DefaultDeny` Namespace annotation. Note: this will enforce policy for _all_ pods in the Namespace: ```shell kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" ``` -For more precise policy, set `networkPolicy.ingress.grpc` and `networkPolicy.ingress.http` rules. This will only allow Pods which match the provided rules to connect to CockroachDB. +For more precise policy, set `networkPolicy.ingress.grpc` and `networkPolicy.ingress.http` rules. This will only allow pods that match the provided rules to connect to CockroachDB. ### Scaling -Scaling should typically be managed via the `helm upgrade` command, but StatefulSets don't yet work with `helm upgrade`. In the meantime until `helm upgrade` works, if you want to change the number of replicas, you can use the `kubectl scale` as shown below: +Scaling should be managed via the `helm upgrade` command. After resizing your cluster on your cloud environment (e.g., GKE or EKS), run the following command to add a pod. This assumes you scaled from 3 to 4 nodes: + ```shell -kubectl scale statefulset my-release-cockroachdb --replicas=4 +helm upgrade \ +my-release \ +stable/cockroachdb \ +--set statefulset.replicas=4 \ +--reuse-values ``` Note, that if you are running in secure mode (`tls.enabled` is `yes`/`true`) and increase the size of your cluster, you will also have to approve the CSR (certificate-signing request) of each new node (using `kubectl get csr` and `kubectl certificate approve`). From e145e35f953dc4d2a16054c3a74e05ec842940d2 Mon Sep 17 00:00:00 2001 From: LuluGO Date: Tue, 11 Feb 2020 04:14:02 -0300 Subject: [PATCH 063/304] stable/rocket.chat upgrade version to 2.4.9 (#20616) * update rocketchat release Signed-off-by: LuluGO * fix version Signed-off-by: LuluGO * fix readme, version Signed-off-by: LuluGO * update to 2.4.9 version Signed-off-by: LuluGO --- stable/rocketchat/Chart.yaml | 4 ++-- stable/rocketchat/README.md | 2 +- stable/rocketchat/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/rocketchat/Chart.yaml b/stable/rocketchat/Chart.yaml index f3de4efa4668..93de9ca13aaf 100644 --- a/stable/rocketchat/Chart.yaml +++ b/stable/rocketchat/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: rocketchat -version: 2.0.0 -appVersion: 2.1.1 +version: 2.0.1 +appVersion: 2.4.9 description: Prepare to take off with the ultimate chat platform, experience the next level of team communications keywords: - chat diff --git a/stable/rocketchat/README.md b/stable/rocketchat/README.md index de7060b2c665..ecf4cf5ea27b 100644 --- a/stable/rocketchat/README.md +++ b/stable/rocketchat/README.md @@ -44,7 +44,7 @@ The following table lists the configurable parameters of the Rocket.Chat chart a Parameter | Description | Default --- | --- | --- `image.repository` | Image repository | `docker.io/rocketchat/rocket.chat` -`image.tag` | Image tag | `1.3.1` +`image.tag` | Image tag | `2.4.9` `image.pullPolicy` | Image pull policy | `IfNotPresent` `host` | Hostname for Rocket.Chat. Also used for ingress (if enabled) | `""` `replicaCount` | Number of replicas to run | `1` diff --git a/stable/rocketchat/values.yaml b/stable/rocketchat/values.yaml index d0eaef33450e..77f0b936d1c9 100644 --- a/stable/rocketchat/values.yaml +++ b/stable/rocketchat/values.yaml @@ -3,7 +3,7 @@ ## image: repository: docker.io/rocketchat/rocket.chat - tag: 2.1.1 + tag: 2.4.9 pullPolicy: IfNotPresent ## Host for the application From 0443c991d7dbed7c7fb7d065853f79285297564b Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Tue, 11 Feb 2020 12:52:01 +0530 Subject: [PATCH 064/304] [stable/nats] fix service templates for setting `loadBalancerIP` (#20651) Signed-off-by: Sameer Naik --- stable/nats/Chart.yaml | 2 +- stable/nats/templates/client-svc.yaml | 2 +- stable/nats/templates/cluster-svc.yaml | 2 +- stable/nats/templates/monitoring-svc.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index e72a2c1e6735..dc3515648d1b 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nats -version: 4.2.12 +version: 4.2.13 appVersion: 2.1.4 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/templates/client-svc.yaml b/stable/nats/templates/client-svc.yaml index aacab44ca7a2..2da365f399af 100644 --- a/stable/nats/templates/client-svc.yaml +++ b/stable/nats/templates/client-svc.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} spec: type: {{ .Values.client.service.type }} - {{- if and (eq .Values.client.service.type "LoadBalancer") .Values.client.service.loadBalancerIP -}} + {{- if and (eq .Values.client.service.type "LoadBalancer") .Values.client.service.loadBalancerIP }} loadBalancerIP: {{ .Values.client.service.loadBalancerIP }} {{- end }} ports: diff --git a/stable/nats/templates/cluster-svc.yaml b/stable/nats/templates/cluster-svc.yaml index b48c79164b3c..d0981b98f952 100644 --- a/stable/nats/templates/cluster-svc.yaml +++ b/stable/nats/templates/cluster-svc.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} spec: type: {{ .Values.cluster.service.type }} - {{- if and (eq .Values.cluster.service.type "LoadBalancer") .Values.cluster.service.loadBalancerIP -}} + {{- if and (eq .Values.cluster.service.type "LoadBalancer") .Values.cluster.service.loadBalancerIP }} loadBalancerIP: {{ .Values.cluster.service.loadBalancerIP }} {{- end }} ports: diff --git a/stable/nats/templates/monitoring-svc.yaml b/stable/nats/templates/monitoring-svc.yaml index f8f40816eeff..6e5a9b80febd 100644 --- a/stable/nats/templates/monitoring-svc.yaml +++ b/stable/nats/templates/monitoring-svc.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} spec: type: {{ .Values.monitoring.service.type }} - {{- if and (eq .Values.monitoring.service.type "LoadBalancer") .Values.monitoring.service.loadBalancerIP -}} + {{- if and (eq .Values.monitoring.service.type "LoadBalancer") .Values.monitoring.service.loadBalancerIP }} loadBalancerIP: {{ .Values.monitoring.service.loadBalancerIP }} {{- end }} ports: From 8f30192e5dd7a57e54c211256702074325b8122b Mon Sep 17 00:00:00 2001 From: Sameer Naik Date: Tue, 11 Feb 2020 13:18:02 +0530 Subject: [PATCH 065/304] [stable/redis] fix service templates for setting `loadBalancerIP` (#20653) Signed-off-by: Sameer Naik --- stable/redis/Chart.yaml | 2 +- stable/redis/templates/metrics-svc.yaml | 2 +- stable/redis/templates/redis-with-sentinel-svc.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 8bfaaec5b7f0..574f3bba35f1 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.4.2 +version: 10.4.3 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/metrics-svc.yaml b/stable/redis/templates/metrics-svc.yaml index ef3972509f3e..74f6fa852941 100644 --- a/stable/redis/templates/metrics-svc.yaml +++ b/stable/redis/templates/metrics-svc.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} spec: type: {{ .Values.metrics.service.type }} - {{ if eq .Values.metrics.service.type "LoadBalancer" -}} {{ if .Values.metrics.service.loadBalancerIP -}} + {{ if eq .Values.metrics.service.type "LoadBalancer" -}} {{ if .Values.metrics.service.loadBalancerIP }} loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} {{ end -}} {{- end -}} diff --git a/stable/redis/templates/redis-with-sentinel-svc.yaml b/stable/redis/templates/redis-with-sentinel-svc.yaml index 984de21b2bf8..5017c222a234 100644 --- a/stable/redis/templates/redis-with-sentinel-svc.yaml +++ b/stable/redis/templates/redis-with-sentinel-svc.yaml @@ -17,7 +17,7 @@ metadata: {{- end }} spec: type: {{ .Values.sentinel.service.type }} - {{ if eq .Values.sentinel.service.type "LoadBalancer" -}} {{ if .Values.sentinel.service.loadBalancerIP -}} + {{ if eq .Values.sentinel.service.type "LoadBalancer" -}} {{ if .Values.sentinel.service.loadBalancerIP }} loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} {{ end -}} {{- end -}} From eec48c256999f0fa53ce0f2916f0a2265ef2b4d6 Mon Sep 17 00:00:00 2001 From: devKlausS Date: Tue, 11 Feb 2020 09:10:01 +0100 Subject: [PATCH 066/304] [stable/nats] Configure number of connect retries for implicit routes (#20642) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * made number of connect retries for implicit routes configurable Signed-off-by: Klaus Schäffer * fixed connectRetries location and added comment Signed-off-by: Klaus Schäffer * bumped version and set readme Signed-off-by: devKlausS Signed-off-by: Klaus Schäffer * removed trailing slash Signed-off-by: Klaus Schäffer * removed trailing slash Signed-off-by: Klaus Schäffer * Update stable/nats/Chart.yaml Co-Authored-By: Carlos Rodríguez Hernández Signed-off-by: Klaus Schäffer * removed empty line Signed-off-by: Klaus Schäffer Co-authored-by: Carlos Rodríguez Hernández --- stable/nats/Chart.yaml | 2 +- stable/nats/README.md | 1 + stable/nats/templates/configmap.yaml | 5 +++++ stable/nats/values-production.yaml | 4 ++++ stable/nats/values.yaml | 4 ++++ 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index dc3515648d1b..20a280cae923 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nats -version: 4.2.13 +version: 4.3.0 appVersion: 2.1.4 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/README.md b/stable/nats/README.md index cf9b49b15186..b8bb2818cbf1 100644 --- a/stable/nats/README.md +++ b/stable/nats/README.md @@ -108,6 +108,7 @@ The following table lists the configurable parameters of the NATS chart and thei | `cluster.service.nodePort` | Port to bind to for NodePort service type (NATS cluster) | `nil` | | `cluster.service.annotations` | Annotations for NATS cluster service | {} | | `cluster.service.loadBalancerIP` | loadBalancerIP if NATS cluster service type is `LoadBalancer` | `nil` | +| `cluster.connectRetries` | Configure number of connect retries for implicit routes | `nil` | | `monitoring.service.type` | Kubernetes Service type (NATS monitoring) | `ClusterIP` | | `monitoring.service.port` | NATS monitoring port | `8222` | | `monitoring.service.nodePort` | Port to bind to for NodePort service type (NATS monitoring) | `nil` | diff --git a/stable/nats/templates/configmap.yaml b/stable/nats/templates/configmap.yaml index 757a65462493..56715b3aea7e 100644 --- a/stable/nats/templates/configmap.yaml +++ b/stable/nats/templates/configmap.yaml @@ -81,4 +81,9 @@ data: nats://{{ template "nats.fullname" . }}-cluster:{{ .Values.cluster.service.port }} {{- end }} ] + + {{- if .Values.cluster.connectRetries }} + # Configure number of connect retries for implicit routes + connect_retries: {{ .Values.cluster.connectRetries }} + {{- end }} } diff --git a/stable/nats/values-production.yaml b/stable/nats/values-production.yaml index 2ed9c7e31686..fafa6ffd3490 100644 --- a/stable/nats/values-production.yaml +++ b/stable/nats/values-production.yaml @@ -200,6 +200,10 @@ client: ## ref: https://github.com/nats-io/gnatsd#clustering ## cluster: + ## Use connectRetries to configure number of connect retries for implicit routes, + ## otherwise leave blank + ## + # connectRetries: service: ## Kubernetes service type type: ClusterIP diff --git a/stable/nats/values.yaml b/stable/nats/values.yaml index 735cf64b4e68..113e9d4937a4 100644 --- a/stable/nats/values.yaml +++ b/stable/nats/values.yaml @@ -200,6 +200,10 @@ client: ## ref: https://github.com/nats-io/gnatsd#clustering ## cluster: + ## Use connectRetries to configure number of connect retries for implicit routes, + ## otherwise leave blank + ## + # connectRetries: service: ## Kubernetes service type type: ClusterIP From 98a9b16a47e5543a6842d47f6637eee88396c33f Mon Sep 17 00:00:00 2001 From: Jeff Thompson Date: Tue, 11 Feb 2020 22:06:01 +1300 Subject: [PATCH 067/304] Updated tags from v0.9.6 to v0.9.7 (#20654) Signed-off-by: Jeff Thompson --- stable/sealed-secrets/Chart.yaml | 4 ++-- stable/sealed-secrets/README.md | 2 +- stable/sealed-secrets/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index 00d3b18f1e54..6a41d0806315 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,7 +1,7 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.7.2 -appVersion: 0.9.6 +version: 1.7.3 +appVersion: 0.9.7 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets apiVersion: v1 diff --git a/stable/sealed-secrets/README.md b/stable/sealed-secrets/README.md index 6f1ca8ba38bb..852244ef2bbe 100644 --- a/stable/sealed-secrets/README.md +++ b/stable/sealed-secrets/README.md @@ -51,7 +51,7 @@ Read about kubeseal usage on [sealed-secrets docs](https://github.com/bitnami-la | **serviceAccount.create** | Whether to create a service account or not | `true` | | **serviceAccount.name** | The name of the service account to create or use | `"sealed-secrets-controller"` | | **secretName** | The name of the TLS secret containing the key used to encrypt secrets | `"sealed-secrets-key"` | -| **image.tag** | The `Sealed Secrets` image tag | `v0.9.6` | +| **image.tag** | The `Sealed Secrets` image tag | `v0.9.7` | | **image.pullPolicy** | The image pull policy for the deployment | `IfNotPresent` | | **image.repository** | The repository to get the controller image from | `quay.io/bitnami/sealed-secrets-controller` | | **resources** | CPU/Memory resource requests/limits | `{}` | diff --git a/stable/sealed-secrets/values.yaml b/stable/sealed-secrets/values.yaml index ab06eaec7ef2..ee6719bb9b34 100644 --- a/stable/sealed-secrets/values.yaml +++ b/stable/sealed-secrets/values.yaml @@ -1,6 +1,6 @@ image: repository: quay.io/bitnami/sealed-secrets-controller - tag: v0.9.6 + tag: v0.9.7 pullPolicy: IfNotPresent resources: {} From a44c2c467a9eb70ed2b1971b1edde7f1c86fe8ee Mon Sep 17 00:00:00 2001 From: Jeff Thompson Date: Tue, 11 Feb 2020 22:52:00 +1300 Subject: [PATCH 068/304] add securityContext.fsGroup to pod spec (#20655) Signed-off-by: Jeff Thompson --- stable/sealed-secrets/Chart.yaml | 2 +- stable/sealed-secrets/templates/deployment.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index 6a41d0806315..64b520accf8a 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,6 +1,6 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.7.3 +version: 1.7.4 appVersion: 0.9.7 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets diff --git a/stable/sealed-secrets/templates/deployment.yaml b/stable/sealed-secrets/templates/deployment.yaml index 9680174a13fe..7c0452c3b228 100644 --- a/stable/sealed-secrets/templates/deployment.yaml +++ b/stable/sealed-secrets/templates/deployment.yaml @@ -57,6 +57,8 @@ spec: runAsUser: {{ .Values.securityContext.runAsUser }} resources: {{ toYaml .Values.resources | indent 12 }} + securityContext: + fsGroup: 65534 volumes: - name: tmp emptyDir: {} From 5dab7040b792c890e57adab5d94a21732d1e0ea8 Mon Sep 17 00:00:00 2001 From: Andy Mardell Date: Tue, 11 Feb 2020 10:38:03 +0000 Subject: [PATCH 069/304] [stable/lamp] Add support for new deployment and ingress APIs in Kubernetes 1.16+ (#20657) * Add support for new deployment and ingress APIs in Kubernetes 1.16+ Signed-off-by: Andy Mardell * Removed an unwanted hyphen Signed-off-by: Andy Mardell --- stable/lamp/Chart.yaml | 2 +- stable/lamp/templates/deployment.yaml | 9 +++++++++ stable/lamp/templates/ingress-services.yaml | 4 ++++ stable/lamp/templates/ingress-www.yaml | 4 ++++ stable/lamp/templates/ingress.yaml | 4 ++++ 5 files changed, 22 insertions(+), 1 deletion(-) diff --git a/stable/lamp/Chart.yaml b/stable/lamp/Chart.yaml index a3f7f50111ca..4ef15759a1ce 100644 --- a/stable/lamp/Chart.yaml +++ b/stable/lamp/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Modular and transparent LAMP stack chart supporting PHP-FPM, Release Cloning, LoadBalancer, Ingress, SSL and lots more! name: lamp -version: 1.1.2 +version: 1.1.3 appVersion: 7 home: https://github.com/lead4good/helm-lamp-stack maintainers: diff --git a/stable/lamp/templates/deployment.yaml b/stable/lamp/templates/deployment.yaml index 35edcfa8a71a..f5bbb56f4123 100644 --- a/stable/lamp/templates/deployment.yaml +++ b/stable/lamp/templates/deployment.yaml @@ -1,4 +1,8 @@ +{{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: apps/v1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Deployment metadata: name: {{ template "lamp.fullname" . }} @@ -9,6 +13,11 @@ metadata: release: {{ .Release.Name }} spec: replicas: {{ .Values.replicaCount }} + {{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion}} + selector: + matchLabels: + app: {{ template "lamp.name" . }} + {{- end }} template: metadata: labels: diff --git a/stable/lamp/templates/ingress-services.yaml b/stable/lamp/templates/ingress-services.yaml index 44fd282e2ff7..8e889d33e70c 100644 --- a/stable/lamp/templates/ingress-services.yaml +++ b/stable/lamp/templates/ingress-services.yaml @@ -1,5 +1,9 @@ {{- if and .Values.ingress.enabled (or .Values.phpmyadmin.enabled .Values.webdav.enabled) }} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ template "lamp.fullname" . }}-service diff --git a/stable/lamp/templates/ingress-www.yaml b/stable/lamp/templates/ingress-www.yaml index eec343fbdc7f..f852985e3b26 100644 --- a/stable/lamp/templates/ingress-www.yaml +++ b/stable/lamp/templates/ingress-www.yaml @@ -1,5 +1,9 @@ {{- if and .Values.ingress.enabled .Values.ingress.subdomainWWW }} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ template "lamp.fullname" . }}-www diff --git a/stable/lamp/templates/ingress.yaml b/stable/lamp/templates/ingress.yaml index 7e222b590c0a..c8a6805fd7e1 100644 --- a/stable/lamp/templates/ingress.yaml +++ b/stable/lamp/templates/ingress.yaml @@ -1,5 +1,9 @@ {{- if .Values.ingress.enabled }} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ template "lamp.fullname" . }}-app From 42878e4e9c1ced33ba6a009bcb96046cbc77ee3e Mon Sep 17 00:00:00 2001 From: Daniel Arteaga Date: Tue, 11 Feb 2020 13:06:01 +0100 Subject: [PATCH 070/304] [stable/postgresql] add docs for existingSecret structure (#20599) * add docs for existingSecret structure Signed-off-by: darteaga * bump chart version Signed-off-by: darteaga --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 26a96eed7c05..f33ec4e2b827 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.3.1 +version: 8.3.2 appVersion: 11.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 12857255bad2..5141cb6606a3 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -93,7 +93,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | | `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | | `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-postgres-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. | `nil` | | `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) | _random 10 character alphanumeric string_ | | `postgresqlUsername` | PostgreSQL admin user | `postgres` | | `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | From 7e895e4b8faf681c5b5ccb75bcf39e8fb891bb8a Mon Sep 17 00:00:00 2001 From: rowanr Date: Tue, 11 Feb 2020 15:18:06 +0100 Subject: [PATCH 071/304] [stable/pgadmin] Server Definitions implementation (#20607) Server definitions will be loaded at launch time. This allows connection information to be pre-loaded into the instance of pgAdmin in the container. Signed-off-by: Rowan Ruseler --- stable/pgadmin/Chart.yaml | 2 +- stable/pgadmin/README.md | 2 ++ stable/pgadmin/templates/_helpers.tpl | 18 ++++++++++++++++++ stable/pgadmin/templates/deployment.yaml | 13 +++++++++++++ stable/pgadmin/templates/secrets.yaml | 3 +++ stable/pgadmin/values.yaml | 20 ++++++++++++++++++++ 6 files changed, 57 insertions(+), 1 deletion(-) diff --git a/stable/pgadmin/Chart.yaml b/stable/pgadmin/Chart.yaml index ab492c6fe16b..34fed2c17359 100644 --- a/stable/pgadmin/Chart.yaml +++ b/stable/pgadmin/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: pgAdmin is a web based administration tool for PostgreSQL database name: pgadmin -version: 1.1.4 +version: 1.1.5 appVersion: 4.18.0 home: https://www.pgadmin.org/ source: https://github.com/rowanruseler/pgadmin diff --git a/stable/pgadmin/README.md b/stable/pgadmin/README.md index c578d427b686..25ea15e3f8e3 100644 --- a/stable/pgadmin/README.md +++ b/stable/pgadmin/README.md @@ -47,6 +47,8 @@ The command removes nearly all the Kubernetes components associated with the cha | `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | | `service.port` | Service port | `80` | | `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` | +| `serverDefinitions.enabled` | Enables Server Definitions | `false` | +| `serverDefinitions.servers` | Pre-configured server parameters | `` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.hosts` | Ingress accepted hostnames | `nil` | diff --git a/stable/pgadmin/templates/_helpers.tpl b/stable/pgadmin/templates/_helpers.tpl index 75c60847219a..ed3ae385a0b0 100644 --- a/stable/pgadmin/templates/_helpers.tpl +++ b/stable/pgadmin/templates/_helpers.tpl @@ -43,3 +43,21 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} + +{{/* +Generate chart secret name +*/}} +{{- define "pgadmin.secretName" -}} +{{ default (include "pgadmin.fullname" .) .Values.existingSecret }} +{{- end -}} + +{{/* +Defines a JSON file containing server definitions. This allows connection information to be pre-loaded into the instance of pgAdmin in the container. Note that server definitions are only loaded on first launch, i.e. when the configuration database is created, and not on subsequent launches using the same configuration database. +*/}} +{{- define "pgadmin.serverDefinitions" -}} +{ + "Servers": { +{{ .Values.serverDefinitions.servers | indent 4 }} + } +} +{{- end -}} diff --git a/stable/pgadmin/templates/deployment.yaml b/stable/pgadmin/templates/deployment.yaml index a94af6f436a4..1042967b6d18 100644 --- a/stable/pgadmin/templates/deployment.yaml +++ b/stable/pgadmin/templates/deployment.yaml @@ -64,6 +64,11 @@ spec: volumeMounts: - name: pgadmin-data mountPath: /var/lib/pgadmin + {{- if .Values.serverDefinitions.enabled }} + - name: definitions + mountPath: /pgadmin4/servers.json + subPath: servers.json + {{- end }} resources: {{- .Values.resources | toYaml | nindent 12 }} volumes: @@ -74,6 +79,14 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- if .Values.serverDefinitions.enabled }} + - name: definitions + secret: + secretName: {{ template "pgadmin.secretName" . }} + items: + - key: servers.json + path: servers.json + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- .Values.iamgePullSecrets | toYaml | nindent 8 }} diff --git a/stable/pgadmin/templates/secrets.yaml b/stable/pgadmin/templates/secrets.yaml index 03b523149151..1a23574379f0 100644 --- a/stable/pgadmin/templates/secrets.yaml +++ b/stable/pgadmin/templates/secrets.yaml @@ -8,3 +8,6 @@ metadata: type: Opaque data: password: {{ default "SuperSecret" .Values.env.password | b64enc | quote }} +{{- if .Values.serverDefinitions.enabled }} + servers.json: {{ include "pgadmin.serverDefinitions" . | b64enc | quote }} +{{- end }} diff --git a/stable/pgadmin/values.yaml b/stable/pgadmin/values.yaml index ba33f61935c6..d4ead3f312a3 100644 --- a/stable/pgadmin/values.yaml +++ b/stable/pgadmin/values.yaml @@ -22,6 +22,26 @@ strategy: {} # maxSurge: 0 # maxUnavailable: 1 +## Server definitions will be loaded at launch time. This allows connection +## information to be pre-loaded into the instance of pgAdmin in the container. +## Ref: https://www.pgadmin.org/docs/pgadmin4/4.13/import_export_servers.html +## +serverDefinitions: + ## If true, server definitions will be created + ## + enabled: false + + servers: |- + # "1": { + # "Name": "Minimally Defined Server", + # "Group": "Servers", + # "Port": 5432, + # "Username": "postgres", + # "Host": "localhost", + # "SSLMode": "prefer", + # "MaintenanceDB": "postgres" + # } + ingress: ## If true, pgAdmin Ingress will be created ## From b8e863da6a0392ddb01186d6e22fbd3a228c08d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80lex=20P=C3=A9rez?= Date: Tue, 11 Feb 2020 16:16:01 +0100 Subject: [PATCH 072/304] Add possibility to set blackbox to daemonset (#19097) Signed-off-by: Alex Perez-Pujol --- .../prometheus-blackbox-exporter/Chart.yaml | 2 +- stable/prometheus-blackbox-exporter/README.md | 1 + .../ci/daemonset-values.yml | 1 + .../templates/daemonset.yaml | 122 ++++++++++++++++++ .../templates/deployment.yaml | 2 + .../prometheus-blackbox-exporter/values.yaml | 2 + 6 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 stable/prometheus-blackbox-exporter/ci/daemonset-values.yml create mode 100644 stable/prometheus-blackbox-exporter/templates/daemonset.yaml diff --git a/stable/prometheus-blackbox-exporter/Chart.yaml b/stable/prometheus-blackbox-exporter/Chart.yaml index fe7644245665..58138ca97966 100644 --- a/stable/prometheus-blackbox-exporter/Chart.yaml +++ b/stable/prometheus-blackbox-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Prometheus Blackbox Exporter name: prometheus-blackbox-exporter -version: 3.1.0 +version: 3.2.0 appVersion: 0.15.1 home: https://github.com/prometheus/blackbox_exporter sources: diff --git a/stable/prometheus-blackbox-exporter/README.md b/stable/prometheus-blackbox-exporter/README.md index 61f2bf48e31e..5d4902e7a27d 100644 --- a/stable/prometheus-blackbox-exporter/README.md +++ b/stable/prometheus-blackbox-exporter/README.md @@ -43,6 +43,7 @@ The following table lists the configurable parameters of the Blackbox-Exporter c | Parameter | Description | Default | | ----------------------------------------- | -------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | +| `kind` | You can choose between `Deployment` or `DaemonSet` | `Deployment` | | `config` | Prometheus blackbox configuration | {} | | `secretConfig` | Whether to treat blackbox configuration as secret | `false` | | `extraArgs` | Optional flags for blackbox | `[]` | diff --git a/stable/prometheus-blackbox-exporter/ci/daemonset-values.yml b/stable/prometheus-blackbox-exporter/ci/daemonset-values.yml new file mode 100644 index 000000000000..7e498f6c0fd7 --- /dev/null +++ b/stable/prometheus-blackbox-exporter/ci/daemonset-values.yml @@ -0,0 +1 @@ +kind: DaemonSet diff --git a/stable/prometheus-blackbox-exporter/templates/daemonset.yaml b/stable/prometheus-blackbox-exporter/templates/daemonset.yaml new file mode 100644 index 000000000000..226dc8110756 --- /dev/null +++ b/stable/prometheus-blackbox-exporter/templates/daemonset.yaml @@ -0,0 +1,122 @@ +{{- if (eq .Values.kind "DaemonSet") }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "prometheus-blackbox-exporter.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "prometheus-blackbox-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "prometheus-blackbox-exporter.chart" . }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "prometheus-blackbox-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + strategy: +{{ toYaml .Values.strategy | indent 4 }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "prometheus-blackbox-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "prometheus-blackbox-exporter.chart" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + + restartPolicy: {{ .Values.restartPolicy }} + + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + containers: + - name: blackbox-exporter + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + readOnlyRootFilesystem: {{ .Values.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.runAsNonRoot }} + runAsUser: {{ .Values.runAsUser }} + args: +{{- if .Values.config }} + - "--config.file=/config/blackbox.yaml" +{{- else }} + - "--config.file=/etc/blackbox_exporter/config.yml" +{{- end }} + {{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + ports: + - containerPort: {{ .Values.service.port }} + name: http + livenessProbe: + httpGet: + path: /health + port: http + readinessProbe: + httpGet: + path: /health + port: http + volumeMounts: + - mountPath: /config + name: config + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} + readOnly: {{ .readOnly }} + {{- end }} + volumes: + - name: config +{{- if .Values.secretConfig }} + secret: + secretName: {{ template "prometheus-blackbox-exporter.fullname" . }} +{{- else }} + configMap: + name: {{ template "prometheus-blackbox-exporter.fullname" . }} +{{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + defaultMode: {{ .defaultMode }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} + {{- end }} +{{- end }} diff --git a/stable/prometheus-blackbox-exporter/templates/deployment.yaml b/stable/prometheus-blackbox-exporter/templates/deployment.yaml index 6825fcbb3b47..bc2761d318f3 100644 --- a/stable/prometheus-blackbox-exporter/templates/deployment.yaml +++ b/stable/prometheus-blackbox-exporter/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{- if (eq .Values.kind "Deployment") }} apiVersion: apps/v1 kind: Deployment metadata: @@ -123,3 +124,4 @@ spec: secretName: {{ .secretName }} defaultMode: {{ .defaultMode }} {{- end }} +{{- end }} diff --git a/stable/prometheus-blackbox-exporter/values.yaml b/stable/prometheus-blackbox-exporter/values.yaml index 53e2f33e77e6..f6e7eac14b90 100644 --- a/stable/prometheus-blackbox-exporter/values.yaml +++ b/stable/prometheus-blackbox-exporter/values.yaml @@ -1,5 +1,7 @@ restartPolicy: Always +kind: Deployment + podDisruptionBudget: {} # maxUnavailable: 0 From 67c5c5a245c815e229b4e8acdbfd27e16d880e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 17:46:04 +0100 Subject: [PATCH 073/304] [stable/external-dns] Adapt docs to Helm 3 (#20683) Signed-off-by: Carlos Rodriguez Hernandez --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/README.md | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index c9662cad8d02..e6f45f557ca1 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: external-dns -version: 2.16.1 +version: 2.16.2 appVersion: 0.5.18 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index 65be95e14039..f8234659647d 100755 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/external-dns +$ helm install my-release stable/external-dns ``` ## Introduction @@ -24,7 +24,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/external-dns +$ helm install my-release stable/external-dns ``` The command deploys ExternalDNS on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -176,14 +176,14 @@ The following table lists the configurable parameters of the external-dns chart Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set provider=aws stable/external-dns ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/external-dns +$ helm install my-release -f values.yaml stable/external-dns ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -227,7 +227,7 @@ For instance, to install ExternalDNS on AWS, you need to: > Note: replace the placeholder HOSTED_ZONE_IDENTIFIER and HOSTED_ZONE_NAME, with your hosted zoned identifier and name, respectively. ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set provider=aws \ --set aws.zoneType=public \ --set txtOwnerId=HOSTED_ZONE_IDENTIFIER \ From f4c34447dfae507d66d97229f7cd414f645e77dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 18:12:02 +0100 Subject: [PATCH 074/304] [stable/mongodb] Adapt docs to Helm 3 (#20662) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 81af84feb476..18b03cdf730c 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mongodb -version: 7.8.3 +version: 7.8.4 appVersion: 4.2.3 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index adb40ef208e6..8daf9ff2dc17 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```bash -$ helm install stable/mongodb +$ helm install my-release stable/mongodb ``` ## Introduction @@ -26,7 +26,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/mongodb +$ helm install my-release stable/mongodb ``` The command deploys MongoDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -188,7 +188,7 @@ The following table lists the configurable parameters of the MongoDB chart and t Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set mongodbRootPassword=secretpassword,mongodbUsername=my-user,mongodbPassword=my-password,mongodbDatabase=my-database \ stable/mongodb ``` @@ -198,7 +198,7 @@ The above command sets the MongoDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/mongodb +$ helm install my-release -f values.yaml stable/mongodb ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 2c0838c0ce9a5c440531a7b7bfec248a7a5602bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:00:06 +0100 Subject: [PATCH 075/304] [stable/nats] Adapt docs to Helm 3 (#20664) Signed-off-by: Carlos Rodriguez Hernandez --- stable/nats/Chart.yaml | 2 +- stable/nats/README.md | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index 20a280cae923..4e189930f04c 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nats -version: 4.3.0 +version: 4.3.1 appVersion: 2.1.4 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/README.md b/stable/nats/README.md index b8bb2818cbf1..9a826fb8ef42 100644 --- a/stable/nats/README.md +++ b/stable/nats/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```bash -$ helm install stable/nats +$ helm install my-release stable/nats ``` ## Introduction @@ -24,7 +24,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/nats +$ helm install my-release stable/nats ``` The command deploys NATS on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -139,7 +139,7 @@ The following table lists the configurable parameters of the NATS chart and thei Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set auth.enabled=true,auth.user=my-user,auth.password=T0pS3cr3t \ stable/nats ``` @@ -149,7 +149,7 @@ The above command enables NATS client authentication with `my-user` as user and Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/nats +$ helm install my-release -f values.yaml stable/nats ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -232,7 +232,7 @@ NATS version 2.0.0 has renamed the server binary filename from `gnatsd` to `nats however, it is still possible to use the chart to deploy NATS version 1.x.x using the `natsFilename` property. ```bash -helm install --name nats-v1 --set natsFilename=gnatsd --set image.tag=1.4.1 stable/nats +helm install nats-v1 --set natsFilename=gnatsd --set image.tag=1.4.1 stable/nats ``` ### To 1.0.0 From 406128fa8b6251d195d489e4c6dfb4f5f4ad515c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:00:19 +0100 Subject: [PATCH 076/304] [stable/phpmyadmin] Adapt docs to Helm 3 (#20673) Signed-off-by: Carlos Rodriguez Hernandez --- stable/phpmyadmin/Chart.yaml | 2 +- stable/phpmyadmin/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/phpmyadmin/Chart.yaml b/stable/phpmyadmin/Chart.yaml index 895ae2363825..a24416249ce0 100644 --- a/stable/phpmyadmin/Chart.yaml +++ b/stable/phpmyadmin/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpmyadmin -version: 4.2.11 +version: 4.2.12 appVersion: 5.0.1 description: phpMyAdmin is an mysql administration frontend keywords: diff --git a/stable/phpmyadmin/README.md b/stable/phpmyadmin/README.md index 7bd190ee5879..d31721506d77 100644 --- a/stable/phpmyadmin/README.md +++ b/stable/phpmyadmin/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/phpmyadmin +$ helm install my-release stable/phpmyadmin ``` ## Introduction @@ -23,7 +23,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/phpmyadmin +$ helm install my-release stable/phpmyadmin ``` The command deploys phpMyAdmin on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -95,7 +95,7 @@ For more information please refer to the [bitnami/phpmyadmin](http://github.com/ Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set db.host=mymariadb,db.port=3306 stable/phpmyadmin ``` @@ -104,7 +104,7 @@ The above command sets the phpMyAdmin to connect to a database in `mymariadb` ho Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/phpmyadmin +$ helm install my-release -f values.yaml stable/phpmyadmin ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 6104fc5cb1c3673d0a96e703828f328081cc25ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:00:27 +0100 Subject: [PATCH 077/304] [stable/postgresql] Adapt docs to Helm 3 (#20674) Signed-off-by: Carlos Rodriguez Hernandez --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index f33ec4e2b827..3acabee81040 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.3.2 +version: 8.3.3 appVersion: 11.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 5141cb6606a3..aa3391233529 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -7,7 +7,7 @@ For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bit ## TL;DR; ```console -$ helm install stable/postgresql +$ helm install my-release stable/postgresql ``` ## Introduction @@ -26,7 +26,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/postgresql +$ helm install my-release stable/postgresql ``` The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -212,7 +212,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ stable/postgresql ``` @@ -222,7 +222,7 @@ The above command sets the PostgreSQL `postgres` account password to `secretpass Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/postgresql +$ helm install my-release -f values.yaml stable/postgresql ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -387,7 +387,7 @@ From chart version 4.0.0, it is possible to use this chart with the Docker Offic Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. ``` -helm install --name postgres \ +helm install postgres \ --set image.repository=postgres \ --set image.tag=10.6 \ --set postgresqlDataDir=/data/pgdata \ @@ -500,7 +500,7 @@ $ kubectl get svc ```console $ helm repo update -$ helm install --name my-release stable/postgresql +$ helm install my-release stable/postgresql ``` - Connect to the new pod (you can obtain the name by running `kubectl get pods`): From 7a617fa3205754cbcf3e506a34bfc859a31466a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:00:35 +0100 Subject: [PATCH 078/304] [stable/rabbitmq] Adapt docs to Helm 3 (#20676) Signed-off-by: Carlos Rodriguez Hernandez --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 10 +++++----- stable/rabbitmq/templates/_helpers.tpl | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index c61b31c1930b..a42922205f8c 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.17.1 +version: 6.17.2 appVersion: 3.8.2 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 5ec13992b92c..80a128f3be6a 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```bash -$ helm install stable/rabbitmq +$ helm install my-release stable/rabbitmq ``` ## Introduction @@ -25,7 +25,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/rabbitmq +$ helm install my-release stable/rabbitmq ``` The command deploys RabbitMQ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -189,7 +189,7 @@ The above parameters map to the env variables defined in [bitnami/rabbitmq](http Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set rabbitmq.username=admin,rabbitmq.password=secretpassword,rabbitmq.erlangCookie=secretcookie \ stable/rabbitmq ``` @@ -199,7 +199,7 @@ The above command sets the RabbitMQ admin username and password to `admin` and ` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/rabbitmq +$ helm install my-release -f values.yaml stable/rabbitmq ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -385,7 +385,7 @@ The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/pers 1. Install the chart ```bash -$ helm install --set persistence.existingClaim=PVC_NAME rabbitmq +$ helm install my-release --set persistence.existingClaim=PVC_NAME stable/rabbitmq ``` ### Adjust permissions of the persistence volume mountpoint diff --git a/stable/rabbitmq/templates/_helpers.tpl b/stable/rabbitmq/templates/_helpers.tpl index 3ed01cd3aa1a..6dcd5a189fde 100644 --- a/stable/rabbitmq/templates/_helpers.tpl +++ b/stable/rabbitmq/templates/_helpers.tpl @@ -235,7 +235,7 @@ rabbitmq: LDAP Invalid LDAP configuration. When enabling LDAP support, the parameters "ldap.server", "ldap.port", and "ldap. user_dn_pattern" are mandatory. Please provide them: - $ helm install --name {{ .Release.Name }} stable/rabbitmq \ + $ helm install {{ .Release.Name }} stable/rabbitmq \ --set ldap.enabled=true \ --set ldap.server="lmy-ldap-server" \ --set ldap.port="389" \ From 007fe55a7b8a9aac2270fd49feca59b40a0e22c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:00:43 +0100 Subject: [PATCH 079/304] [stable/redis] Adapt docs to Helm 3 (#20677) * [stable/redis] Adapt docs to Helm 3 Signed-off-by: Carlos Rodriguez Hernandez * Update README Signed-off-by: Carlos Rodriguez Hernandez --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 574f3bba35f1..47944e22424a 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.4.3 +version: 10.4.4 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index 448d46dcb56f..ee60a01eb362 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -7,12 +7,12 @@ ```bash # Testing configuration -$ helm install stable/redis +$ helm install my-release stable/redis ``` ```bash # Production configuration -$ helm install stable/redis --values values-production.yaml +$ helm install my-release stable/redis --values values-production.yaml ``` ## Introduction @@ -32,7 +32,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/redis +$ helm install my-release stable/redis ``` The command deploys Redis on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -246,7 +246,7 @@ The following table lists the configurable parameters of the Redis chart and the Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set password=secretpassword \ stable/redis ``` @@ -256,7 +256,7 @@ The above command sets the Redis server password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/redis +$ helm install my-release -f values.yaml stable/redis ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -376,7 +376,7 @@ By default, the chart mounts a [Persistent Volume](http://kubernetes.io/docs/use 3. Install the chart ```bash -$ helm install --set persistence.existingClaim=PVC_NAME stable/redis +$ helm install my-release --set persistence.existingClaim=PVC_NAME stable/redis ``` ## NetworkPolicy @@ -429,14 +429,14 @@ This version causes a change in the Redis Master StatefulSet definition, so the - Recommended: Create a clone of the Redis Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC. ``` - helm install stable/redis --set persistence.existingClaim= + helm install my-release stable/redis --set persistence.existingClaim= ``` - Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis Master StatefulSet. As a consequence, the following commands can be done to upgrade the release ``` helm delete --purge - helm install stable/redis --name + helm install stable/redis ``` Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters. From 4f38d9dafef981b2619c07bf450b187cb8e05efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:00:51 +0100 Subject: [PATCH 080/304] [stable/testlink] Adapt docs to Helm 3 (#20680) Signed-off-by: Carlos Rodriguez Hernandez --- stable/testlink/Chart.yaml | 2 +- stable/testlink/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/testlink/Chart.yaml b/stable/testlink/Chart.yaml index f5ee738e2736..bd560e187303 100644 --- a/stable/testlink/Chart.yaml +++ b/stable/testlink/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: testlink -version: 7.1.0 +version: 7.1.1 appVersion: 1.9.19 description: Web-based test management system that facilitates software quality assurance. icon: https://bitnami.com/assets/stacks/testlink/img/testlink-stack-220x234.png diff --git a/stable/testlink/README.md b/stable/testlink/README.md index f0f41715f897..6a53ff83c8cf 100644 --- a/stable/testlink/README.md +++ b/stable/testlink/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/testlink +$ helm install my-release stable/testlink ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/testlink +$ helm install my-release stable/testlink ``` The command deploys TestLink on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -121,7 +121,7 @@ The above parameters map to the env variables defined in [bitnami/testlink](http Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set testlinkUsername=admin,testlinkPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/testlink ``` @@ -131,7 +131,7 @@ The above command sets the TestLink administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/testlink +$ helm install my-release -f values.yaml stable/testlink ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 80c644ec99a32c122450442137fd838c93149ad4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:00 +0100 Subject: [PATCH 081/304] [stable/wordpress] Adapt docs to Helm 3 (#20681) Signed-off-by: Carlos Rodriguez Hernandez --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/README.md | 10 +++++----- stable/wordpress/values-production.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index dc7aec0cd121..396f82f19879 100755 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: wordpress -version: 8.1.2 +version: 8.1.3 appVersion: 5.3.2 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/README.md b/stable/wordpress/README.md index 47e638291444..a0c10c95b294 100644 --- a/stable/wordpress/README.md +++ b/stable/wordpress/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/wordpress +$ helm install my-release stable/wordpress ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/wordpress +$ helm install my-release stable/wordpress ``` The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -164,7 +164,7 @@ The above parameters map to the env variables defined in [bitnami/wordpress](htt Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set wordpressUsername=admin,wordpressPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/wordpress ``` @@ -174,7 +174,7 @@ The above command sets the WordPress administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/wordpress +$ helm install my-release -f values.yaml stable/wordpress ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -216,7 +216,7 @@ This chart includes a `values-production.yaml` file where you can find some para + ## To use the /admin portal and to ensure you can scale wordpress you need to provide a + ## ReadWriteMany PVC, if you dont have a provisioner for this type of storage + ## We recommend that you install the nfs provisioner and map it to a RWO volume -+ ## helm install stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi ++ ## helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi + persistence.accessMode: ReadWriteMany ``` diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index f710e505fec7..1522fb5155e0 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -344,7 +344,7 @@ persistence: ## To use the /admin portal and to ensure you can scale wordpress you need to provide a ## ReadWriteMany PVC, if you dont have a provisioner for this type of storage ## We recommend that you install the nfs provisioner and map it to a RWO volume - ## helm install stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi + ## helm install nfs-server stable/nfs-server-provisioner --set persistence.enabled=true,persistence.size=10Gi accessMode: ReadWriteMany size: 10Gi From e16d532321552764bd3cbaeaac7f30aaa0ef633a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:09 +0100 Subject: [PATCH 082/304] [stable/drupal] Adapt docs to Helm 3 (#20682) Signed-off-by: Carlos Rodriguez Hernandez --- stable/drupal/Chart.yaml | 2 +- stable/drupal/README.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index 2066117c6e15..72d6bdc1d465 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: drupal -version: 6.2.4 +version: 6.2.5 appVersion: 8.8.2 description: One of the most versatile open source content management systems. keywords: diff --git a/stable/drupal/README.md b/stable/drupal/README.md index ca10d4a25031..bbbcc670e61c 100644 --- a/stable/drupal/README.md +++ b/stable/drupal/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/drupal +$ helm install my-release stable/drupal ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/drupal +$ helm install my-release stable/drupal ``` The command deploys Drupal on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -116,7 +116,7 @@ The above parameters map to the env variables defined in [bitnami/drupal](http:/ Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set drupalUsername=admin,drupalPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/drupal ``` @@ -126,7 +126,7 @@ The above command sets the Drupal administrator account username and password to Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/drupal +$ helm install my-release -f values.yaml stable/drupal ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -171,7 +171,7 @@ See the [Parameters](#parameters) section to configure the PVC or to disable per 1. Install the chart ```bash -$ helm install --name my-release --set persistence.drupal.existingClaim=PVC_NAME stable/drupal +$ helm install my-release --set persistence.drupal.existingClaim=PVC_NAME stable/drupal ``` ### Host path @@ -187,7 +187,7 @@ $ helm install --name my-release --set persistence.drupal.existingClaim=PVC_NAME 1. Install the chart ```bash - $ helm install --name my-release --set persistence.drupal.hostPath=/PATH/TO/HOST/MOUNT stable/drupal + $ helm install my-release --set persistence.drupal.hostPath=/PATH/TO/HOST/MOUNT stable/drupal ``` This will mount the `drupal-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. From 4f5d8ed1ba6d823e2dae0ed08f9566dd355a59bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:17 +0100 Subject: [PATCH 083/304] [stable/ghost] Adapt docs to Helm 3 (#20684) Signed-off-by: Carlos Rodriguez Hernandez --- stable/ghost/Chart.yaml | 2 +- stable/ghost/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 64b9ed2ec983..1818a15d3fd6 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: ghost -version: 9.1.6 +version: 9.1.7 appVersion: 3.5.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: diff --git a/stable/ghost/README.md b/stable/ghost/README.md index 954367be5f6f..9a33488707ba 100644 --- a/stable/ghost/README.md +++ b/stable/ghost/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/ghost +$ helm install my-release stable/ghost ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/ghost +$ helm install my-release stable/ghost ``` The command deploys Ghost on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -150,7 +150,7 @@ The above parameters map to the env variables defined in [bitnami/ghost](http:// Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set ghostUsername=admin,ghostPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/ghost ``` @@ -160,7 +160,7 @@ The above command sets the Ghost administrator account username and password to Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/ghost +$ helm install my-release -f values.yaml stable/ghost ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 17f443493d4bf0c7647bc0e692607c706083ee06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:25 +0100 Subject: [PATCH 084/304] [stable/jasperreports] Adapt docs to Helm 3 (#20685) Signed-off-by: Carlos Rodriguez Hernandez --- stable/jasperreports/Chart.yaml | 2 +- stable/jasperreports/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/jasperreports/Chart.yaml b/stable/jasperreports/Chart.yaml index 5d395031b56a..f43100530852 100644 --- a/stable/jasperreports/Chart.yaml +++ b/stable/jasperreports/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: jasperreports -version: 7.0.4 +version: 7.0.5 appVersion: 7.2.0 description: The JasperReports server can be used as a stand-alone or embedded reporting and BI server that offers web-based reporting, analytic tools and visualization, diff --git a/stable/jasperreports/README.md b/stable/jasperreports/README.md index cf99775f5f60..3815c06f8187 100644 --- a/stable/jasperreports/README.md +++ b/stable/jasperreports/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/jasperreports +$ helm install my-release stable/jasperreports ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/jasperreports +$ helm install my-release stable/jasperreports ``` The command deploys JasperReports on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -108,7 +108,7 @@ The above parameters map to the env variables defined in [bitnami/jasperreports] Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set jasperreportsUsername=admin,jasperreportsPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/jasperreports ``` @@ -118,7 +118,7 @@ The above command sets the JasperReports administrator account username and pass Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/jasperreports +$ helm install my-release -f values.yaml stable/jasperreports ``` > **Tip**: You can use the default [values.yaml](values.yaml) From c6a049f6b616d6d14614a10b4f97fafe904c9f8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:33 +0100 Subject: [PATCH 085/304] [stable/joomla] Adapt docs to Helm 3 (#20686) Signed-off-by: Carlos Rodriguez Hernandez --- stable/joomla/Chart.yaml | 2 +- stable/joomla/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/joomla/Chart.yaml b/stable/joomla/Chart.yaml index e5568443de35..40288d3cc59a 100644 --- a/stable/joomla/Chart.yaml +++ b/stable/joomla/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: joomla -version: 7.1.5 +version: 7.1.6 appVersion: 3.9.15 description: PHP content management system (CMS) for publishing web content keywords: diff --git a/stable/joomla/README.md b/stable/joomla/README.md index adb2f11a9e45..202c56086e29 100644 --- a/stable/joomla/README.md +++ b/stable/joomla/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/joomla +$ helm install my-release stable/joomla ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/joomla +$ helm install my-release stable/joomla ``` The command deploys Joomla! on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -138,7 +138,7 @@ The above parameters map to the env variables defined in [bitnami/joomla](http:/ Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set joomlaUsername=admin,joomlaPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/joomla ``` @@ -148,7 +148,7 @@ The above command sets the Joomla! administrator account username and password t Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/joomla +$ helm install my-release -f values.yaml stable/joomla ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 1f2068740abf2e7014b4f333e96669012d28570b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:41 +0100 Subject: [PATCH 086/304] [stable/kubewatch] Adapt docs to Helm 3 (#20687) * [stable/kubewatch] Adapt docs to Helm 3 Signed-off-by: Carlos Rodriguez Hernandez * Update README Signed-off-by: Carlos Rodriguez Hernandez --- stable/kubewatch/Chart.yaml | 2 +- stable/kubewatch/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/kubewatch/Chart.yaml b/stable/kubewatch/Chart.yaml index 3d57bba4aff0..dbdcfb2be1ee 100644 --- a/stable/kubewatch/Chart.yaml +++ b/stable/kubewatch/Chart.yaml @@ -1,5 +1,5 @@ name: kubewatch -version: 1.0.4 +version: 1.0.5 apiVersion: v1 appVersion: 0.0.4 home: https://github.com/bitnami-labs/kubewatch diff --git a/stable/kubewatch/README.md b/stable/kubewatch/README.md index 0e00adcf1d0d..20a6dd483f12 100644 --- a/stable/kubewatch/README.md +++ b/stable/kubewatch/README.md @@ -6,7 +6,7 @@ ## TL;DR; ```console -$ helm install stable/kubewatch +$ helm install my-release stable/kubewatch ``` ## Introduction @@ -23,7 +23,7 @@ This chart bootstraps a kubewatch deployment on a [Kubernetes](http://kubernetes To install the chart with the release name `my-release`: ```console -$ helm install stable/kubewatch --name my-release +$ helm install my-release stable/kubewatch ``` The command deploys kubewatch on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -91,14 +91,14 @@ The following table lists the configurable parameters of the kubewatch chart and Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install stable/kubewatch --name my-release \ +$ helm install my-release stable/kubewatch \ --set=slack.channel="#bots",slack.token="XXXX-XXXX-XXXX" ``` Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install stable/kubewatch --name my-release -f values.yaml +$ helm install my-release -f values.yaml stable/kubewatch ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 3623a3547b73c7060b7d2adb3bda6f0ed66d29f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:49 +0100 Subject: [PATCH 087/304] [stable/mariadb] Adapt docs to Helm 3 (#20688) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 07ec7bc2f599..85343029d487 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mariadb -version: 7.3.8 +version: 7.3.9 appVersion: 10.3.22 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index cecc4d9cf040..cc0765a2ff22 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -7,7 +7,7 @@ MariaDB is developed as open source software and as a relational database it pro ## TL;DR; ```bash -$ helm install stable/mariadb +$ helm install my-release stable/mariadb ``` ## Introduction @@ -27,7 +27,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/mariadb +$ helm install my-release stable/mariadb ``` The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -200,7 +200,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](http: Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set rootUser.password=secretpassword,db.user=app_database \ stable/mariadb ``` @@ -210,7 +210,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/mariadb +$ helm install my-release -f values.yaml stable/mariadb ``` > **Tip**: You can use the default [values.yaml](values.yaml) From b611fe5fa1d9b4aea077d12ac858c98d3c9c6b18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:01:57 +0100 Subject: [PATCH 088/304] [stable/mediawiki] Adapt docs to Helm 3 (#20689) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mediawiki/Chart.yaml | 2 +- stable/mediawiki/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mediawiki/Chart.yaml b/stable/mediawiki/Chart.yaml index 6a7bac606a45..5f52e1fb4a98 100644 --- a/stable/mediawiki/Chart.yaml +++ b/stable/mediawiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mediawiki -version: 9.1.3 +version: 9.1.4 appVersion: 1.34.0 description: Extremely powerful, scalable software and a feature-rich wiki implementation that uses PHP to process and display data stored in a database. home: http://www.mediawiki.org/ diff --git a/stable/mediawiki/README.md b/stable/mediawiki/README.md index 05d5366ac4b8..a052755ef521 100644 --- a/stable/mediawiki/README.md +++ b/stable/mediawiki/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/mediawiki +$ helm install my-release stable/mediawiki ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/mediawiki +$ helm install my-release stable/mediawiki ``` The command deploys MediaWiki on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -136,7 +136,7 @@ The above parameters map to the env variables defined in [bitnami/mediawiki](htt Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set mediawikiUser=admin,mediawikiPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/mediawiki ``` @@ -146,7 +146,7 @@ The above command sets the MediaWiki administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/mediawiki +$ helm install my-release -f values.yaml stable/mediawiki ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 50659f37b744a83f30987cab701a1741870894f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:06 +0100 Subject: [PATCH 089/304] [stable/dokuwiki] Adapt docs to Helm 3 (#20661) Signed-off-by: Carlos Rodriguez Hernandez --- stable/dokuwiki/Chart.yaml | 2 +- stable/dokuwiki/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/dokuwiki/Chart.yaml b/stable/dokuwiki/Chart.yaml index ed6e9b38c2ac..90dc239767b1 100644 --- a/stable/dokuwiki/Chart.yaml +++ b/stable/dokuwiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: dokuwiki -version: 6.0.6 +version: 6.0.7 appVersion: 0.20180422.201901061035 description: DokuWiki is a standards-compliant, simple to use wiki optimized for creating documentation. It is targeted at developer teams, workgroups, and small companies. diff --git a/stable/dokuwiki/README.md b/stable/dokuwiki/README.md index a8ab7e74f969..f1b7a2d986e5 100644 --- a/stable/dokuwiki/README.md +++ b/stable/dokuwiki/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/dokuwiki +$ helm install my-release stable/dokuwiki ``` ## Introduction @@ -26,7 +26,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/dokuwiki +$ helm install my-release stable/dokuwiki ``` The command deploys DokuWiki on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -116,7 +116,7 @@ The above parameters map to the env variables defined in [bitnami/dokuwiki](http Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set dokuwikiUsername=admin,dokuwikiPassword=password \ stable/dokuwiki ``` @@ -126,7 +126,7 @@ The above command sets the DokuWiki administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/dokuwiki +$ helm install my-release -f values.yaml stable/dokuwiki ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 833588d6bdf3ee207e26b1fd4706081292e9ac28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:19 +0100 Subject: [PATCH 090/304] [stable/moodle] Adapt docs to Helm 3 (#20663) Signed-off-by: Carlos Rodriguez Hernandez --- stable/moodle/Chart.yaml | 2 +- stable/moodle/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index 440bf23659b0..6f9c7a7e4196 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: moodle -version: 7.1.0 +version: 7.1.1 appVersion: 3.8.1 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/README.md b/stable/moodle/README.md index 8567ccce4321..420e4f78be73 100644 --- a/stable/moodle/README.md +++ b/stable/moodle/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/moodle +$ helm install my-release stable/moodle ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/moodle +$ helm install my-release stable/moodle ``` The command deploys Moodle on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -138,7 +138,7 @@ The above parameters map to the env variables defined in [bitnami/moodle](http:/ Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set moodleUsername=admin,moodlePassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/moodle ``` @@ -148,7 +148,7 @@ The above command sets the Moodle administrator account username and password to Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/moodle +$ helm install my-release -f values.yaml stable/moodle ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 1955a1300c6ffc7297eff3f6621bab8a8a3bfdbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:27 +0100 Subject: [PATCH 091/304] [stable/odoo] Adapt docs to Helm 3 (#20665) Signed-off-by: Carlos Rodriguez Hernandez --- stable/odoo/Chart.yaml | 2 +- stable/odoo/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/odoo/Chart.yaml b/stable/odoo/Chart.yaml index b2cd77d2fa5f..8524ef55c6a1 100644 --- a/stable/odoo/Chart.yaml +++ b/stable/odoo/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: odoo -version: 13.0.0 +version: 13.0.1 appVersion: 12.0.20191215 description: A suite of web based open source business apps. home: https://www.odoo.com/ diff --git a/stable/odoo/README.md b/stable/odoo/README.md index ad18f1d02407..6106e75e8f74 100644 --- a/stable/odoo/README.md +++ b/stable/odoo/README.md @@ -7,7 +7,7 @@ Odoo Apps can be used as stand-alone applications, but they also integrate seaml ## TL;DR; ```console -$ helm install stable/odoo +$ helm install my-release stable/odoo ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/odoo +$ helm install my-release stable/odoo ``` The command deploys Odoo on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -120,7 +120,7 @@ The above parameters map to the env variables defined in [bitnami/odoo](http://g Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set odooPassword=password,postgresql.postgresPassword=secretpassword \ stable/odoo ``` @@ -130,7 +130,7 @@ The above command sets the Odoo administrator account password to `password` and Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/odoo +$ helm install my-release -f values.yaml stable/odoo ``` > **Tip**: You can use the default [values.yaml](values.yaml) From a1e85fc93e8c3085c9914ac4126aa012a8bb59a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:35 +0100 Subject: [PATCH 092/304] [stable/opencart] Adapt docs to Helm 3 (#20666) Signed-off-by: Carlos Rodriguez Hernandez --- stable/opencart/Chart.yaml | 2 +- stable/opencart/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/opencart/Chart.yaml b/stable/opencart/Chart.yaml index 5b2b596e4469..78fd00e94f43 100644 --- a/stable/opencart/Chart.yaml +++ b/stable/opencart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: opencart -version: 7.0.4 +version: 7.0.5 appVersion: 3.0.3-2 description: A free and open source e-commerce platform for online merchants. It provides a professional and reliable foundation for a successful online store. keywords: diff --git a/stable/opencart/README.md b/stable/opencart/README.md index 3f01889b55eb..26f4c939cdd5 100644 --- a/stable/opencart/README.md +++ b/stable/opencart/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/opencart +$ helm install my-release stable/opencart ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/opencart +$ helm install my-release stable/opencart ``` The command deploys OpenCart on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -135,7 +135,7 @@ The above parameters map to the env variables defined in [bitnami/opencart](http Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set opencartUsername=admin,opencartPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/opencart ``` @@ -145,7 +145,7 @@ The above command sets the OpenCart administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/opencart +$ helm install my-release -f values.yaml stable/opencart ``` > **Tip**: You can use the default [values.yaml](values.yaml) From f299c2c7ab29c41d88787962bf66c93fbf6aec5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:43 +0100 Subject: [PATCH 093/304] [stable/orangehrm] Adapt docs to Helm 3 (#20667) Signed-off-by: Carlos Rodriguez Hernandez --- stable/orangehrm/Chart.yaml | 2 +- stable/orangehrm/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/orangehrm/Chart.yaml b/stable/orangehrm/Chart.yaml index c8932a3bfef2..c3fe300bef3a 100644 --- a/stable/orangehrm/Chart.yaml +++ b/stable/orangehrm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: orangehrm -version: 7.0.4 +version: 7.0.5 appVersion: 4.3.4-0 description: OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business. diff --git a/stable/orangehrm/README.md b/stable/orangehrm/README.md index c92989a2e269..e8d517b94f52 100644 --- a/stable/orangehrm/README.md +++ b/stable/orangehrm/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/orangehrm +$ helm install my-release stable/orangehrm ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/orangehrm +$ helm install my-release stable/orangehrm ``` The command deploys OrangeHRM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -121,7 +121,7 @@ The above parameters map to the env variables defined in [bitnami/orangehrm](htt Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set orangehrmUsername=admin,orangehrmPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/orangehrm ``` @@ -131,7 +131,7 @@ The above command sets the OrangeHRM administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/orangehrm +$ helm install my-release -f values.yaml stable/orangehrm ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 30419d4aed5984f3298d0a2e54660167c153a4ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:51 +0100 Subject: [PATCH 094/304] [stable/osclass] Adapt docs to Helm 3 (#20668) Signed-off-by: Carlos Rodriguez Hernandez --- stable/osclass/Chart.yaml | 2 +- stable/osclass/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/osclass/Chart.yaml b/stable/osclass/Chart.yaml index d7597f244b94..6d38ec697ab8 100644 --- a/stable/osclass/Chart.yaml +++ b/stable/osclass/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: osclass -version: 7.0.4 +version: 7.0.5 appVersion: 3.7.4 description: Osclass is a php script that allows you to quickly create and manage your own free classifieds site. diff --git a/stable/osclass/README.md b/stable/osclass/README.md index d88ccd9298ab..4ecaff7d44ce 100644 --- a/stable/osclass/README.md +++ b/stable/osclass/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/osclass +$ helm install my-release stable/osclass ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/osclass +$ helm install my-release stable/osclass ``` The command deploys Osclass on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -136,7 +136,7 @@ The above parameters map to the env variables defined in [bitnami/osclass](http: Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set osclassUsername=admin,osclassPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/osclass ``` @@ -146,7 +146,7 @@ The above command sets the Osclass administrator account username and password t Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/osclass +$ helm install my-release -f values.yaml stable/osclass ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 456ff7af0b8a5c2af3cc31feef66763a113bb9b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:40:59 +0100 Subject: [PATCH 095/304] [stable/owncloud] Adapt docs to Helm 3 (#20669) Signed-off-by: Carlos Rodriguez Hernandez --- stable/owncloud/Chart.yaml | 2 +- stable/owncloud/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/owncloud/Chart.yaml b/stable/owncloud/Chart.yaml index 60c8416ba2dd..6238d067e057 100644 --- a/stable/owncloud/Chart.yaml +++ b/stable/owncloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: owncloud -version: 8.1.1 +version: 8.1.2 appVersion: 10.3.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/stable/owncloud/README.md b/stable/owncloud/README.md index d1a556ae5825..43459394567e 100644 --- a/stable/owncloud/README.md +++ b/stable/owncloud/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/owncloud +$ helm install my-release stable/owncloud ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/owncloud +$ helm install my-release stable/owncloud ``` The command deploys ownCloud on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -127,7 +127,7 @@ The above parameters map to the env variables defined in [bitnami/owncloud](http Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set owncloudUsername=admin,owncloudPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/owncloud ``` @@ -137,7 +137,7 @@ The above command sets the ownCloud administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/owncloud +$ helm install my-release -f values.yaml stable/owncloud ``` > **Tip**: You can use the default [values.yaml](values.yaml) From e736dd5a2d7cdb63645e3fcbac88df0b44acd84a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:41:06 +0100 Subject: [PATCH 096/304] [stable/parse] Adapt docs to Helm 3 (#20670) Signed-off-by: Carlos Rodriguez Hernandez --- stable/parse/Chart.yaml | 2 +- stable/parse/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index 6394757eb014..9772b4c3a063 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: parse -version: 10.3.4 +version: 10.3.5 appVersion: 3.10.0 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: diff --git a/stable/parse/README.md b/stable/parse/README.md index fd223ed2e587..0b6d3aeb2e78 100644 --- a/stable/parse/README.md +++ b/stable/parse/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/parse +$ helm install my-release stable/parse ``` ## Introduction @@ -26,7 +26,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/parse +$ helm install my-release stable/parse ``` The command deploys Parse on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -158,7 +158,7 @@ The above parameters map to the env variables defined in [bitnami/parse](http:// Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set dashboard.username=admin,dashboard.password=password \ stable/parse ``` @@ -168,7 +168,7 @@ The above command sets the Parse administrator account username and password to Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/parse +$ helm install my-release -f values.yaml stable/parse ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 42263afe1e3b732e42c2d151b733f8018e9b3521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:41:14 +0100 Subject: [PATCH 097/304] [stable/phabricator] Adapt docs to Helm 3 (#20671) * [stable/phabricator] Adapt docs to Helm 3 Signed-off-by: Carlos Rodriguez Hernandez * Update README Signed-off-by: Carlos Rodriguez Hernandez --- stable/phabricator/Chart.yaml | 2 +- stable/phabricator/README.md | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 66a973b9932d..20527356effb 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phabricator -version: 9.0.7 +version: 9.0.8 appVersion: 2019.50.0 description: Collection of open source web applications that help software companies build better software. keywords: diff --git a/stable/phabricator/README.md b/stable/phabricator/README.md index dc108f5c4d69..59a9df237e29 100644 --- a/stable/phabricator/README.md +++ b/stable/phabricator/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/phabricator +$ helm install my-release stable/phabricator ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/phabricator +$ helm install my-release stable/phabricator ``` The command deploys Phabricator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -129,8 +129,9 @@ The above parameters map to the env variables defined in [bitnami/phabricator](h Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install stable/phabricator --name my-release \ +$ helm install my-release \ --set phabricatorUsername=admin,phabricatorPassword=password,mariadb.mariadbRootPassword=secretpassword \ + stable/phabricator ``` The above command sets the Phabricator administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. @@ -138,7 +139,7 @@ The above command sets the Phabricator administrator account username and passwo Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/phabricator +$ helm install my-release -f values.yaml stable/phabricator ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 527d8f12c8f6f30afb059197d28e246822f55c11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:41:22 +0100 Subject: [PATCH 098/304] [stable/phpbb] Adapt docs to Helm 3 (#20672) Signed-off-by: Carlos Rodriguez Hernandez --- stable/phpbb/Chart.yaml | 2 +- stable/phpbb/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/phpbb/Chart.yaml b/stable/phpbb/Chart.yaml index 129295a09753..a2d816b01bee 100644 --- a/stable/phpbb/Chart.yaml +++ b/stable/phpbb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpbb -version: 7.0.4 +version: 7.0.5 appVersion: 3.3.0 description: Community forum that supports the notion of users and groups, file attachments, full-text search, notifications and more. keywords: diff --git a/stable/phpbb/README.md b/stable/phpbb/README.md index a8f163fd21c1..792521a2ed3b 100644 --- a/stable/phpbb/README.md +++ b/stable/phpbb/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/phpbb +$ helm install my-release stable/phpbb ``` ## Introduction @@ -26,7 +26,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/phpbb +$ helm install my-release stable/phpbb ``` The command deploys phpBB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -116,7 +116,7 @@ The above parameters map to the env variables defined in [bitnami/phpbb](http:// Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set phpbbUser=admin,phpbbPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/phpbb ``` @@ -126,7 +126,7 @@ The above command sets the phpBB administrator account username and password to Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/phpbb +$ helm install my-release -f values.yaml stable/phpbb ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 1b7330ade3d6352c74191d26f60bae6e45b77eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:41:30 +0100 Subject: [PATCH 099/304] [stable/prestashop] Adapt docs to Helm 3 (#20675) Signed-off-by: Carlos Rodriguez Hernandez --- stable/prestashop/Chart.yaml | 2 +- stable/prestashop/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index 073b6b7f4246..e1c1eec1aef6 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prestashop -version: 9.1.4 +version: 9.1.5 appVersion: 1.7.6-3 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: diff --git a/stable/prestashop/README.md b/stable/prestashop/README.md index 227369cabdbb..16ec5c655b4b 100644 --- a/stable/prestashop/README.md +++ b/stable/prestashop/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/prestashop +$ helm install my-release stable/prestashop ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/prestashop +$ helm install my-release stable/prestashop ``` The command deploys PrestaShop on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -155,7 +155,7 @@ The above parameters map to the env variables defined in [bitnami/prestashop](ht Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set prestashopUsername=admin,prestashopPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/prestashop ``` @@ -165,7 +165,7 @@ The above command sets the PrestaShop administrator account username and passwor Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/prestashop +$ helm install my-release -f values.yaml stable/prestashop ``` > **Tip**: You can use the default [values.yaml](values.yaml) From 35f6c7a1a40063ff92617008954c4fefd27023e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:41:38 +0100 Subject: [PATCH 100/304] [stable/redmine] Adapt docs to Helm 3 (#20678) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redmine/Chart.yaml | 2 +- stable/redmine/README.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index 01038fb95f10..cb2b45d11d15 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redmine -version: 14.1.6 +version: 14.1.7 appVersion: 4.1.0 description: A flexible project management web application. keywords: diff --git a/stable/redmine/README.md b/stable/redmine/README.md index 77168a47c3fa..c83c02221373 100644 --- a/stable/redmine/README.md +++ b/stable/redmine/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```bash -$ helm install stable/redmine +$ helm install my-release stable/redmine ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/redmine +$ helm install my-release stable/redmine ``` The command deploys Redmine on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -50,7 +50,7 @@ The command removes all the Kubernetes components associated with the chart and This chart includes the option to use a PostgreSQL database for Redmine instead of MariaDB. To use this, set the `databaseType` parameter to `postgresql`: ``` -helm install --name my-release stable/redmine --set databaseType=postgresql +helm install my-release stable/redmine --set databaseType=postgresql ``` ## Parameters @@ -174,7 +174,7 @@ The above parameters map to the env variables defined in [bitnami/redmine](http: Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```bash -$ helm install --name my-release \ +$ helm install my-release \ --set redmineUsername=admin,redminePassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/redmine ``` @@ -184,7 +184,7 @@ The above command sets the Redmine administrator account username and password t Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/redmine +$ helm install my-release -f values.yaml stable/redmine ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -219,7 +219,7 @@ The following example includes two PVCs, one for Redmine and another for MariaDB 1. Install the chart ```bash -$ helm install --name test --set persistence.existingClaim=PVC_REDMINE,mariadb.persistence.existingClaim=PVC_MARIADB redmine +$ helm install test --set persistence.existingClaim=PVC_REDMINE,mariadb.persistence.existingClaim=PVC_MARIADB stable/redmine ``` ## Upgrading From e77cc619ad2c41e8529df82d3835f28dc0c753fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 11 Feb 2020 19:41:46 +0100 Subject: [PATCH 101/304] [stable/suitecrm] Adapt docs to Helm 3 (#20679) Signed-off-by: Carlos Rodriguez Hernandez --- stable/suitecrm/Chart.yaml | 2 +- stable/suitecrm/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index 4aec9f739e82..b34d4193b237 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: suitecrm -version: 8.0.4 +version: 8.0.5 appVersion: 7.11.10 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: diff --git a/stable/suitecrm/README.md b/stable/suitecrm/README.md index 6fb8e8bc7f9f..3bbb8fc5993b 100644 --- a/stable/suitecrm/README.md +++ b/stable/suitecrm/README.md @@ -5,7 +5,7 @@ ## TL;DR; ```console -$ helm install stable/suitecrm +$ helm install my-release stable/suitecrm ``` ## Introduction @@ -28,7 +28,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment To install the chart with the release name `my-release`: ```console -$ helm install --name my-release stable/suitecrm +$ helm install my-release stable/suitecrm ``` The command deploys SuiteCRM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. @@ -137,7 +137,7 @@ The above parameters map to the env variables defined in [bitnami/suitecrm](http Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console -$ helm install --name my-release \ +$ helm install my-release \ --set suitecrmUsername=admin,suitecrmPassword=password,mariadb.mariadbRootPassword=secretpassword \ stable/suitecrm ``` @@ -147,7 +147,7 @@ The above command sets the SuiteCRM administrator account username and password Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console -$ helm install --name my-release -f values.yaml stable/suitecrm +$ helm install my-release -f values.yaml stable/suitecrm ``` > **Tip**: You can use the default [values.yaml](values.yaml) From b126482a391078683ebd0a0878552b0045bd1360 Mon Sep 17 00:00:00 2001 From: Benedict Hartley Date: Tue, 11 Feb 2020 18:41:53 +0000 Subject: [PATCH 102/304] [stable/sealed-secrets] Add priorityClassName to sealed-secrets (#20690) * Add priorityClassName to sealed-secrets Signed-off-by: Benedict Hartley * Add values.priorityClassName to sealed-secrets README Signed-off-by: Benedict Hartley * Bump chart version for sealed-secrets Signed-off-by: Benedict Hartley --- stable/sealed-secrets/Chart.yaml | 2 +- stable/sealed-secrets/README.md | 1 + stable/sealed-secrets/templates/deployment.yaml | 3 +++ stable/sealed-secrets/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index 64b520accf8a..42ec1dc5103b 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,6 +1,6 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.7.4 +version: 1.7.5 appVersion: 0.9.7 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets diff --git a/stable/sealed-secrets/README.md b/stable/sealed-secrets/README.md index 852244ef2bbe..4db308ae2e7e 100644 --- a/stable/sealed-secrets/README.md +++ b/stable/sealed-secrets/README.md @@ -66,6 +66,7 @@ Read about kubeseal usage on [sealed-secrets docs](https://github.com/bitnami-la | **ingress.hosts** | Ingress accepted hostnames | `["chart-example.local"]` | | **ingress.tls** | Ingress TLS configuration | `[]` | | **podAnnotations** | Annotations to annotate pods with. | `{}` | +| **priorityClassName** | Optional class to specify priority for pods | `""` | - In the case that **serviceAccount.create** is `false` and **rbac.create** is `true` it is expected for a service account with the name **serviceAccount.name** to exist _in the same namespace as this chart_ before installation. diff --git a/stable/sealed-secrets/templates/deployment.yaml b/stable/sealed-secrets/templates/deployment.yaml index 7c0452c3b228..a0458d111c44 100644 --- a/stable/sealed-secrets/templates/deployment.yaml +++ b/stable/sealed-secrets/templates/deployment.yaml @@ -25,6 +25,9 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} spec: serviceAccountName: {{ template "sealed-secrets.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} containers: - name: {{ template "sealed-secrets.fullname" . }} command: diff --git a/stable/sealed-secrets/values.yaml b/stable/sealed-secrets/values.yaml index ee6719bb9b34..52f2a4183306 100644 --- a/stable/sealed-secrets/values.yaml +++ b/stable/sealed-secrets/values.yaml @@ -52,3 +52,5 @@ securityContext: runAsUser: 1001 podAnnotations: {} + +priorityClassName: "" From 0b12d78dad48d8659fa6db8d40ab399bb35f741f Mon Sep 17 00:00:00 2001 From: David vonThenen <12752197+dvonthenen@users.noreply.github.com> Date: Tue, 11 Feb 2020 13:46:08 -0800 Subject: [PATCH 103/304] Improved Security for vSphere CPI (#20612) Update readme Signed-off-by: dvonthenen Maintain default for backwards compatibility update readme with new default Update app version Update doc link Signed-off-by: dvonthenen --- stable/vsphere-cpi/Chart.yaml | 4 +- stable/vsphere-cpi/README.md | 25 ++++++---- stable/vsphere-cpi/templates/common.yaml | 2 +- stable/vsphere-cpi/templates/configmap.yaml | 4 +- stable/vsphere-cpi/templates/daemonset.yaml | 15 +++++- stable/vsphere-cpi/templates/ingress.yaml | 2 +- .../templates/podsecuritypolicy.yaml | 46 +++++++++++++++++++ .../vsphere-cpi/templates/role-binding.yaml | 6 +-- stable/vsphere-cpi/templates/secret.yaml | 2 +- .../templates/service-account.yaml | 2 +- stable/vsphere-cpi/templates/service.yaml | 2 +- stable/vsphere-cpi/values.yaml | 26 ++++++++++- 12 files changed, 114 insertions(+), 22 deletions(-) create mode 100644 stable/vsphere-cpi/templates/podsecuritypolicy.yaml diff --git a/stable/vsphere-cpi/Chart.yaml b/stable/vsphere-cpi/Chart.yaml index b6252ba439fa..a159c8f0f829 100644 --- a/stable/vsphere-cpi/Chart.yaml +++ b/stable/vsphere-cpi/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 1.0.0 +appVersion: 1.1.0 description: A Helm chart for vSphere Cloud Provider Interface Manager (CPI) name: vsphere-cpi -version: 0.1.2 +version: 0.1.3 keywords: - vsphere - vmware diff --git a/stable/vsphere-cpi/README.md b/stable/vsphere-cpi/README.md index cfb2d5f4ecbb..26a2fc01970e 100644 --- a/stable/vsphere-cpi/README.md +++ b/stable/vsphere-cpi/README.md @@ -23,15 +23,15 @@ $ helm repo update Then to install this chart and by providing vCenter information/credentials, run the following command: ```bash -$ helm install vsphere-cpi stable/vsphere-cpi --set config.enabled=true --set config.vcenter= --set config.username= --set config.password= --set config.datacenter= +$ helm install vsphere-cpi stable/vsphere-cpi --namespace kube-system --set config.enabled=true --set config.vcenter= --set config.username= --set config.password= --set config.datacenter= ``` > **Tip**: List all releases using `helm list --all` -If you want to provide your own `vsphere.conf` and Kubernetes secret `vsphere-cpi` in the `kube-system` namespace (for example, to handle multple datacenters/vCenters or for using zones), you can learn more about the `vsphere.conf` and `vsphere-cpi` secret by reading the following [documentation](https://github.com/kubernetes/cloud-provider-vsphere/blob/master/docs/book/tutorials/kubernetes-on-vsphere-with-kubeadm.md) and then running the following command: +If you want to provide your own `vsphere.conf` and Kubernetes secret `vsphere-cpi` (for example, to handle multple datacenters/vCenters or for using zones), you can learn more about the `vsphere.conf` and `vsphere-cpi` secret by reading the following [documentation](https://cloud-provider-vsphere.sigs.k8s.io/tutorials/kubernetes-on-vsphere-with-kubeadm.html) and then running the following command: ```bash -$ helm install vsphere-cpi stable/vsphere-cpi +$ helm install vsphere-cpi stable/vsphere-cpi --namespace kube-system ``` ## Installing the Chart using Helm 2.X @@ -39,13 +39,13 @@ $ helm install vsphere-cpi stable/vsphere-cpi To install this chart with the release name `vsphere-cpi` and by providing a vCenter information/credentials, run the following command: ```bash -$ helm install stable/vsphere-cpi --name vsphere-cpi --set config.enabled=true --set config.vcenter= --set config.username= --set config.password= --set config.datacenter= +$ helm install stable/vsphere-cpi --name vsphere-cpi --namespace kube-system --set config.enabled=true --set config.vcenter= --set config.username= --set config.password= --set config.datacenter= ``` -If you provide your own `vsphere.conf` and Kubernetes secret `vsphere-cpi` in the `kube-system` namespace, then deploy the chart running the following command: +If you provide your own `vsphere.conf` and Kubernetes secret `vsphere-cpi`, then deploy the chart running the following command: ```bash -$ helm install stable/vsphere-cpi --name vsphere-cpi +$ helm install stable/vsphere-cpi --name vsphere-cpi --namespace kube-system ``` ## Uninstalling the Chart @@ -53,12 +53,12 @@ $ helm install stable/vsphere-cpi --name vsphere-cpi To uninstall/delete the `vsphere-cpi` deployment: ```bash -$ helm delete vsphere-cpi +$ helm delete vsphere-cpi --namespace kube-system ``` The command removes all the Kubernetes components associated with the chart and deletes the release. -> **Tip**: To permanently remove the release using Helm v2.X, run `helm delete --purge vsphere-cpi` +> **Tip**: To permanently remove the release using Helm v2.X, run `helm delete --purge vsphere-cpi --namespace kube-system` ## Configuration @@ -66,6 +66,13 @@ The following table lists the configurable parameters of the vSphere CPI chart a | Parameter | Description | Default | |------------------------------------------|-------------------------------------|----------------------------------------| +| `podSecurityPolicy.enabled` | Enable pod sec policy (k8s > 1.17) | false | +| `podSecurityPolicy.annotations` | Annotations for pd sec policy | nil | +| `securityContext.enabled` | Enable sec context for container | false | +| `securityContext.runAsUser` | RunAsUser. Default is `nobody` in | 65534 | +| | distroless image | | +| `securityContext.fsGroup` | FsGroup. Default is `nobody` in | 65534 | +| | distroless image | | | `config.enabled` | Create a simple single VC config | false | | `config.vcenter` | FQDN or IP of vCenter | vcenter.local | | `config.username` | vCenter username | user | @@ -87,6 +94,8 @@ The following table lists the configurable parameters of the vSphere CPI chart a | `daemonset.resources` | Node resources | `[]` | | `daemonset.podAnnotations` | Annotations for CPI pod | nil | | `daemonset.podLabels` | Labels for CPI pod | nil | +| `daemonset.nodeSelector` | User-defined node selectors | nil | +| `daemonset.tolerations` | User-defined tolerations | nil | | `service.enabled` | Enabled the CPI API endpoint | false | | `service.annotations` | Annotations for API service | nil | | `service.type` | Service type | ClusterIP | diff --git a/stable/vsphere-cpi/templates/common.yaml b/stable/vsphere-cpi/templates/common.yaml index ae4d3a95d074..595b3356222f 100644 --- a/stable/vsphere-cpi/templates/common.yaml +++ b/stable/vsphere-cpi/templates/common.yaml @@ -9,6 +9,6 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} data: api.binding: "{{ template "api.binding" . }}" diff --git a/stable/vsphere-cpi/templates/configmap.yaml b/stable/vsphere-cpi/templates/configmap.yaml index f00503444389..af16ebacf048 100644 --- a/stable/vsphere-cpi/templates/configmap.yaml +++ b/stable/vsphere-cpi/templates/configmap.yaml @@ -10,7 +10,7 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} data: vsphere.conf: | [Global] @@ -19,7 +19,7 @@ data: insecure-flag = "1" #set to 1 if the vCenter uses a self-signed cert # settings for using k8s secret secret-name = "vsphere-cpi" - secret-namespace = "kube-system" + secret-namespace = "{{ .Release.Namespace }}" [VirtualCenter "{{ .Values.config.vcenter }}"] datacenters = "{{ .Values.config.datacenter }}" diff --git a/stable/vsphere-cpi/templates/daemonset.yaml b/stable/vsphere-cpi/templates/daemonset.yaml index 348341b93d71..6049fe9e1022 100644 --- a/stable/vsphere-cpi/templates/daemonset.yaml +++ b/stable/vsphere-cpi/templates/daemonset.yaml @@ -9,7 +9,7 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} {{- if .Values.daemonset.annotations }} annotations: {{ toYaml .Values.daemonset.annotations | indent 4 }} @@ -36,15 +36,28 @@ spec: {{- end }} spec: nodeSelector: +{{- if .Values.daemonset.nodeSelector }} +{{ toYaml .Values.daemonset.nodeSelector | indent 8 }} +{{- else }} node-role.kubernetes.io/master: "" +{{- end }} securityContext: runAsUser: 0 tolerations: +{{- if .Values.daemonset.tolerations }} +{{ toYaml .Values.daemonset.tolerations | indent 8 }} +{{- else }} - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - key: node-role.kubernetes.io/master effect: NoSchedule + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- if .Values.daemonset.useHostNetwork }} hostNetwork: true diff --git a/stable/vsphere-cpi/templates/ingress.yaml b/stable/vsphere-cpi/templates/ingress.yaml index 69869b9ca709..94b2abb33d4d 100644 --- a/stable/vsphere-cpi/templates/ingress.yaml +++ b/stable/vsphere-cpi/templates/ingress.yaml @@ -11,7 +11,7 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} {{- if .Values.ingress.annotations }} annotations: {{ toYaml .Values.ingress.annotations | indent 4 }} diff --git a/stable/vsphere-cpi/templates/podsecuritypolicy.yaml b/stable/vsphere-cpi/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000000..380ddf694497 --- /dev/null +++ b/stable/vsphere-cpi/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "cpi.name" . }} + labels: + app: {{ template "cpi.name" . }} + component: cloud-controller + release: {{ .Release.Name }} + vsphere-cpi-infra: pod-security-policy +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + allowPrivilegeEscalation: false + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'emptyDir' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.securityContext.runAsUser }} + max: {{ .Values.securityContext.runAsUser }} + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: {{ .Values.securityContext.runAsUser }} + max: {{ .Values.securityContext.runAsUser }} + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL +{{- end }} \ No newline at end of file diff --git a/stable/vsphere-cpi/templates/role-binding.yaml b/stable/vsphere-cpi/templates/role-binding.yaml index ba24bd13560f..3484afe27e30 100644 --- a/stable/vsphere-cpi/templates/role-binding.yaml +++ b/stable/vsphere-cpi/templates/role-binding.yaml @@ -14,7 +14,7 @@ items: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -23,7 +23,7 @@ items: - apiGroup: "" kind: ServiceAccount name: {{ .Values.serviceAccount.name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} - apiGroup: "" kind: User name: {{ .Values.serviceAccount.name }} @@ -45,7 +45,7 @@ items: subjects: - kind: ServiceAccount name: {{ .Values.serviceAccount.name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} - kind: User name: {{ .Values.serviceAccount.name }} {{- end -}} \ No newline at end of file diff --git a/stable/vsphere-cpi/templates/secret.yaml b/stable/vsphere-cpi/templates/secret.yaml index e0abc88c6f32..38f90674dc4a 100644 --- a/stable/vsphere-cpi/templates/secret.yaml +++ b/stable/vsphere-cpi/templates/secret.yaml @@ -10,7 +10,7 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} data: {{ .Values.config.vcenter }}.username: {{ .Values.config.username | b64enc }} {{ .Values.config.vcenter }}.password: {{ .Values.config.password | b64enc }} diff --git a/stable/vsphere-cpi/templates/service-account.yaml b/stable/vsphere-cpi/templates/service-account.yaml index 98fdc84cc0c4..41f3c65f8ec3 100644 --- a/stable/vsphere-cpi/templates/service-account.yaml +++ b/stable/vsphere-cpi/templates/service-account.yaml @@ -10,5 +10,5 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} {{- end -}} \ No newline at end of file diff --git a/stable/vsphere-cpi/templates/service.yaml b/stable/vsphere-cpi/templates/service.yaml index 9982d81822dd..baf8d4e1f826 100644 --- a/stable/vsphere-cpi/templates/service.yaml +++ b/stable/vsphere-cpi/templates/service.yaml @@ -10,7 +10,7 @@ metadata: component: cloud-controller heritage: {{ .Release.Service }} release: {{ .Release.Name }} - namespace: kube-system + namespace: {{ .Release.Namespace }} {{- if .Values.service.annotations }} annotations: {{ toYaml .Values.service.annotations | indent 4 }} diff --git a/stable/vsphere-cpi/values.yaml b/stable/vsphere-cpi/values.yaml index e6c3c0407ccc..d09e983719ee 100644 --- a/stable/vsphere-cpi/values.yaml +++ b/stable/vsphere-cpi/values.yaml @@ -9,6 +9,26 @@ config: password: "pass" datacenter: "dc" +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + annotations: {} + # Specify pod annotations + # Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + # Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + # Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + # + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + +# Run containers to have security context. Default is 'nobody' (65534/65534) in distroless +securityContext: + enabled: false + runAsUser: 65534 + fsGroup: 65534 + rbac: # Specifies whether RBAC resources should be created create: true @@ -22,7 +42,7 @@ serviceAccount: daemonset: annotations: {} image: gcr.io/cloud-provider-vsphere/cpi/release/manager - tag: v1.0.0 + tag: v1.1.0 pullPolicy: IfNotPresent dnsPolicy: ClusterFirst cmdline: @@ -44,6 +64,10 @@ daemonset: ## Additional pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} + ## Allows for the default selector to be replaced with user-defined ones + nodeSelector: {} + ## Allows for the default tolerations to be replaced with user-defined ones + tolerations: [] service: enabled: false From 2d4ccf5e3448e5ea3a71654a43b12d9a0b51bf1f Mon Sep 17 00:00:00 2001 From: Bradley Massey Date: Tue, 11 Feb 2020 23:00:11 +0100 Subject: [PATCH 104/304] [stable/anchore-engine] added default admin password helper (#20524) * [stable/anchore-engine] added default admin password helper Signed-off-by: Bradley Massey * [stable/anchore-engine] bump chart version Signed-off-by: Bradley Massey --- stable/anchore-engine/Chart.yaml | 2 +- stable/anchore-engine/templates/_helpers.tpl | 11 +++++++++++ stable/anchore-engine/templates/api_deployment.yaml | 5 +++++ stable/anchore-engine/templates/secrets.yaml | 2 +- 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml index 8a9925fd2499..853ab67717a6 100644 --- a/stable/anchore-engine/Chart.yaml +++ b/stable/anchore-engine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: anchore-engine -version: 1.4.2 +version: 1.4.3 appVersion: 0.6.1 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/stable/anchore-engine/templates/_helpers.tpl b/stable/anchore-engine/templates/_helpers.tpl index 4556d6d0ec2b..1f67839286c2 100755 --- a/stable/anchore-engine/templates/_helpers.tpl +++ b/stable/anchore-engine/templates/_helpers.tpl @@ -128,3 +128,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- define "redis.fullname" -}} {{- printf "%s-%s" .Release.Name "anchore-ui-redis" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Return Anchore Engine default admin password +*/}} +{{- define "anchore-engine.defaultAdminPassword" -}} +{{- if .Values.anchoreGlobal.defaultAdminPassword }} + {{- .Values.anchoreGlobal.defaultAdminPassword -}} +{{- else -}} + {{- randAlphaNum 32 -}} +{{- end -}} +{{- end -}} diff --git a/stable/anchore-engine/templates/api_deployment.yaml b/stable/anchore-engine/templates/api_deployment.yaml index 54039c25959f..33042cfe569f 100644 --- a/stable/anchore-engine/templates/api_deployment.yaml +++ b/stable/anchore-engine/templates/api_deployment.yaml @@ -81,6 +81,11 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: ANCHORE_CLI_PASS + valueFrom: + secretKeyRef: + name: {{ include "anchore-engine.fullname" . }} + key: ANCHORE_ADMIN_PASSWORD ports: - containerPort: {{ .Values.anchoreApi.service.port }} name: external-api diff --git a/stable/anchore-engine/templates/secrets.yaml b/stable/anchore-engine/templates/secrets.yaml index 4e2c34144738..5bfee1c0e7e0 100644 --- a/stable/anchore-engine/templates/secrets.yaml +++ b/stable/anchore-engine/templates/secrets.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} type: Opaque stringData: - ANCHORE_ADMIN_PASSWORD: {{ .Values.anchoreGlobal.defaultAdminPassword | quote }} + ANCHORE_ADMIN_PASSWORD: {{ include "anchore-engine.defaultAdminPassword" . | quote }} ANCHORE_DB_PASSWORD: {{ index .Values "postgresql" "postgresPassword" | quote }} {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }} .feedsDbPassword: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }} From c244f9aefda0c01a079d507d17899df85f6df4e5 Mon Sep 17 00:00:00 2001 From: Igor Belikov Date: Tue, 11 Feb 2020 23:42:08 +0100 Subject: [PATCH 105/304] [stable/opa] Add affinity settings to OPA deployment (#20628) Signed-off-by: Igor Belikov --- stable/opa/Chart.yaml | 2 +- stable/opa/README.md | 1 + stable/opa/templates/deployment.yaml | 2 ++ stable/opa/values.yaml | 24 ++++++++++++++++++++---- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/stable/opa/Chart.yaml b/stable/opa/Chart.yaml index e54874543675..a982e79899b5 100644 --- a/stable/opa/Chart.yaml +++ b/stable/opa/Chart.yaml @@ -6,7 +6,7 @@ keywords: - opa - admission control - policy -version: 1.13.3 +version: 1.13.4 home: https://www.openpolicyagent.org icon: https://raw.githubusercontent.com/open-policy-agent/opa/master/logo/logo.png sources: diff --git a/stable/opa/README.md b/stable/opa/README.md index 95ce331cdaff..f209b45a1221 100644 --- a/stable/opa/README.md +++ b/stable/opa/README.md @@ -75,6 +75,7 @@ Reference](https://www.openpolicyagent.org/docs/configuration.html). | `logLevel` | Log level that OPA outputs at, (`debug`, `info` or `error`) | `info` | | `logFormat` | Log format that OPA produces (`text` or `json`) | `text` | | `replicas` | Number of admission controller replicas to deploy. | `1` | +| `affinity` | Pod/Node affinity and anti-affinity | `{}` | | `tolerations` | List of node taint tolerations. | `[]` | | `nodeSelector` | Node labels for pod assignment. | `{}` | | `resources` | CPU and memory limits for OPA container. | `{}` | diff --git a/stable/opa/templates/deployment.yaml b/stable/opa/templates/deployment.yaml index 8fc7246fdbc2..4c00ea4e24ee 100644 --- a/stable/opa/templates/deployment.yaml +++ b/stable/opa/templates/deployment.yaml @@ -188,6 +188,8 @@ spec: - name: bootstrap emptyDir: {} {{- end }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} tolerations: diff --git a/stable/opa/values.yaml b/stable/opa/values.yaml index 8c466ab87a6f..b8d764fb1689 100644 --- a/stable/opa/values.yaml +++ b/stable/opa/values.yaml @@ -146,11 +146,27 @@ logFormat: text # or more replicas. replicas: 1 -# To control how the OPA is scheduled on the cluster, set the tolerations and -# nodeSelector values below. For example, to deploy OPA onto the master nodes: +# To control how the OPA is scheduled on the cluster, set the affinity, +# tolerations and nodeSelector values below. For example, to deploy OPA onto +# the master nodes, 1 replica per node: # -# tolerations: [{key: "node-role.kubernetes.io/master", effect: NoSchedule, operator: Exists}] -# nodeSelector: {"kubernetes.io/role": "master"} +# affinity: +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchExpressions: +# - key: "app" +# operator: In +# values: +# - opa +# topologyKey: "kubernetes.io/hostname" +# tolerations: +# - key: "node-role.kubernetes.io/master" +# effect: NoSchedule +# operator: Exists +# nodeSelector: +# kubernetes.io/role: "master" +affinity: {} tolerations: [] nodeSelector: {} From 0eefc79bfe6a7a69eaacb7489a511922d91d17d6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 12 Feb 2020 04:14:09 +0100 Subject: [PATCH 106/304] [stable/external-dns] Release 2.16.2 updating components versions (#20691) Signed-off-by: Bitnami Containers Signed-off-by: Sameer Naik --- stable/external-dns/Chart.yaml | 4 ++-- stable/external-dns/values-production.yaml | 2 +- stable/external-dns/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index e6f45f557ca1..41f21c51f9ed 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: external-dns -version: 2.16.2 -appVersion: 0.5.18 +version: 2.16.3 +appVersion: 0.6.0 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: - external-dns diff --git a/stable/external-dns/values-production.yaml b/stable/external-dns/values-production.yaml index dd2c6ae477b3..20a572177a0c 100644 --- a/stable/external-dns/values-production.yaml +++ b/stable/external-dns/values-production.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/external-dns - tag: 0.5.18-debian-10-r0 + tag: 0.6.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index bcaa69a37676..7a517291d921 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/external-dns - tag: 0.5.18-debian-10-r0 + tag: 0.6.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 8491cc0069147ee29454a8b5af20d7a3bf94540f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 12 Feb 2020 04:30:09 +0100 Subject: [PATCH 107/304] [stable/suitecrm] Release 8.0.6 updating components versions (#20694) Signed-off-by: Bitnami Containers Signed-off-by: Sameer Naik --- stable/suitecrm/Chart.yaml | 4 ++-- stable/suitecrm/requirements.lock | 4 ++-- stable/suitecrm/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index b34d4193b237..12a89dd9e019 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: suitecrm -version: 8.0.5 -appVersion: 7.11.10 +version: 8.0.6 +appVersion: 7.11.11 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: - suitecrm diff --git a/stable/suitecrm/requirements.lock b/stable/suitecrm/requirements.lock index 1f4a40f2ebb0..37ab5c5e43aa 100644 --- a/stable/suitecrm/requirements.lock +++ b/stable/suitecrm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.9 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T11:25:03.8088886Z +generated: "2020-02-12T08:53:14.633374699+05:30" diff --git a/stable/suitecrm/values.yaml b/stable/suitecrm/values.yaml index eae6de5a1845..a540fdf0524e 100644 --- a/stable/suitecrm/values.yaml +++ b/stable/suitecrm/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/suitecrm - tag: 7.11.10-debian-10-r0 + tag: 7.11.11-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -267,7 +267,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r14 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 42014f54f3bebdfdb2cc335755a24b454e3fdc05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Wed, 12 Feb 2020 06:14:07 +0100 Subject: [PATCH 108/304] [stable/elasticsearch-exporter] Allow PrometheusRules to be templated. (#20322) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also fix README to add missing desaintmartin OWNER. Signed-off-by: Cédric de Saint Martin --- stable/elasticsearch-exporter/Chart.yaml | 4 +++- stable/elasticsearch-exporter/README.md | 14 +++++++++++++- .../templates/prometheusrule.yaml | 18 +++++++++--------- stable/elasticsearch-exporter/values.yaml | 17 ++++++++++------- 4 files changed, 35 insertions(+), 18 deletions(-) diff --git a/stable/elasticsearch-exporter/Chart.yaml b/stable/elasticsearch-exporter/Chart.yaml index 84d7fb0f8528..9558ce1911da 100644 --- a/stable/elasticsearch-exporter/Chart.yaml +++ b/stable/elasticsearch-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Elasticsearch stats exporter for Prometheus name: elasticsearch-exporter -version: 2.3.0 +version: 3.0.0 kubeVersion: ">=1.10.0-0" appVersion: 1.1.0 home: https://github.com/justwatchcom/elasticsearch_exporter @@ -16,3 +16,5 @@ maintainers: email: sven.mueller@commercetools.com - name: caarlos0 email: carlos@carlosbecker.com + - name: desaintmartin + email: cedric@desaintmartin.fr diff --git a/stable/elasticsearch-exporter/README.md b/stable/elasticsearch-exporter/README.md index 4225e84b9a25..1cd08f627d17 100644 --- a/stable/elasticsearch-exporter/README.md +++ b/stable/elasticsearch-exporter/README.md @@ -101,7 +101,7 @@ Parameter | Description | Default `prometheusRule.enabled` | If true, a PrometheusRule CRD is created for a prometheus operator | `false` `prometheusRule.namespace` | If set, the PrometheusRule will be installed in a different namespace | `""` `prometheusRule.labels` | Labels for prometheus operator | `{}` -`prometheusRule.rules` | List of Prometheus rules | `[]` +`prometheusRule.rules` | List of [PrometheusRules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -119,3 +119,15 @@ $ helm install --name my-release -f values.yaml stable/elasticsearch-exporter ``` > **Tip**: You can use the default [values.yaml](values.yaml) + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 3.0.0 + +`prometheusRule.rules` are now processed as Helm template, allowing to set variables in them. +This means that if a rule contains a {{ $value }}, Helm will try replacing it and probably fail. + +You now need to escape the rules (see `values.yaml`) for examples. diff --git a/stable/elasticsearch-exporter/templates/prometheusrule.yaml b/stable/elasticsearch-exporter/templates/prometheusrule.yaml index 62e07e057b26..59179013a03d 100644 --- a/stable/elasticsearch-exporter/templates/prometheusrule.yaml +++ b/stable/elasticsearch-exporter/templates/prometheusrule.yaml @@ -4,21 +4,21 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ template "elasticsearch-exporter.fullname" . }} - {{- if .Values.prometheusRule.namespace }} +{{- if .Values.prometheusRule.namespace }} namespace: {{ .Values.prometheusRule.namespace }} - {{- end }} +{{- end }} labels: chart: {{ template "elasticsearch-exporter.chart" . }} app: {{ template "elasticsearch-exporter.name" . }} release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" - {{- if .Values.prometheusRule.labels }} - {{- toYaml .Values.prometheusRule.labels | nindent 4 }} - {{- end }} +{{- if .Values.prometheusRule.labels }} +{{- toYaml .Values.prometheusRule.labels | nindent 4 }} +{{- end }} spec: - {{- with .Values.prometheusRule.rules }} +{{- with .Values.prometheusRule.rules }} groups: - - name: {{ template "elasticsearch-exporter.name" $ }} - rules: {{- toYaml . | nindent 4 }} - {{- end }} + - name: {{ template "elasticsearch-exporter.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} {{- end }} diff --git a/stable/elasticsearch-exporter/values.yaml b/stable/elasticsearch-exporter/values.yaml index 4c5ca779a6a4..4afdcf86a6f9 100644 --- a/stable/elasticsearch-exporter/values.yaml +++ b/stable/elasticsearch-exporter/values.yaml @@ -159,32 +159,35 @@ prometheusRule: ## If true, a PrometheusRule CRD is created for a prometheus operator ## https://github.com/coreos/prometheus-operator ## + ## The rules will be processed as Helm template, allowing to set variables in them. enabled: false # namespace: monitoring labels: {} rules: [] # - record: elasticsearch_filesystem_data_used_percent - # expr: 100 * (elasticsearch_filesystem_data_size_bytes - elasticsearch_filesystem_data_free_bytes) - # / elasticsearch_filesystem_data_size_bytes + # expr: | + # 100 * (elasticsearch_filesystem_data_size_bytes{service="{{ template "elasticsearch-exporter.fullname" . }}"} - elasticsearch_filesystem_data_free_bytes{service="{{ template "elasticsearch-exporter.fullname" . }}"}) + # / elasticsearch_filesystem_data_size_bytes{service="{{ template "elasticsearch-exporter.fullname" . }}"} # - record: elasticsearch_filesystem_data_free_percent - # expr: 100 - elasticsearch_filesystem_data_used_percent + # expr: 100 - elasticsearch_filesystem_data_used_percent{service="{{ template "elasticsearch-exporter.fullname" . }}"} # - alert: ElasticsearchTooFewNodesRunning - # expr: elasticsearch_cluster_health_number_of_nodes < 3 + # expr: elasticsearch_cluster_health_number_of_nodes{service="{{ template "elasticsearch-exporter.fullname" . }}"} < 3 # for: 5m # labels: # severity: critical # annotations: - # description: There are only {{$value}} < 3 ElasticSearch nodes running + # description: There are only {{ "{{ $value }}" }} < 3 ElasticSearch nodes running # summary: ElasticSearch running on less than 3 nodes # - alert: ElasticsearchHeapTooHigh - # expr: elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"} + # expr: | + # elasticsearch_jvm_memory_used_bytes{service="{{ template "elasticsearch-exporter.fullname" . }}", area="heap"} / elasticsearch_jvm_memory_max_bytes{service="{{ template "elasticsearch-exporter.fullname" . }}", area="heap"} # > 0.9 # for: 15m # labels: # severity: critical # annotations: # description: The heap usage is over 90% for 15m - # summary: ElasticSearch node {{$labels.node}} heap usage is high + # summary: ElasticSearch node {{ "{{ $labels.node }}" }} heap usage is high # Create a service account # To use a service account not handled by the chart, set the name here From 621872ad5e1ef29442da487a0b40274b6d72d18a Mon Sep 17 00:00:00 2001 From: Chris Barton Date: Tue, 11 Feb 2020 23:52:51 -0800 Subject: [PATCH 109/304] [stable/graylog] Enable support for listening on HTTPS (#20650) * [stable/graylog] allow master service to be disabled There are times when the master service is not needed and since it has the same configuration as the web (load balanced) service, it is difficult to create a ClusterIP master service and a LoadBalancer web service (at that point, you probably want to disable the service altogether) Signed-off-by: Chris Barton * [stable/graylog] Add headless service This allows each node in the cluster to publish their service address instead of host IP which aids if each node is serving via TLS. Signed-off-by: Chris Barton * [stable/graylog] allow ingress URL without ingress resource being enabled An ingress resource isn't strictly needed to have a FQDN resolve to the graylog server, for example GKE ILB's do not need an ingress but can have a static internal IP for DNS to point at. This opens up the option to run Graylog in TLS mode without that ingress resource Signed-off-by: Chris Barton * [stable/graylog] Bump to 1.5.6 Signed-off-by: Chris Barton --- stable/graylog/Chart.yaml | 2 +- stable/graylog/README.md | 24 +++++++++++++++-- stable/graylog/templates/_helpers.tpl | 25 +++++++++++++++-- stable/graylog/templates/configmap.yaml | 21 ++++++++++----- .../graylog/templates/headless-service.yaml | 18 +++++++++++++ stable/graylog/templates/master-service.yaml | 2 ++ stable/graylog/templates/statefulset.yaml | 13 +++++++-- stable/graylog/values.yaml | 27 +++++++++++++++++-- 8 files changed, 116 insertions(+), 16 deletions(-) create mode 100644 stable/graylog/templates/headless-service.yaml diff --git a/stable/graylog/Chart.yaml b/stable/graylog/Chart.yaml index cb39b3a85fef..77fc091626ce 100755 --- a/stable/graylog/Chart.yaml +++ b/stable/graylog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: graylog home: https://www.graylog.org -version: 1.5.5 +version: 1.5.6 appVersion: 3.1 description: Graylog is the centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. keywords: diff --git a/stable/graylog/README.md b/stable/graylog/README.md index ae654805443f..660ab695822f 100644 --- a/stable/graylog/README.md +++ b/stable/graylog/README.md @@ -103,6 +103,7 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.replicas` | The number of Graylog instances in the cluster. The chart will automatic create assign master to one of replicas | `2` | | `graylog.resources` | CPU/Memory resource requests/limits | Memory: `1024Mi`, CPU: `500m` | | `graylog.heapSize` | Override Java heap size. If this value empty, chart will allocate heapsize using `-XX:+UseCGroupMemoryLimitForHeap` | `` | +| `graylog.externalUri` | External URI that Graylog is available at | `` | | `graylog.nodeSelector` | Graylog server pod assignment | `{}` | | `graylog.affinity` | Graylog server affinity | `{}` | | `graylog.tolerations` | Graylog server tolerations | `[]` | @@ -111,8 +112,10 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.additionalJavaOpts` | Graylog service additional `JAVA_OPTS` | `` | | `graylog.service.type` | Kubernetes Service type | `ClusterIP` | | `graylog.service.port` | Graylog Service port | `9000` | +| `graylog.service.master.enabled` | If true, Graylog Master Service will be created | `true` | | `graylog.service.master.port` | Graylog Master Service port | `9000` | | `graylog.service.master.annotations` | Graylog Master Service annotations | `{}` | +| `graylog.service.headless.suffix` | If present, suffix appended to the name of the chart to form the headless service name, ie: `-headless` would result in `graylog-headless` | `` | | `graylog.podAnnotations` | Kubernetes Pod annotations | `{}` | | `graylog.terminationGracePeriodSeconds` | Pod termination grace period | `120` | | `graylog.updateStrategy` | Update Strategy of the StatefulSet | `RollingUpdate` | @@ -120,6 +123,9 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.persistence.storageClass` | Storage class of backing PVC | `nil` (uses storage class annotation) | | `graylog.persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | | `graylog.persistence.size` | Size of data volume | `10Gi` | +| `graylog.tls.enabled` | If true, Graylog will listen on HTTPS | `false` | +| `graylog.tls.keyFile` | Path to key file for HTTPS | `/etc/graylog/server/server.key` | +| `graylog.tls.certFile` | Path to crt file for HTTPS | `/etc/graylog/server/server.cert` | | `graylog.ingress.enabled` | If true, Graylog Ingress will be created | `false` | | `graylog.ingress.port` | Graylog Ingress port | `false` | | `graylog.ingress.annotations` | Graylog Ingress annotations | `{}` | @@ -187,7 +193,8 @@ Note: Name must be in IANA_SVC_NAME (at most 15 characters, matching regex [a-z0 Note: The port list should be sorted by port number. -## Input TLS +## TLS + To enable TLS on input in Graylog, you need to specify the server private key and certificate. You can add them in `graylog.serverFiles` value. For example ```yaml @@ -218,7 +225,10 @@ graylog: -----END PRIVATE KEY----- ``` -Then configure Graylog input to +### Input TLS + +The certificates will be mounted into the `/etc/graylog/server`, so Inputs (e.g. TCP/UDP) can be configured to leverage +those certificates with the following Input API configuration: | Parameter | Value | |----------------|---------------------------------| @@ -226,6 +236,16 @@ Then configure Graylog input to | tls_enable: | true | | tls_key_file: | /etc/graylog/server/server.key | +### Web HTTPS + +Graylog can be autoconfigured to run in HTTPS mode when provided certificates by setting the `graylog.tls.enabled` value to `true`. + +If the certificates are different than those provided above (different hostname for example), then the web-specific +certificates can be added to `graylog.serverFiles` and you can configure the `graylog.tls.certPath` and `graylog.tls.keyPath` to match. + +Each Graylog node coordinates with each other through the DNS entry exposed via the headless service, so when generating +the certificates, be sure to include a SAN entry for `*.graylog[-]..cluster.local` (or your configured FQDN). + ## Get Graylog status You can get your Graylog status by running the command diff --git a/stable/graylog/templates/_helpers.tpl b/stable/graylog/templates/_helpers.tpl index 00dd62ccf42a..6a7c9a32b4cb 100644 --- a/stable/graylog/templates/_helpers.tpl +++ b/stable/graylog/templates/_helpers.tpl @@ -37,12 +37,33 @@ Create the name of the service account to use {{- end -}} {{- end -}} +{{/* +Create the name of the headless service +*/}} +{{- define "graylog.service.headless.name" }} +{{- printf "%s-%s" (include "graylog.fullname" .) .Values.graylog.service.headless.suffix | trimSuffix "-" -}} +{{- end -}} + +{{/* +Craft url taking into account the TLS settings of the server +*/}} +{{- define "graylog.formatUrl" -}} +{{- $env := index . 0 }} +{{- $url := index . 1 }} +{{- if $env.Values.graylog.tls.enabled }} +{{- printf "https://%s" $url }} +{{- else }} +{{- printf "http://%s" $url }} +{{- end -}} +{{- end -}} {{/* -Print Host URL +Print external URI */}} {{- define "graylog.url" -}} -{{- if .Values.graylog.ingress.enabled }} +{{- if .Values.graylog.externalUri }} +{{- include "graylog.formatUrl" (list . .Values.graylog.externalUri) }} +{{- else if .Values.graylog.ingress.enabled }} {{- if .Values.graylog.ingress.tls }} {{- range .Values.graylog.ingress.tls }}{{ range .hosts }}https://{{ . }}{{ end }}{{ end }} {{- else }} diff --git a/stable/graylog/templates/configmap.yaml b/stable/graylog/templates/configmap.yaml index 850de8ad279c..2630b6b137ff 100644 --- a/stable/graylog/templates/configmap.yaml +++ b/stable/graylog/templates/configmap.yaml @@ -76,16 +76,22 @@ data: root_email = {{ .Values.graylog.rootEmail }} root_timezone = {{ default "UTC" .Values.graylog.rootTimezone }} plugin_dir = /usr/share/graylog/plugin + {{- $externalUri := include "graylog.url" . }} {{- if contains ":2" .Values.graylog.image.repository }} rest_listen_uri = http://0.0.0.0:9000/api/ web_listen_uri = http://0.0.0.0:9000/ - {{- if .Values.graylog.ingress.enabled }} - web_endpoint_uri = {{ template "graylog.url" .}}/api + {{- if $externalUri }} + web_endpoint_uri = {{ $externalUri }}/api {{- end }} {{- else }} http_bind_address = 0.0.0.0:9000 - {{- if .Values.graylog.ingress.enabled }} - http_external_uri = {{ template "graylog.url" .}}/ + {{- if .Values.graylog.tls.enabled }} + http_enable_tls = true + http_tls_cert_file = {{ .Values.graylog.tls.certFile }} + http_tls_key_file = {{ .Values.graylog.tls.keyFile }} + {{- end }} + {{- if $externalUri }} + http_external_uri = {{ $externalUri }}/ {{- end }} {{- end }} elasticsearch_hosts = {{ template "graylog.elasticsearch.hosts" . }} @@ -121,8 +127,8 @@ data: transport_email_auth_password = {{ default .Values.graylog.transportEmail.authPassword }} transport_email_subject_prefix = {{ default .Values.graylog.transportEmail.subjectPrefix }} transport_email_from_email = {{ default .Values.graylog.transportEmail.fromEmail }} - {{- if .Values.graylog.ingress.enabled }} - transport_email_web_interface_url = {{ template "graylog.url" .}} + {{- if $externalUri }} + transport_email_web_interface_url = {{ $externalUri }} {{- end }} content_packs_dir = /usr/share/graylog/data/contentpacks content_packs_auto_load = grok-patterns.json @@ -133,8 +139,9 @@ data: entrypoint.sh: |- #!/usr/bin/env bash + export GRAYLOG_HTTP_PUBLISH_URI="{{ template "graylog.formatUrl" (list . "$(hostname -f):9000/") }}" + GRAYLOG_HOME=/usr/share/graylog - MASTER_NAME="{{ template "graylog.fullname" . }}-master.{{ .Release.Namespace }}.svc.cluster.local" # Looking for Master IP MASTER_IP=`/k8s/kubectl --namespace {{ .Release.Namespace }} get pod -o jsonpath='{range .items[*]}{.metadata.name} {.status.podIP}{"\n"}{end}' -l graylog-role=master --field-selector=status.phase=Running|awk '{print $2}'` SELF_IP=`/k8s/kubectl --namespace {{ .Release.Namespace }} get pod $HOSTNAME -o jsonpath='{.status.podIP}'` diff --git a/stable/graylog/templates/headless-service.yaml b/stable/graylog/templates/headless-service.yaml new file mode 100644 index 000000000000..f13075bce421 --- /dev/null +++ b/stable/graylog/templates/headless-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "graylog.service.headless.name" . }} + labels: +{{ include "graylog.metadataLabels" . | indent 4 }} + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + ports: + - name: graylog + port: 9000 + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: {{ template "graylog.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" diff --git a/stable/graylog/templates/master-service.yaml b/stable/graylog/templates/master-service.yaml index 1adee25e2dc4..d02b321b92bd 100644 --- a/stable/graylog/templates/master-service.yaml +++ b/stable/graylog/templates/master-service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.graylog.service.master.enabled }} apiVersion: v1 kind: Service metadata: @@ -49,3 +50,4 @@ spec: {{- end }} {{- end -}} {{- end -}} +{{- end -}} diff --git a/stable/graylog/templates/statefulset.yaml b/stable/graylog/templates/statefulset.yaml index 9d534f3369c1..58e7288fcbc9 100644 --- a/stable/graylog/templates/statefulset.yaml +++ b/stable/graylog/templates/statefulset.yaml @@ -5,7 +5,7 @@ metadata: labels: {{ include "graylog.metadataLabels" . | indent 4 }} spec: - serviceName: {{ template "graylog.fullname" . }} + serviceName: {{ template "graylog.service.headless.name" . }} replicas: {{ .Values.graylog.replicas }} selector: matchLabels: @@ -131,6 +131,9 @@ spec: httpGet: path: /api/system/lbstatus port: 9000 + {{- if .Values.graylog.tls.enabled }} + scheme: HTTPS + {{- end }} initialDelaySeconds: 120 periodSeconds: 30 failureThreshold: 3 @@ -140,6 +143,9 @@ spec: httpGet: path: /api/system/lbstatus port: 9000 + {{- if .Values.graylog.tls.enabled }} + scheme: HTTPS + {{- end }} initialDelaySeconds: 60 periodSeconds: 10 failureThreshold: 3 @@ -169,7 +175,10 @@ spec: - bash - -ec - | - curl -XPOST -sS -u "{{ .Values.graylog.rootUsername }}:${GRAYLOG_PASSWORD_SECRET}" -H "X-Requested-By: {{ template "graylog.fullname" . }}" "localhost:9000/api/system/shutdown/shutdown" + curl {{ if .Values.graylog.tls.enabled }}-k{{ end }} -XPOST -sS \ + -u "{{ .Values.graylog.rootUsername }}:${GRAYLOG_PASSWORD_SECRET}" \ + -H "X-Requested-By: {{ template "graylog.fullname" . }}" \ + {{ template "graylog.formatUrl" (list . "localhost:9000/api/system/shutdown/shutdown") }} terminationGracePeriodSeconds: {{ default 30 .Values.graylog.terminationGracePeriodSeconds }} volumes: - name: config diff --git a/stable/graylog/values.yaml b/stable/graylog/values.yaml index 7f15587cd0a4..f7763351b0bd 100644 --- a/stable/graylog/values.yaml +++ b/stable/graylog/values.yaml @@ -128,7 +128,15 @@ graylog: type: ClusterIP port: 9000 + headless: + ## Add suffix to headless service name + ## + suffix: "" + master: + ## Enable Graylog master service + ## + enabled: true ## Graylog master service Ingress annotations ## annotations: {} @@ -155,6 +163,21 @@ graylog: # - name: syslog # port: 12222 + tls: + ## If true, Graylog server will run with TLS enabled + ## + enabled: false + ## TLS certificate key file + ## + keyFile: /etc/graylog/server/server.key + ## TLS certificate file + ## + certFile: /etc/graylog/server/server.cert + + ## External URL to access Graylog at + ## + externalUri: "" + ingress: ## If true, Graylog server Ingress will be created ## @@ -302,8 +325,8 @@ graylog: ## For example, you can put server certificates or authorized clients certificates here ## serverFiles: {} - # graylog-server.key: | - # graylog-server.cert: | + # server.key: | + # server.cert: | ## Specify a Bash script to run as Kubernetes Job (running on Alpine with curl and bash packages already installed). ## Useful for calling the API to pre-configure some aspect of Graylog, as in the example. From 49eaa74bfe7eb379b6088798a99605756507a665 Mon Sep 17 00:00:00 2001 From: Ivan Kurnosov Date: Wed, 12 Feb 2020 23:08:52 +1300 Subject: [PATCH 110/304] [stable/redis] added PV selectors (#20652) Signed-off-by: Ivan Kurnosov --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 4 ++++ .../templates/redis-master-statefulset.yaml | 9 +++++++++ .../redis/templates/redis-slave-statefulset.yaml | 9 +++++++++ stable/redis/values-production.yaml | 8 ++++++++ stable/redis/values.schema.json | 16 ++++++++++++++++ stable/redis/values.yaml | 8 ++++++++ 7 files changed, 55 insertions(+), 1 deletion(-) mode change 100644 => 100755 stable/redis/templates/redis-master-statefulset.yaml mode change 100644 => 100755 stable/redis/templates/redis-slave-statefulset.yaml diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 47944e22424a..401d8ee768a8 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.4.4 +version: 10.5.0 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index ee60a01eb362..743b976ce32a 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -118,6 +118,8 @@ The following table lists the configurable parameters of the Redis chart and the | `master.persistence.storageClass` | Storage class of backing PVC | `generic` | | `master.persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` | | `master.persistence.size` | Size of data volume | `8Gi` | +| `master.persistence.matchLabels` | matchLabels persistent volume selector | `{}` | +| `master.persistence.matchExpressions` | matchExpressions persistent volume selector | `{}` | | `master.statefulset.updateStrategy` | Update strategy for StatefulSet | onDelete | | `master.statefulset.rollingUpdatePartition` | Partition update strategy | `nil` | | `master.podLabels` | Additional labels for Redis master pod | {} | @@ -187,6 +189,8 @@ The following table lists the configurable parameters of the Redis chart and the | `slave.persistence.storageClass` | Storage class of backing PVC | `generic` | | `slave.persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]` | | `slave.persistence.size` | Size of data volume | `8Gi` | +| `slave.persistence.matchLabels` | matchLabels persistent volume selector | `{}` | +| `slave.persistence.matchExpressions` | matchExpressions persistent volume selector | `{}` | | `slave.statefulset.updateStrategy` | Update strategy for StatefulSet | onDelete | | `slave.statefulset.rollingUpdatePartition` | Partition update strategy | `nil` | | `slave.podLabels` | Additional labels for Redis slave pod | `master.podLabels` | diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml old mode 100644 new mode 100755 index 3c2f183d27b8..b61c5391da76 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -397,6 +397,15 @@ spec: requests: storage: {{ .Values.master.persistence.size | quote }} {{ include "redis.master.storageClass" . }} + selector: + {{- if .Values.master.persistence.matchLabels }} + matchLabels: +{{ toYaml .Values.master.persistence.matchLabels | indent 12 }} + {{- end -}} + {{- if .Values.master.persistence.matchExpressions }} + matchExpressions: +{{ toYaml .Values.master.persistence.matchExpressions | indent 12 }} + {{- end -}} {{- end }} updateStrategy: type: {{ .Values.master.statefulset.updateStrategy }} diff --git a/stable/redis/templates/redis-slave-statefulset.yaml b/stable/redis/templates/redis-slave-statefulset.yaml old mode 100644 new mode 100755 index f28c545238fb..d5a8db561595 --- a/stable/redis/templates/redis-slave-statefulset.yaml +++ b/stable/redis/templates/redis-slave-statefulset.yaml @@ -414,6 +414,15 @@ spec: requests: storage: {{ .Values.slave.persistence.size | quote }} {{ include "redis.slave.storageClass" . }} + selector: + {{- if .Values.slave.persistence.matchLabels }} + matchLabels: +{{ toYaml .Values.slave.persistence.matchLabels | indent 12 }} + {{- end -}} + {{- if .Values.slave.persistence.matchExpressions }} + matchExpressions: +{{ toYaml .Values.slave.persistence.matchExpressions | indent 12 }} + {{- end -}} {{- end }} updateStrategy: type: {{ .Values.slave.statefulset.updateStrategy }} diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index 97f3ccb732ec..cb5a785178ff 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -335,6 +335,10 @@ master: accessModes: - ReadWriteOnce size: 8Gi + ## Persistent Volume selectors + ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + matchLabels: {} + matchExpressions: {} ## Update strategy, can be set to RollingUpdate or onDelete by default. ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets @@ -455,6 +459,10 @@ slave: accessModes: - ReadWriteOnce size: 8Gi + ## Persistent Volume selectors + ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + matchLabels: {} + matchExpressions: {} ## Update strategy, can be set to RollingUpdate or onDelete by default. ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets diff --git a/stable/redis/values.schema.json b/stable/redis/values.schema.json index 0c910117ba69..2138e451e424 100644 --- a/stable/redis/values.schema.json +++ b/stable/redis/values.schema.json @@ -67,6 +67,14 @@ "condition": false, "value": "master.persistence.enabled" } + }, + "matchLabels": { + "type": "object", + "title": "Persistent Match Labels Selector" + }, + "matchExpressions": { + "type": "object", + "title": "Persistent Match Expressions Selector" } } } @@ -104,6 +112,14 @@ "condition": false, "value": "slave.persistence.enabled" } + }, + "matchLabels": { + "type": "object", + "title": "Persistent Match Labels Selector" + }, + "matchExpressions": { + "type": "object", + "title": "Persistent Match Expressions Selector" } } } diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index e6926f5d8d08..67d37ce73ba1 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -335,6 +335,10 @@ master: accessModes: - ReadWriteOnce size: 8Gi + ## Persistent Volume selectors + ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + matchLabels: {} + matchExpressions: {} ## Update strategy, can be set to RollingUpdate or onDelete by default. ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets @@ -455,6 +459,10 @@ slave: accessModes: - ReadWriteOnce size: 8Gi + ## Persistent Volume selectors + ## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector + matchLabels: {} + matchExpressions: {} ## Update strategy, can be set to RollingUpdate or onDelete by default. ## https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets From 5027a336422c4acffe0c142f32438aea96cef89d Mon Sep 17 00:00:00 2001 From: Danylo Hetmantsev <42934251+danylohetmantsev@users.noreply.github.com> Date: Wed, 12 Feb 2020 12:14:52 +0200 Subject: [PATCH 111/304] [stable/fluent-bit] Add tag to kubernetes-audit in fluent-bit chart. (#20583) * Add tag to kubernetes-audit in fluent-bit chart. Signed-off-by: Danylo Hetmantsev * Bump chart version. Signed-off-by: Danylo Hetmantsev --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/README.md | 1 + stable/fluent-bit/templates/config.yaml | 2 +- stable/fluent-bit/values.yaml | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 5988d3b61a8e..f52d8cb1952e 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: fluent-bit -version: 2.8.7 +version: 2.8.8 appVersion: 1.3.5 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index 504fcc918f39..19c607270a86 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -93,6 +93,7 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `audit.enable` | Enable collection of audit logs | `false` | | `audit.input.memBufLimit` | Specify Mem_Buf_Limit in tail input | `35mb` | | `audit.input.parser` | Specify Parser in tail input | `docker` | +| `audit.input.tag` | Specify Tag in tail input | `audit.*` | | `audit.input.path` | Specify log file(s) through the use of common wildcards | `/var/log/kube-apiserver-audit.log` | | `audit.input.bufferChunkSize` | Specify Buffer_Chunk_Size in tail | `2MB` | | `audit.input.bufferMaxSize` | Specify Buffer_Max_Size in tail | `10MB` | diff --git a/stable/fluent-bit/templates/config.yaml b/stable/fluent-bit/templates/config.yaml index b3419f4e66d3..3c429fbb9952 100644 --- a/stable/fluent-bit/templates/config.yaml +++ b/stable/fluent-bit/templates/config.yaml @@ -59,7 +59,7 @@ data: Path {{ .Values.audit.input.path }} Parser {{ .Values.audit.input.parser }} DB /var/log/audit.db - Tag audit.* + Tag {{ .Values.audit.input.tag }} Refresh_Interval 5 Mem_Buf_Limit {{ .Values.audit.input.memBufLimit }} Buffer_Chunk_Size {{ .Values.audit.input.bufferChunkSize }} diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index f2455df8da09..9dd7db2812bc 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -244,6 +244,7 @@ audit: input: memBufLimit: 35MB parser: docker + tag: audit.* path: /var/log/kube-apiserver-audit.log bufferChunkSize: 2MB bufferMaxSize: 10MB From daf28fab23214eda96765b622a4c858e7dad660f Mon Sep 17 00:00:00 2001 From: Lennert Claeys Date: Wed, 12 Feb 2020 11:22:51 +0100 Subject: [PATCH 112/304] [stable/newrelic-infrastructure] Add secure port and ksm label config options (#20692) * Add secure port and ksm label config options Signed-off-by: Lennert Claeys * Clarify config option and fix yaml issue Signed-off-by: Lennert Claeys --- stable/newrelic-infrastructure/Chart.yaml | 2 +- stable/newrelic-infrastructure/README.md | 52 ++++++++++--------- .../templates/daemonset.yaml | 12 ++++- 3 files changed, 38 insertions(+), 28 deletions(-) diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index e8d269c54024..dd1d44ba239f 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.13.21 +version: 0.13.22 appVersion: 1.13.2 home: https://hub.docker.com/r/newrelic/infrastructure-k8s/ source: diff --git a/stable/newrelic-infrastructure/README.md b/stable/newrelic-infrastructure/README.md index ea02e535e036..ed7cd8f1963d 100644 --- a/stable/newrelic-infrastructure/README.md +++ b/stable/newrelic-infrastructure/README.md @@ -6,31 +6,33 @@ This chart will deploy the New Relic Infrastructure agent as a Daemonset. ## Configuration -| Parameter | Description | Default | -| ------------------------------- | ------------------------------------------------------------ | -------------------------- | -| `cluster` | The cluster name for the Kubernetes cluster. | | -| `licenseKey` | The [license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key) for your New Relic Account. This will be preferred configuration option if both `licenseKey` and `customSecret` are specified. | | -| `customSecretName` | Name of the Secret object where the license key is stored | | -| `customSecretLicenseKey` | Key in the Secret object where the license key is stored. | | -| `config` | A `newrelic.yml` file if you wish to provide. | | -| `kubeStateMetricsUrl` | If provided, the discovery process for kube-state-metrics endpoint won't be triggered. Example: http://172.17.0.3:8080 | -| `kubeStateMetricsTimeout` | Timeout for accessing kube-state-metrics in milliseconds. If not set the newrelic default is 5000 | | -| `rbac.create` | Enable Role-based authentication | `true` | -| `rbac.pspEnabled` | Enable pod security policy support | `false` | -| `privileged` | Enable privileged mode. | `true` | -| `image.repository` | The container to pull. | `newrelic/infrastructure` | -| `image.pullPolicy` | The pull policy. | `IfNotPresent` | -| `image.tag` | The version of the container to pull. | `1.13.2` | -| `resources` | Any resources you wish to assign to the pod. | See Resources below | -| `verboseLog` | Should the agent log verbosely. (Boolean) | `false` | -| `priorityClassName` | Scheduling priority of the pod | `nil` | -| `nodeSelector` | Node label to use for scheduling | `nil` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | See Tolerarions below | -| `updateStrategy` | Strategy for DaemonSet updates (requires Kubernetes >= 1.6) | `RollingUpdate` | -| `serviveAccount.create` | If true, a service account would be created and assigned to the deployment | true | -| `serviveAccount.name` | The service account to assign to the deployment. If `serviveAccount.create` is true then this name will be used when creating the service account | | -| `etcdTlsSecretName` | Name of the secret containing the cacert, cert and key used for setting the mTLS config for retrieving metrics from ETCD. | | -| `etcdTlsSecretNamespace` | Namespace where the secret specified in `etcdTlsSecretName` was created. | `default` | +| Parameter | Description | Default | +| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `cluster` | The cluster name for the Kubernetes cluster. | | +| `licenseKey` | The [license key](https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key) for your New Relic Account. This will be preferred configuration option if both `licenseKey` and `customSecret` are specified. | | +| `customSecretName` | Name of the Secret object where the license key is stored | | +| `customSecretLicenseKey` | Key in the Secret object where the license key is stored. | | +| `config` | A `newrelic.yml` file if you wish to provide. | | +| `kubeStateMetricsUrl` | If provided, the discovery process for kube-state-metrics endpoint won't be triggered. Example: http://172.17.0.3:8080 | +| `kubeStateMetricsPodLabel` | If provided, the kube-state-metrics pod will be discovered using this label. (should be `true` on target pod) | +| `kubeStateMetricsTimeout` | Timeout for accessing kube-state-metrics in milliseconds. If not set the newrelic default is 5000 | | +| `rbac.create` | Enable Role-based authentication | `true` | +| `rbac.pspEnabled` | Enable pod security policy support | `false` | +| `privileged` | Enable privileged mode. | `true` | +| `image.repository` | The container to pull. | `newrelic/infrastructure` | +| `image.pullPolicy` | The pull policy. | `IfNotPresent` | +| `image.tag` | The version of the container to pull. | `1.13.2` | +| `resources` | Any resources you wish to assign to the pod. | See Resources below | +| `verboseLog` | Should the agent log verbosely. (Boolean) | `false` | +| `priorityClassName` | Scheduling priority of the pod | `nil` | +| `nodeSelector` | Node label to use for scheduling | `nil` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | See Tolerarions below | +| `updateStrategy` | Strategy for DaemonSet updates (requires Kubernetes >= 1.6) | `RollingUpdate` | +| `serviveAccount.create` | If true, a service account would be created and assigned to the deployment | true | +| `serviveAccount.name` | The service account to assign to the deployment. If `serviveAccount.create` is true then this name will be used when creating the service account | | +| `etcdTlsSecretName` | Name of the secret containing the cacert, cert and key used for setting the mTLS config for retrieving metrics from ETCD. | | +| `etcdTlsSecretNamespace` | Namespace where the secret specified in `etcdTlsSecretName` was created. | `default` | +| `apiServerSecurePort` | Set to query the API Server over a secure port. | | ## Example diff --git a/stable/newrelic-infrastructure/templates/daemonset.yaml b/stable/newrelic-infrastructure/templates/daemonset.yaml index f873883efccf..7a32f224c01e 100644 --- a/stable/newrelic-infrastructure/templates/daemonset.yaml +++ b/stable/newrelic-infrastructure/templates/daemonset.yaml @@ -57,7 +57,11 @@ spec: value: {{ include "newrelic.cluster" . }} {{- if .Values.kubeStateMetricsUrl }} - name: "KUBE_STATE_METRICS_URL" - value: "{{ .Values.kubeStateMetricsUrl }}" + value: {{ .Values.kubeStateMetricsUrl | quote }} + {{- end }} + {{- if .Values.kubeStateMetricsPodLabel }} + - name: "KUBE_STATE_METRICS_POD_LABEL" + value: {{ .Values.kubeStateMetricsPodLabel | quote }} {{- end }} {{- if .Values.kubeStateMetricsTimeout }} - name: TIMEOUT @@ -66,10 +70,14 @@ spec: {{- if .Values.etcdTlsSecretName }} - name: ETCD_TLS_SECRET_NAME value: {{ .Values.etcdTlsSecretName | quote }} + {{- end }} {{- if .Values.etcdTlsSecretNamespace }} - name: ETCD_TLS_SECRET_NAMESPACE value: {{ .Values.etcdTlsSecretNamespace | quote }} {{- end }} + {{- if .Values.apiServerSecurePort }} + - name: "API_SERVER_SECURE_PORT" + value: {{ .Values.apiServerSecurePort | quote }} {{- end }} - name: "NRIA_DISPLAY_NAME" valueFrom: @@ -84,7 +92,7 @@ spec: - name: "NRIA_CUSTOM_ATTRIBUTES" value: {{ .Values.customAttribues }} - name: "NRIA_PASSTHROUGH_ENVIRONMENT" - value: "KUBERNETES_SERVICE_HOST,KUBERNETES_SERVICE_PORT,CLUSTER_NAME,CADVISOR_PORT,NRK8S_NODE_NAME,KUBE_STATE_METRICS_URL,TIMEOUT,ETCD_TLS_SECRET_NAME,ETCD_TLS_SECRET_NAMESPACE" + value: "KUBERNETES_SERVICE_HOST,KUBERNETES_SERVICE_PORT,CLUSTER_NAME,CADVISOR_PORT,NRK8S_NODE_NAME,KUBE_STATE_METRICS_URL,KUBE_STATE_METRICS_POD_LABEL,TIMEOUT,ETCD_TLS_SECRET_NAME,ETCD_TLS_SECRET_NAMESPACE,API_SERVER_SECURE_PORT" {{- if .Values.verboseLog }} - name: NRIA_VERBOSE value: "1" From e1b97b9232d7273127f53c7899d2377d5912f267 Mon Sep 17 00:00:00 2001 From: Frank Schmidt Date: Wed, 12 Feb 2020 14:42:51 +0100 Subject: [PATCH 113/304] [stable/fluentd] Fix manifest errors when using autoscaling + persistence (#20554) * [stable/fluentd] Fix manifest errors when using autoscaling + persistence Signed-off-by: Frank Schmidt * Integrate feedback about readability Signed-off-by: Frank Schmidt --- stable/fluentd/Chart.yaml | 2 +- stable/fluentd/templates/deployment.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/stable/fluentd/Chart.yaml b/stable/fluentd/Chart.yaml index 989a49bbd3a6..169a45914729 100644 --- a/stable/fluentd/Chart.yaml +++ b/stable/fluentd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Fluentd Elasticsearch Helm chart for Kubernetes. icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png name: fluentd -version: 2.3.2 +version: 2.3.3 appVersion: v2.4.0 home: https://www.fluentd.org/ sources: diff --git a/stable/fluentd/templates/deployment.yaml b/stable/fluentd/templates/deployment.yaml index 2912b9533771..277751e2d908 100644 --- a/stable/fluentd/templates/deployment.yaml +++ b/stable/fluentd/templates/deployment.yaml @@ -14,12 +14,15 @@ metadata: spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} +{{- end }} +{{- if .Values.autoscaling.enabled }} + serviceName: {{ template "fluentd.name" . }} {{- end }} selector: matchLabels: app: {{ template "fluentd.name" . }} release: {{ .Release.Name }} - {{- if .Values.persistence.enabled }} + {{- if and .Values.persistence.enabled (not .Values.autoscaling.enabled) }} strategy: type: Recreate {{- end }} From 1028b036d611ccd3542425a85c889f5117b909ba Mon Sep 17 00:00:00 2001 From: Brandon Wulf Date: Wed, 12 Feb 2020 08:38:51 -0800 Subject: [PATCH 114/304] [incubator/sparkoperator] Allow leader election to be customized (#20702) * Allow leader election to be customized Signed-off-by: Brandon Wulf * Updating ci test values Signed-off-by: Brandon Wulf --- incubator/sparkoperator/Chart.yaml | 2 +- incubator/sparkoperator/README.md | 11 ++++++++--- incubator/sparkoperator/ci/test-values.yaml | 11 +++++++---- incubator/sparkoperator/templates/_helpers.tpl | 10 ++++++++++ .../templates/spark-operator-deployment.yaml | 8 +++++--- incubator/sparkoperator/values.yaml | 8 ++++++-- 6 files changed, 37 insertions(+), 13 deletions(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index f1a51d1fc911..f4c5429e3adf 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.6.4 +version: 0.6.5 appVersion: v1beta2-1.1.0-2.4.5 keywords: - spark diff --git a/incubator/sparkoperator/README.md b/incubator/sparkoperator/README.md index 457a6d1adc21..0d54c9f297b9 100644 --- a/incubator/sparkoperator/README.md +++ b/incubator/sparkoperator/README.md @@ -28,7 +28,7 @@ If using Helm 3, then install the chart by running: $ helm install incubator/sparkoperator --generate-name --namespace spark-operator --set sparkJobNamespace=default ``` -or +or ```bash $ helm install [RELEASE-NAME] incubator/sparkoperator --namespace spark-operator --set sparkJobNamespace=default @@ -63,12 +63,18 @@ The following table lists the configurable parameters of the Spark operator char | `resources` | Resources needed for the sparkoperator deployment | {} | | `enableBatchScheduler` | Whether to enable batch scheduler for pod scheduling | false | | `enableResourceQuotaEnforcement` | Whether to enable the ResourceQuota enforcement for SparkApplication resources. Requires the webhook to be enabled by setting enableWebhook to true. | false | -| `enableLeaderElection` | Whether to enable leader election when the operator Deployment has more than one replica, i.e., when `replicas` is greater than 1. | false | +| `leaderElection.enable` | Whether to enable leader election when the operator Deployment has more than one replica, i.e., when `replicas` is greater than 1. | false | +| `leaderElection.lockName` | Lock name to use for leader election | `spark-operator-lock` | +| `leaderElection.lockNamespace` | Namespace to use for leader election | (namespace of release) | | `securityContext` | Defines security context for operator container. | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. #### Upgrading +##### To 0.6.5 + +- `enableLeaderElection` has been renamed `leaderElection.enable` to keep all of the leader election stuff together + ##### To 0.6.2 ###### Breaking changes @@ -82,4 +88,3 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm #### Contributing When making changes to values.yaml, update the files in `ci/` by running `hack/update-ci.sh`. - diff --git a/incubator/sparkoperator/ci/test-values.yaml b/incubator/sparkoperator/ci/test-values.yaml index 705feb8476c2..ddeb9a19658e 100644 --- a/incubator/sparkoperator/ci/test-values.yaml +++ b/incubator/sparkoperator/ci/test-values.yaml @@ -1,8 +1,7 @@ operatorImageName: gcr.io/spark-operator/spark-operator -operatorVersion: v1beta2-1.0.1-2.4.4 +operatorVersion: v1beta2-1.1.0-2.4.5 imagePullPolicy: IfNotPresent imagePullSecrets: [] -replicas: 1 rbac: create: true @@ -17,7 +16,6 @@ serviceAccounts: sparkJobNamespace: "" installCrds: true -cleanupCrdsBeforeInstall: true controllerThreads: 10 resyncInterval: 30 ingressUrlFormat: "" @@ -57,4 +55,9 @@ enableResourceQuotaEnforcement: false ## Whether to enable leader election when the operator Deployment has more than one replica. ## Only applicable when `replicas` is set to a value greater than 1. ## Ref: https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/blob/master/docs/user-guide.md#enabling-leader-election-for-high-availability. -enableLeaderElection: false +leaderElection: + enable: false + lockName: "spark-operator-lock" + ## Optionally store the lock in another namespace. Defaults to operator's namespace + # lockNamespace: "" +replicas: 1 diff --git a/incubator/sparkoperator/templates/_helpers.tpl b/incubator/sparkoperator/templates/_helpers.tpl index 741b500d46b9..149c070b1f81 100644 --- a/incubator/sparkoperator/templates/_helpers.tpl +++ b/incubator/sparkoperator/templates/_helpers.tpl @@ -46,3 +46,13 @@ Create the name of the service account to use {{ default "default" .Values.serviceAccounts.spark.name }} {{- end -}} {{- end -}} + {{/* +Create the leader-election namespace to use +*/}} +{{- define "sparkoperator.leaderElectionLockNamespace" -}} +{{- if .Values.leaderElection.lockNamespace -}} + {{- .Values.leaderElection.lockNamespace -}} +{{- else -}} + {{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/incubator/sparkoperator/templates/spark-operator-deployment.yaml b/incubator/sparkoperator/templates/spark-operator-deployment.yaml index 56c72c089182..b5fe24ab8917 100644 --- a/incubator/sparkoperator/templates/spark-operator-deployment.yaml +++ b/incubator/sparkoperator/templates/spark-operator-deployment.yaml @@ -53,7 +53,7 @@ spec: image: {{ .Values.operatorImageName }}:{{ .Values.operatorVersion }} imagePullPolicy: {{ .Values.imagePullPolicy }} {{- if .Values.securityContext }} - securityContext: + securityContext: {{- range $securityPolicy, $value := .Values.securityContext }} {{ $securityPolicy }}: {{ $value }} {{- end }} @@ -94,8 +94,10 @@ spec: {{- if .Values.enableResourceQuotaEnforcement }} - -enable-resource-quota-enforcement={{ .Values.enableResourceQuotaEnforcement }} {{- end }} - {{- if .Values.enableLeaderElection }} - - -leader-election={{ .Values.enableLeaderElection }} + {{- if .Values.leaderElection.enable }} + - -leader-election={{ .Values.leaderElection.enable }} + - -leader-election-lock-namespace={{ include "sparkoperator.leaderElectionLockNamespace" . }} + - -leader-election-lock-name={{ .Values.leaderElection.lockName }} {{- end }} {{- if .Values.resources }} resources: diff --git a/incubator/sparkoperator/values.yaml b/incubator/sparkoperator/values.yaml index 0879fcc2d613..ddeb9a19658e 100644 --- a/incubator/sparkoperator/values.yaml +++ b/incubator/sparkoperator/values.yaml @@ -2,7 +2,6 @@ operatorImageName: gcr.io/spark-operator/spark-operator operatorVersion: v1beta2-1.1.0-2.4.5 imagePullPolicy: IfNotPresent imagePullSecrets: [] -replicas: 1 rbac: create: true @@ -56,4 +55,9 @@ enableResourceQuotaEnforcement: false ## Whether to enable leader election when the operator Deployment has more than one replica. ## Only applicable when `replicas` is set to a value greater than 1. ## Ref: https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/blob/master/docs/user-guide.md#enabling-leader-election-for-high-availability. -enableLeaderElection: false +leaderElection: + enable: false + lockName: "spark-operator-lock" + ## Optionally store the lock in another namespace. Defaults to operator's namespace + # lockNamespace: "" +replicas: 1 From c7fe9999d18b4bd774afa6d46b7336f9926005bf Mon Sep 17 00:00:00 2001 From: Dahlia B <149529+dlbock@users.noreply.github.com> Date: Thu, 13 Feb 2020 03:36:51 +0800 Subject: [PATCH 115/304] [stable/instana-agent] Chart version 1.0.22 (#20706) Signed-off-by: Instana CD --- stable/instana-agent/Chart.yaml | 2 +- stable/instana-agent/README.md | 3 ++- stable/instana-agent/templates/daemonset.yaml | 12 ++++++++---- stable/instana-agent/values.yaml | 6 ++++++ 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/stable/instana-agent/Chart.yaml b/stable/instana-agent/Chart.yaml index 6dd88d9a7ed9..d2231a70079c 100644 --- a/stable/instana-agent/Chart.yaml +++ b/stable/instana-agent/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: instana-agent -version: 1.0.21 +version: 1.0.22 appVersion: 1.0 description: Instana Agent for Kubernetes home: https://www.instana.com/ diff --git a/stable/instana-agent/README.md b/stable/instana-agent/README.md index 9e2c87b1399d..59ea7bbc067f 100644 --- a/stable/instana-agent/README.md +++ b/stable/instana-agent/README.md @@ -8,7 +8,7 @@ This chart adds the Instana Agent to all schedulable nodes in your cluster via a ## Prerequisites -Kubernetes 1.9.x - 1.14.x +Kubernetes 1.9.x - 1.16.x Working `helm` and `tiller`. @@ -106,6 +106,7 @@ The following table lists the configurable parameters of the Instana chart and t | `agent.pod.requests.memory` | Container memory requests in MiB | `512` | | `agent.pod.requests.cpu` | Container cpu requests in cpu cores | `0.5` | | `agent.pod.tolerations` | Tolerations for pod assignment | `[]` | +| `agent.env` | Additional environment variables for the agent | `{}` | | `agent.redactKubernetesSecrets` | Enable additional secrets redaction for selected Kubernetes resources | `nil` See [Kubernetes secrets](https://docs.instana.io/quick_start/agent_setup/container/kubernetes/#secrets) for more details. | | `cluster.name` | Display name of the monitored cluster | Value of `zone.name` | | `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/quick_start/agent_setup/container/kubernetes/#podsecuritypolicy) for more details. | diff --git a/stable/instana-agent/templates/daemonset.yaml b/stable/instana-agent/templates/daemonset.yaml index ce7d9427657f..1df6edf8e152 100644 --- a/stable/instana-agent/templates/daemonset.yaml +++ b/stable/instana-agent/templates/daemonset.yaml @@ -96,6 +96,10 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + {{- range $key, $value := .Values.agent.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} securityContext: privileged: true volumeMounts: @@ -124,8 +128,8 @@ spec: httpGet: path: /status port: 42699 - initialDelaySeconds: 75 - periodSeconds: 5 + initialDelaySeconds: 300 + timeoutSeconds: 3 resources: requests: memory: "{{ default 512 .Values.agent.pod.requests.memory }}Mi" @@ -155,8 +159,8 @@ spec: httpGet: path: /status port: 42699 - initialDelaySeconds: 75 - periodSeconds: 5 + initialDelaySeconds: 300 + timeoutSeconds: 3 ports: - containerPort: {{ .Values.agent.leaderElectorPort }} {{- if .Values.agent.pod.tolerations }} diff --git a/stable/instana-agent/values.yaml b/stable/instana-agent/values.yaml index 3c5ab7249c71..ae9cd9dcdf08 100644 --- a/stable/instana-agent/values.yaml +++ b/stable/instana-agent/values.yaml @@ -62,6 +62,12 @@ agent: # agent.proxyUseDNS sets the INSTANA_AGENT_PROXY_USE_DNS environment variable. # proxyUseDNS: null + # use this to set additional environment variables for the instana agent + # for example: + # env: + # INSTANA_AGENT_TAGS: dev + env: {} + configuration_yaml: | # Place agent configuration here From e7723115e55819d5cb029b11b20cad8a9b93a1b1 Mon Sep 17 00:00:00 2001 From: Naseem Date: Wed, 12 Feb 2020 22:14:35 -0500 Subject: [PATCH 116/304] allow all pods from chart to talk to eachother (#20717) Signed-off-by: Naseem --- stable/redis/Chart.yaml | 2 +- stable/redis/templates/networkpolicy.yaml | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 401d8ee768a8..e685b181f206 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.5.0 +version: 10.5.1 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/networkpolicy.yaml b/stable/redis/templates/networkpolicy.yaml index 93efec4fe0c6..da055527cc74 100644 --- a/stable/redis/templates/networkpolicy.yaml +++ b/stable/redis/templates/networkpolicy.yaml @@ -46,20 +46,10 @@ spec: - podSelector: matchLabels: {{ template "redis.fullname" . }}-client: "true" - {{- if .Values.metrics.enabled }} - podSelector: matchLabels: app: {{ template "redis.name" . }} release: {{ .Release.Name }} - role: metrics - {{- end }} - {{- if .Values.cluster.enabled }} - - podSelector: - matchLabels: - app: {{ template "redis.name" . }} - release: {{ .Release.Name }} - role: slave - {{- end }} {{- if .Values.networkPolicy.ingressNSMatchLabels }} - namespaceSelector: matchLabels: From c4f623de019b9ca492c83c9229d8504d8c6d2adc Mon Sep 17 00:00:00 2001 From: Ryan Holt Date: Thu, 13 Feb 2020 15:24:36 -0500 Subject: [PATCH 117/304] [stable/minio] Set service name to HTTP/HTTPS rather than Service (#20649) * flip service name to http Signed-off-by: Ryan Holt * bump chart version Signed-off-by: Ryan Holt * update liveness probes Signed-off-by: Ryan Holt * dynamically set based on tls being enabled Signed-off-by: Ryan Holt * update deployment Signed-off-by: Ryan Holt * missed one more Signed-off-by: Ryan Holt * forgot the port for statefulset Signed-off-by: Ryan Holt --- stable/minio/Chart.yaml | 2 +- stable/minio/templates/deployment.yaml | 18 +++++++++++++--- stable/minio/templates/service.yaml | 6 +++++- stable/minio/templates/servicemonitor.yaml | 6 +++++- stable/minio/templates/statefulset.yaml | 24 ++++++++++++++++++---- 5 files changed, 46 insertions(+), 10 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 920233949b9d..9095360f4985 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads. name: minio -version: 5.0.6 +version: 5.0.7 appVersion: master keywords: - storage diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index a21bbf89c6d4..2b9fd5a8b1cf 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -133,7 +133,11 @@ spec: mountPath: {{ .Values.certsPath }} {{ end }} ports: - - name: service + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} containerPort: 9000 env: - name: MINIO_ACCESS_KEY @@ -157,7 +161,11 @@ spec: livenessProbe: httpGet: path: /minio/health/live - port: service + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} {{- if .Values.tls.enabled }} scheme: HTTPS {{ else }} @@ -174,7 +182,11 @@ spec: scheme: HTTPS {{- end }} path: /minio/health/ready - port: service + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} diff --git a/stable/minio/templates/service.yaml b/stable/minio/templates/service.yaml index 3df046847ce3..cb50b93bd6d8 100644 --- a/stable/minio/templates/service.yaml +++ b/stable/minio/templates/service.yaml @@ -24,7 +24,11 @@ spec: type: {{ .Values.service.type }} {{- end }} ports: - - name: service + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} port: {{ .Values.service.port }} protocol: TCP {{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} diff --git a/stable/minio/templates/servicemonitor.yaml b/stable/minio/templates/servicemonitor.yaml index 2ebea11cae71..5c2f1db41e1c 100644 --- a/stable/minio/templates/servicemonitor.yaml +++ b/stable/minio/templates/servicemonitor.yaml @@ -16,7 +16,11 @@ metadata: {{- end }} spec: endpoints: - - port: service + {{- if .Values.tls.enabled }} + - port: https + {{ else }} + - port: http + {{- end }} path: /minio/prometheus/metrics {{- if .Values.metrics.serviceMonitor.interval }} interval: {{ .Values.metrics.serviceMonitor.interval }} diff --git a/stable/minio/templates/statefulset.yaml b/stable/minio/templates/statefulset.yaml index cbcf915a7704..71dd573caad0 100644 --- a/stable/minio/templates/statefulset.yaml +++ b/stable/minio/templates/statefulset.yaml @@ -26,7 +26,11 @@ spec: publishNotReadyAddresses: true clusterIP: None ports: - - name: service + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} port: {{ .Values.service.port }} protocol: TCP selector: @@ -110,7 +114,11 @@ spec: mountPath: {{ .Values.certsPath }} {{ end }} ports: - - name: service + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} containerPort: 9000 env: - name: MINIO_ACCESS_KEY @@ -130,7 +138,11 @@ spec: livenessProbe: httpGet: path: /minio/health/live - port: service + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} {{- if .Values.tls.enabled }} scheme: HTTPS {{ else }} @@ -144,7 +156,11 @@ spec: readinessProbe: httpGet: path: /minio/health/ready - port: service + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} {{- if .Values.tls.enabled }} scheme: HTTPS {{ else }} From 9c45f0f6d592e800871130bddee543381c44c065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferdinand=20H=C3=BCbner?= Date: Thu, 13 Feb 2020 22:40:36 +0100 Subject: [PATCH 118/304] Apply default backend service command line argument if one is configured (#20725) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This applies the command line argument for the default backend if one is configured and the chart's default backend component is disabled, e.g. if a custom default backend is deployed independently of this chart. Signed-off-by: Ferdinand Hübner --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/templates/controller-daemonset.yaml | 4 +++- stable/nginx-ingress/templates/controller-deployment.yaml | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 4cfe42148c68..2fbc32573858 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.30.1 +version: 1.30.2 appVersion: 0.28.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/templates/controller-daemonset.yaml b/stable/nginx-ingress/templates/controller-daemonset.yaml index a624e6c307e2..36517c4665df 100644 --- a/stable/nginx-ingress/templates/controller-daemonset.yaml +++ b/stable/nginx-ingress/templates/controller-daemonset.yaml @@ -67,7 +67,9 @@ spec: {{- if .Values.defaultBackend.enabled }} - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }} {{- else }} - {{- if and (semverCompare "<0.21.0" .Values.controller.image.tag) }} + {{- if (semverCompare "<0.21.0" .Values.controller.image.tag) }} + - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }} + {{- else if .Values.controller.defaultBackendService }} - --default-backend-service={{ .Values.controller.defaultBackendService }} {{- end }} {{- end }} diff --git a/stable/nginx-ingress/templates/controller-deployment.yaml b/stable/nginx-ingress/templates/controller-deployment.yaml index 9f8a960ff4e0..1a00a4b8e9e2 100644 --- a/stable/nginx-ingress/templates/controller-deployment.yaml +++ b/stable/nginx-ingress/templates/controller-deployment.yaml @@ -68,7 +68,9 @@ spec: {{- if .Values.defaultBackend.enabled }} - --default-backend-service={{ .Release.Namespace }}/{{ template "nginx-ingress.defaultBackend.fullname" . }} {{- else }} - {{- if and (semverCompare "<0.21.0" .Values.controller.image.tag) }} + {{- if (semverCompare "<0.21.0" .Values.controller.image.tag) }} + - --default-backend-service={{ required ".Values.controller.defaultBackendService is required if .Values.defaultBackend.enabled=false and .Values.controller.image.tag < 0.21.0" .Values.controller.defaultBackendService }} + {{- else if .Values.controller.defaultBackendService }} - --default-backend-service={{ .Values.controller.defaultBackendService }} {{- end }} {{- end }} From f62373159d91dfd434a9677578d997442642dbb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Thu, 13 Feb 2020 23:26:18 +0100 Subject: [PATCH 119/304] [stable/elasticsearch] Update to 6.8.6 + Fix plugin install initcontainer which would fail if plugin already exists. (#20630) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/elasticsearch] Fix plugin install initcontainer which would fail if plugin already exists. This happens when Node reboots and keeps emptyDir, or if elasticsearch image already contains plugin. Signed-off-by: Cédric de Saint Martin * [stable/elasticsearch] Update to 6.8.6. Signed-off-by: Cédric de Saint Martin --- stable/elasticsearch/Chart.yaml | 4 ++-- stable/elasticsearch/templates/_helpers.tpl | 8 +++++++- stable/elasticsearch/values.yaml | 4 ++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 7c4d6f358b99..d35b2692289a 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.32.2 -appVersion: 6.8.2 +version: 1.32.3 +appVersion: 6.8.6 description: Flexible and powerful open source, distributed real-time search and analytics engine. icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg diff --git a/stable/elasticsearch/templates/_helpers.tpl b/stable/elasticsearch/templates/_helpers.tpl index c13762271812..4b1d19144c5a 100644 --- a/stable/elasticsearch/templates/_helpers.tpl +++ b/stable/elasticsearch/templates/_helpers.tpl @@ -97,7 +97,13 @@ plugin installer template - "-c" - | {{- range .Values.cluster.plugins }} - /usr/share/elasticsearch/bin/elasticsearch-plugin install -b {{ . }} + PLUGIN_NAME="{{ . }}" + echo "Installing $PLUGIN_NAME..." + if /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep "$PLUGIN_NAME" > /dev/null; then + echo "Plugin $PLUGIN_NAME already exists, skipping." + else + /usr/share/elasticsearch/bin/elasticsearch-plugin install -b $PLUGIN_NAME + fi {{- end }} volumeMounts: - mountPath: /usr/share/elasticsearch/plugins/ diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index 7cff378bf0c1..7a0e274c65ac 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -1,7 +1,7 @@ # Default values for elasticsearch. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -appVersion: "6.8.2" +appVersion: "6.8.6" ## Define serviceAccount names for components. Defaults to component's fully qualified name. ## @@ -42,7 +42,7 @@ securityContext: image: repository: "docker.elastic.co/elasticsearch/elasticsearch-oss" - tag: "6.8.2" + tag: "6.8.6" pullPolicy: "IfNotPresent" # If specified, use these secrets to access the image # pullSecrets: From 319917f0b41e7fdcad73647ea4aa0ca4b9326730 Mon Sep 17 00:00:00 2001 From: Konstantinos Livieratos Date: Fri, 14 Feb 2020 00:40:17 +0200 Subject: [PATCH 120/304] Replaced broken link in unbound readme (#20660) * Replaced broken link in unbound readme Signed-off-by: Konstantinos Livieratos * Version bump in unbound chart Signed-off-by: Konstantinos Livieratos --- stable/unbound/Chart.yaml | 2 +- stable/unbound/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/unbound/Chart.yaml b/stable/unbound/Chart.yaml index cea23933d585..43a76e547597 100644 --- a/stable/unbound/Chart.yaml +++ b/stable/unbound/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Unbound is a fast caching DNS resolver home: https://www.unbound.net/ name: unbound -version: 1.1.1 +version: 1.1.2 appVersion: 1.6.7 sources: - http://unbound.nlnetlabs.nl/svn/ diff --git a/stable/unbound/README.md b/stable/unbound/README.md index c47199f32a71..d44e93d9b98c 100644 --- a/stable/unbound/README.md +++ b/stable/unbound/README.md @@ -88,7 +88,7 @@ unbound.serverPort: 53 ### Configuration changes -The unbound deployment template includes the sha256 hash of the configmap as an annotation. This will cause the deployment to update if the configuration is changed. For more information on this and other useful stuff see [chart tips and tricks](https://github.com/kubernetes/helm/blob/master/docs/charts_tips_and_tricks.md). +The unbound deployment template includes the sha256 hash of the configmap as an annotation. This will cause the deployment to update if the configuration is changed. For more information on this and other useful stuff see [chart tips and tricks](https://helm.sh/docs/howto/charts_tips_and_tricks/). ### Health checks From 3ac0924fe908183f7acf2e4b36ed91f77e02e24e Mon Sep 17 00:00:00 2001 From: Chandan Kumar Date: Fri, 14 Feb 2020 13:00:17 +0530 Subject: [PATCH 121/304] [stable/openebs] Update the detail for get support (#20716) Signed-off-by: chandan kumar --- stable/openebs/Chart.yaml | 2 +- stable/openebs/templates/NOTES.txt | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/stable/openebs/Chart.yaml b/stable/openebs/Chart.yaml index 46a291a57566..b27ce5774eb8 100644 --- a/stable/openebs/Chart.yaml +++ b/stable/openebs/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -version: 1.6.0 +version: 1.6.1 name: openebs appVersion: 1.6.0 description: Containerized Storage for Containers diff --git a/stable/openebs/templates/NOTES.txt b/stable/openebs/templates/NOTES.txt index 8f14ecedb73d..299a52638820 100644 --- a/stable/openebs/templates/NOTES.txt +++ b/stable/openebs/templates/NOTES.txt @@ -21,8 +21,7 @@ spec: storage: 5G --- -For more information, please visit http://docs.openebs.io/. - Please note that, OpenEBS uses iSCSI for connecting applications with the OpenEBS Volumes and your nodes should have the iSCSI initiator installed. +For more information, visit our Slack at https://openebs.io/community or view the documentation online at http://docs.openebs.io/. From 86532cc953da423042e14ba0326f74ab4bd0b457 Mon Sep 17 00:00:00 2001 From: Tim Stoop Date: Fri, 14 Feb 2020 09:42:17 +0100 Subject: [PATCH 122/304] [stable/external-dns] Add support for the TransIP provider (#20704) As described here: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/transip.md Signed-off-by: Tim Stoop --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/README.md | 2 ++ stable/external-dns/templates/_helpers.tpl | 28 +++++++++++++++++++ stable/external-dns/templates/deployment.yaml | 17 +++++++++++ stable/external-dns/templates/secret.yaml | 3 ++ stable/external-dns/values-production.yaml | 12 +++++++- stable/external-dns/values.yaml | 12 +++++++- 7 files changed, 73 insertions(+), 3 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index 41f21c51f9ed..89d4561e88d6 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: external-dns -version: 2.16.3 +version: 2.17.0 appVersion: 0.6.0 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index f8234659647d..808daea9a05f 100755 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -123,6 +123,8 @@ The following table lists the configurable parameters of the external-dns chart | `pdns.apiUrl` | When using the PowerDNS provider, specify the API URL of the server. | `""` | | `pdns.apiPort` | When using the PowerDNS provider, specify the API port of the server. | `8081` | | `pdns.apiKey` | When using the PowerDNS provider, specify the API key of the server. | `""` | +| `transip.account` | When using the TransIP provider, specify the account name. | `""` | +| `transip.apiKey` | When using the TransIP provider, specify the API key to use. | `""` | | `annotationFilter` | Filter sources managed by external-dns via annotation using label selector (optional) | `""` | | `domainFilters` | Limit possible target zones by domain suffixes (optional) | `[]` | | `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | diff --git a/stable/external-dns/templates/_helpers.tpl b/stable/external-dns/templates/_helpers.tpl index a82a1cb97af5..e2347b8b0cea 100644 --- a/stable/external-dns/templates/_helpers.tpl +++ b/stable/external-dns/templates/_helpers.tpl @@ -130,6 +130,8 @@ Return true if a secret object should be created {{- true -}} {{- else if and (eq .Values.provider "pdns") .Values.pdns.apiKey -}} {{- true -}} +{{- else if and (eq .Values.provider "transip") .Values.transip.apiKey -}} + {{- true -}} {{- else -}} {{- end -}} {{- end -}} @@ -201,6 +203,8 @@ Compile all warnings into a single message, and call fail. {{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" .) -}} {{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientId" .) -}} {{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientSecret" .) -}} +{{- $messages := append $messages (include "external-dns.validateValues.transip.account" .) -}} +{{- $messages := append $messages (include "external-dns.validateValues.transip.apiKey" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} @@ -398,3 +402,27 @@ external-dns: azure.seManagedIdentityExtension Please set set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx") {{- end -}} {{- end -}} + +{{/* +Validate values of TransIP DNS: +- must provide the account name when provider is "transip" +*/}} +{{- define "external-dns.validateValues.transip.account" -}} +{{- if and (eq .Values.provider "transip") (not .Values.transip.account) -}} +external-dns: transip.account + You must provide the TransIP account name when provider="transip". + Please set the account parameter (--set transip.account="xxxx") +{{- end -}} +{{- end -}} + +{{/* +Validate values of TransIP DNS: +- must provide the API key when provider is "transip" +*/}} +{{- define "external-dns.validateValues.transip.apiKey" -}} +{{- if and (eq .Values.provider "transip") (not .Values.transip.apiKey) -}} +external-dns: transip.apiKey + You must provide the TransIP API key when provider="transip". + Please set the apiKey parameter (--set transip.apiKey="xxxx") +{{- end -}} +{{- end -}} diff --git a/stable/external-dns/templates/deployment.yaml b/stable/external-dns/templates/deployment.yaml index 25bd1514d200..8264d956f022 100755 --- a/stable/external-dns/templates/deployment.yaml +++ b/stable/external-dns/templates/deployment.yaml @@ -189,6 +189,11 @@ spec: - --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }} - --pdns-api-key=$(PDNS_API_KEY) {{- end }} + # TransIP arguments + {{- if eq .Values.provider "transip" }} + - --transip-account={{ .Values.transip.account }} + - --transip-keyfile=/transip/transip-api-key + {{- end }} # Extra arguments {{- range $key, $value := .Values.extraArgs }} {{- if $value }} @@ -366,6 +371,12 @@ spec: mountPath: {{ .Values.designate.customCA.mountPath }} readOnly: true {{- end }} + # TransIP mountPath(s) + {{- if (eq .Values.provider "transip") }} + - name: transip-api-key + mountPath: /transip + readOnly: true + {{- end }} volumes: # AWS volume(s) {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} @@ -412,3 +423,9 @@ spec: - key: {{ .Values.designate.customCA.filename }} path: {{ .Values.designate.customCA.filename }} {{- end }} + # TransIP volume(s) + {{- if (eq .Values.provider "transip") }} + - name: transip-api-key + secret: + name: {{ template "external-dns.fullname" . }} + {{- end }} diff --git a/stable/external-dns/templates/secret.yaml b/stable/external-dns/templates/secret.yaml index 980f6f094553..1c2dd19e50d5 100644 --- a/stable/external-dns/templates/secret.yaml +++ b/stable/external-dns/templates/secret.yaml @@ -38,4 +38,7 @@ data: {{- if eq .Values.provider "rfc2136" }} rfc2136_tsig_secret: {{ .Values.rfc2136.tsigSecret | b64enc | quote }} {{- end }} + {{- if eq .Values.provider "transip" }} + transip-api-key: {{ .Values.transip.apiKey | b64enc | quote }} + {{- end }} {{- end }} diff --git a/stable/external-dns/values-production.yaml b/stable/external-dns/values-production.yaml index 20a572177a0c..44168bef7402 100644 --- a/stable/external-dns/values-production.yaml +++ b/stable/external-dns/values-production.yaml @@ -40,7 +40,7 @@ sources: # - crd ## DNS provider where the DNS records will be created. Available providers are: -## - aws, azure, cloudflare, coredns, designate, digitalocoean, google, infoblox, rfc2136 +## - aws, azure, cloudflare, coredns, designate, digitalocoean, google, infoblox, rfc2136, transip ## provider: aws @@ -269,6 +269,16 @@ pdns: apiPort: "8081" apiKey: "" +## TransIP configuration to be set via arguments/env. variables +## +transip: + ## Account name to be used + ## + account: "" + ## + ## API key that is authorised for the account + apiKey: "" + ## Limit possible target zones by domain suffixes (optional) ## domainFilters: [] diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 7a517291d921..843b784086e5 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -40,7 +40,7 @@ sources: # - crd ## DNS provider where the DNS records will be created. Available providers are: -## - aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, infoblox, rfc2136 +## - aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, infoblox, rfc2136, transip ## provider: aws @@ -268,6 +268,16 @@ pdns: apiPort: "8081" apiKey: "" +## TransIP configuration to be set via arguments/env. variables +## +transip: + ## Account name to be used + ## + account: "" + ## + ## API key that is authorised for the account + apiKey: "" + ## Limit possible target zones by domain suffixes (optional) ## domainFilters: [] From 0ac3e542bec21c49e5685e258cc0f541b7d9462d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 14 Feb 2020 10:18:17 +0100 Subject: [PATCH 123/304] [stable/postgresql] Release 8.3.4 updating components versions (#20737) Signed-off-by: Bitnami Containers --- stable/postgresql/Chart.yaml | 4 ++-- stable/postgresql/values-production.yaml | 4 ++-- stable/postgresql/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 3acabee81040..21cd5ed60287 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: postgresql -version: 8.3.3 -appVersion: 11.6.0 +version: 8.3.4 +appVersion: 11.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: - postgresql diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index e9690b279ed1..10a78463fe07 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -15,7 +15,7 @@ global: image: registry: docker.io repository: bitnami/postgresql - tag: 11.6.0-debian-10-r5 + tag: 11.7.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -444,7 +444,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r4 + tag: 0.8.0-debian-10-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 672c041261fb..d50ab78096c2 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -15,7 +15,7 @@ global: image: registry: docker.io repository: bitnami/postgresql - tag: 11.6.0-debian-10-r5 + tag: 11.7.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -453,7 +453,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r4 + tag: 0.8.0-debian-10-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 290f408f1d77a83bce0bb9375ae5b1eacb2c052d Mon Sep 17 00:00:00 2001 From: thomasbabtist <61006334+thomasbabtist@users.noreply.github.com> Date: Fri, 14 Feb 2020 11:42:16 +0100 Subject: [PATCH 124/304] [stable/hazelcast] Add option for configuring MC_CONTEXT_PATH (#20730) Signed-off-by: Thomas Babtist --- stable/hazelcast/Chart.yaml | 2 +- stable/hazelcast/README.adoc | 3 +++ stable/hazelcast/templates/NOTES.txt | 6 +++--- stable/hazelcast/templates/mancenter-statefulset.yaml | 8 ++++++-- .../hazelcast/templates/tests/test-management-center.yaml | 2 +- stable/hazelcast/values.yaml | 4 ++++ 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/stable/hazelcast/Chart.yaml b/stable/hazelcast/Chart.yaml index 2f64405fed54..64e2e84106d5 100644 --- a/stable/hazelcast/Chart.yaml +++ b/stable/hazelcast/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: hazelcast -version: 3.0.0 +version: 3.0.1 appVersion: "4.0" tillerVersion: ">=2.7.2" kubeVersion: ">=1.9.0-0" diff --git a/stable/hazelcast/README.adoc b/stable/hazelcast/README.adoc index 41b10d3708dc..2614d4f06cbc 100644 --- a/stable/hazelcast/README.adoc +++ b/stable/hazelcast/README.adoc @@ -228,6 +228,9 @@ the same or one minor release greater than Hazelcast image version) |`+mancenter.image.pullSecrets+` |Specify docker-registry secret names as an array |`+nil+` +|`+mancenter.contextPath+` |the value for the MC_CONTEXT_PATH environment variable, +thus overriding the default context path for Hazelcast Management Center |`+nil+` + |`+mancenter.javaOpts+` |Additional JAVA_OPTS properties for Hazelcast Management Center |`+nil+` diff --git a/stable/hazelcast/templates/NOTES.txt b/stable/hazelcast/templates/NOTES.txt index 57f78d31a7be..26726fec43ca 100644 --- a/stable/hazelcast/templates/NOTES.txt +++ b/stable/hazelcast/templates/NOTES.txt @@ -42,16 +42,16 @@ To access Hazelcast Management Center: {{- if contains "LoadBalancer" .Values.mancenter.service.type }} *) Check Management Center external IP: $ export MANCENTER_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mancenter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - *) Open Browser at: http://$MANCENTER_IP:{{ .Values.mancenter.service.port }}/hazelcast-mancenter + *) Open Browser at: http://$MANCENTER_IP:{{ .Values.mancenter.service.port }}{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }} {{- else if contains "ClusterIP" .Values.mancenter.service.type }} *) Forward port from POD: $ export POD=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "hazelcast.name" . }},role=mancenter" -o jsonpath="{.items[0].metadata.name}") $ kubectl port-forward --namespace {{ .Release.Namespace }} $POD 8080:8080 - *) Open Browser at: http://127.0.0.1:8080/hazelcast-mancenter + *) Open Browser at: http://127.0.0.1:8080{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }} {{- else if contains "NodePort" .Values.mancenter.service.type }} *) Check Node IP and Port: $ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") $ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mancenter.fullname" . }}) - *) Open Browser at: http://$NODE_IP:$NODE_PORT/hazelcast-mancenter + *) Open Browser at: http://$NODE_IP:$NODE_PORT{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }} {{- end }} {{- end }} diff --git a/stable/hazelcast/templates/mancenter-statefulset.yaml b/stable/hazelcast/templates/mancenter-statefulset.yaml index 3666f6aa17bb..87699f0ea103 100644 --- a/stable/hazelcast/templates/mancenter-statefulset.yaml +++ b/stable/hazelcast/templates/mancenter-statefulset.yaml @@ -62,7 +62,7 @@ spec: {{- if .Values.mancenter.livenessProbe.enabled }} livenessProbe: httpGet: - path: /health + path: {{ if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{ end }}/health port: 8081 initialDelaySeconds: {{ .Values.mancenter.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.mancenter.livenessProbe.periodSeconds }} @@ -73,7 +73,7 @@ spec: {{- if .Values.mancenter.readinessProbe.enabled }} readinessProbe: httpGet: - path: /health + path: {{ if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{ end }}/health port: 8081 initialDelaySeconds: {{ .Values.mancenter.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.mancenter.readinessProbe.periodSeconds }} @@ -85,6 +85,10 @@ spec: - name: mancenter-storage mountPath: /data env: + {{- if .Values.mancenter.contextPath }} + - name: MC_CONTEXT_PATH + value: {{ .Values.mancenter.contextPath }} + {{- end }} - name: MC_LICENSE_KEY {{- if .Values.mancenter.licenseKeySecretName }} valueFrom: diff --git a/stable/hazelcast/templates/tests/test-management-center.yaml b/stable/hazelcast/templates/tests/test-management-center.yaml index 5973301d5c45..a956e809ac40 100644 --- a/stable/hazelcast/templates/tests/test-management-center.yaml +++ b/stable/hazelcast/templates/tests/test-management-center.yaml @@ -32,7 +32,7 @@ spec: - | set -ex # Get the HTTP Response Code of the Health Check - HEALTH_CHECK_HTTP_RESPONSE_CODE=$(curl --write-out %{http_code} --silent --output /dev/null {{ template "mancenter.fullname" . }}:{{ .Values.mancenter.service.port }}/hazelcast-mancenter/health) + HEALTH_CHECK_HTTP_RESPONSE_CODE=$(curl --write-out %{http_code} --silent --output /dev/null {{ template "mancenter.fullname" . }}:{{ .Values.mancenter.service.port }}{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }}/health) # Test the currect number of Hazelcast members test ${HEALTH_CHECK_HTTP_RESPONSE_CODE} -eq 200 securityContext: diff --git a/stable/hazelcast/values.yaml b/stable/hazelcast/values.yaml index a56d68096363..014a0014f71a 100644 --- a/stable/hazelcast/values.yaml +++ b/stable/hazelcast/values.yaml @@ -223,6 +223,10 @@ mancenter: # javaOpts are additional JAVA_OPTS properties for Hazelcast Management Center javaOpts: + # contextPath is the value for the MC_CONTEXT_PATH environment variable, thus overriding the default context path for Hazelcast Management Center + # ref: https://hub.docker.com/r/hazelcast/management-center/ + contextPath: + # licenseKey is the license key for Hazelcast Management Center # if not provided, it can be filled in the Management Center web interface licenseKey: From aa8bb30ecc246adbf92c20fd339f43162179b851 Mon Sep 17 00:00:00 2001 From: devOpsHelm <54980549+devOpsHelm@users.noreply.github.com> Date: Fri, 14 Feb 2020 17:52:18 +0300 Subject: [PATCH 125/304] Clean up context path (#99) (#20762) Signed-off-by: devOpsHelm --- stable/hazelcast/Chart.yaml | 2 +- stable/hazelcast/templates/NOTES.txt | 6 +++--- .../hazelcast/templates/tests/test-management-center.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/hazelcast/Chart.yaml b/stable/hazelcast/Chart.yaml index 64e2e84106d5..9634e0e381e7 100644 --- a/stable/hazelcast/Chart.yaml +++ b/stable/hazelcast/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: hazelcast -version: 3.0.1 +version: 3.0.2 appVersion: "4.0" tillerVersion: ">=2.7.2" kubeVersion: ">=1.9.0-0" diff --git a/stable/hazelcast/templates/NOTES.txt b/stable/hazelcast/templates/NOTES.txt index 26726fec43ca..7e5d00110f3e 100644 --- a/stable/hazelcast/templates/NOTES.txt +++ b/stable/hazelcast/templates/NOTES.txt @@ -42,16 +42,16 @@ To access Hazelcast Management Center: {{- if contains "LoadBalancer" .Values.mancenter.service.type }} *) Check Management Center external IP: $ export MANCENTER_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mancenter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - *) Open Browser at: http://$MANCENTER_IP:{{ .Values.mancenter.service.port }}{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }} + *) Open Browser at: http://$MANCENTER_IP:{{ .Values.mancenter.service.port }}{{ .Values.mancenter.contextPath }} {{- else if contains "ClusterIP" .Values.mancenter.service.type }} *) Forward port from POD: $ export POD=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "hazelcast.name" . }},role=mancenter" -o jsonpath="{.items[0].metadata.name}") $ kubectl port-forward --namespace {{ .Release.Namespace }} $POD 8080:8080 - *) Open Browser at: http://127.0.0.1:8080{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }} + *) Open Browser at: http://127.0.0.1:8080{{ .Values.mancenter.contextPath }} {{- else if contains "NodePort" .Values.mancenter.service.type }} *) Check Node IP and Port: $ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") $ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mancenter.fullname" . }}) - *) Open Browser at: http://$NODE_IP:$NODE_PORT{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }} + *) Open Browser at: http://$NODE_IP:$NODE_PORT{{ .Values.mancenter.contextPath }} {{- end }} {{- end }} diff --git a/stable/hazelcast/templates/tests/test-management-center.yaml b/stable/hazelcast/templates/tests/test-management-center.yaml index a956e809ac40..f8b35f0cfdf4 100644 --- a/stable/hazelcast/templates/tests/test-management-center.yaml +++ b/stable/hazelcast/templates/tests/test-management-center.yaml @@ -32,7 +32,7 @@ spec: - | set -ex # Get the HTTP Response Code of the Health Check - HEALTH_CHECK_HTTP_RESPONSE_CODE=$(curl --write-out %{http_code} --silent --output /dev/null {{ template "mancenter.fullname" . }}:{{ .Values.mancenter.service.port }}{{- if .Values.mancenter.contextPath }}{{ .Values.mancenter.contextPath }}{{- else }}/hazelcast-mancenter{{- end }}/health) + HEALTH_CHECK_HTTP_RESPONSE_CODE=$(curl --write-out %{http_code} --silent --output /dev/null {{ template "mancenter.fullname" . }}:{{ .Values.mancenter.service.port }}{{ .Values.mancenter.contextPath }}/health) # Test the currect number of Hazelcast members test ${HEALTH_CHECK_HTTP_RESPONSE_CODE} -eq 200 securityContext: From aa53d2fa8fb330569c79913a9c26abe0bae7de1f Mon Sep 17 00:00:00 2001 From: GullomJ <33196603+GullomJ@users.noreply.github.com> Date: Sat, 15 Feb 2020 01:02:17 +0800 Subject: [PATCH 126/304] Fix indentations (#20760) Signed-off-by: GullomJ <33196603+GullomJ@users.noreply.github.com> --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/statefulset.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index bd213ecd43b7..35a4e021237e 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 3.2.0 +version: 3.2.1 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/statefulset.yaml b/stable/influxdb/templates/statefulset.yaml index ae1de7d2fad2..feae2ef71069 100644 --- a/stable/influxdb/templates/statefulset.yaml +++ b/stable/influxdb/templates/statefulset.yaml @@ -34,15 +34,15 @@ spec: {{- end }} {{- if .Values.nodeSelector }} nodeSelector: - {{ toYaml .Values.nodeSelector | indent 8 }} +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} affinity: - {{ toYaml .Values.affinity | indent 8 }} +{{ toYaml .Values.affinity | indent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: - {{ toYaml .Values.tolerations | indent 8 }} +{{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: From 35c0c3d992fd7232d86a56a5ac0bb44f91cf6c59 Mon Sep 17 00:00:00 2001 From: Daniel Harrison Date: Fri, 14 Feb 2020 10:02:17 -0800 Subject: [PATCH 127/304] [stable/cockroachdb]: Update version to v19.2.4 (#20698) Signed-off-by: Dan Harrison --- stable/cockroachdb/Chart.yaml | 4 ++-- stable/cockroachdb/README.md | 10 +++++----- stable/cockroachdb/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index cce8e0ceea57..acde10388083 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: cockroachdb home: https://www.cockroachlabs.com -version: 3.0.5 -appVersion: 19.2.3 +version: 3.0.6 +appVersion: 19.2.4 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png sources: diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index 330ffb774f15..b4f68a801133 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -171,10 +171,10 @@ kubectl get pods \ -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}' ``` ``` -my-release-cockroachdb-0 cockroachdb/cockroach:v19.2.3 -my-release-cockroachdb-1 cockroachdb/cockroach:v19.2.3 -my-release-cockroachdb-2 cockroachdb/cockroach:v19.2.3 -my-release-cockroachdb-3 cockroachdb/cockroach:v19.2.3 +my-release-cockroachdb-0 cockroachdb/cockroach:v19.2.4 +my-release-cockroachdb-1 cockroachdb/cockroach:v19.2.4 +my-release-cockroachdb-2 cockroachdb/cockroach:v19.2.4 +my-release-cockroachdb-3 cockroachdb/cockroach:v19.2.4 ``` Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade: @@ -244,7 +244,7 @@ For details see the [`values.yaml`](values.yaml) file. | `conf.port` | CockroachDB primary serving port in Pods | `26257` | | `conf.http-port` | CockroachDB HTTP port in Pods | `8080` | | `image.repository` | Container image name | `cockroachdb/cockroach` | -| `image.tag` | Container image tag | `v19.2.3` | +| `image.tag` | Container image tag | `v19.2.4` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` | | `statefulset.replicas` | StatefulSet replicas number | `3` | diff --git a/stable/cockroachdb/values.yaml b/stable/cockroachdb/values.yaml index 5a4722d53129..94231d29cb0a 100644 --- a/stable/cockroachdb/values.yaml +++ b/stable/cockroachdb/values.yaml @@ -1,6 +1,6 @@ image: repository: cockroachdb/cockroach - tag: v19.2.3 + tag: v19.2.4 pullPolicy: IfNotPresent credentials: {} # registry: docker.io From 06dc7a140f0f8d16a24765a7496d3aaa31ad97ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Sobczyk?= <30727091+sopeal@users.noreply.github.com> Date: Fri, 14 Feb 2020 20:27:06 +0100 Subject: [PATCH 128/304] [incubator/schema-registry] Template health check (#19699) * [incubator/schema-registry] template whole readiness and liveness Signed-off-by: Michal Sobczyk * Bump chart version Signed-off-by: Michal Sobczyk * bum chart version to 1.1.9 Signed-off-by: sopeal --- incubator/schema-registry/Chart.yaml | 2 +- .../schema-registry/templates/deployment.yaml | 29 ++----------------- incubator/schema-registry/values.yaml | 11 ++++++- 3 files changed, 13 insertions(+), 29 deletions(-) diff --git a/incubator/schema-registry/Chart.yaml b/incubator/schema-registry/Chart.yaml index 80e505ccba93..3d0da06789c1 100644 --- a/incubator/schema-registry/Chart.yaml +++ b/incubator/schema-registry/Chart.yaml @@ -1,6 +1,6 @@ name: schema-registry home: https://docs.confluent.io/current/schema-registry/docs/index.html -version: 1.1.8 +version: 1.1.9 appVersion: 5.0.1 keywords: - confluent diff --git a/incubator/schema-registry/templates/deployment.yaml b/incubator/schema-registry/templates/deployment.yaml index 30397a8796c3..4d23c18ac1e3 100644 --- a/incubator/schema-registry/templates/deployment.yaml +++ b/incubator/schema-registry/templates/deployment.yaml @@ -107,34 +107,9 @@ spec: name: jmx {{- end }} livenessProbe: - httpGet: - path: / - port: {{ .Values.servicePort }} - {{- if not .Values.livenessProbe }} - initialDelaySeconds: 10 - timeoutSeconds: 5 - {{- else }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 10}} - {{- if .Values.livenessProbe.periodSeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - {{- end }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5}} - {{- if .Values.livenessProbe.successThreshold }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.livenessProbe.failureThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- end }} +{{ toYaml .Values.livenessProbe | indent 12 }} readinessProbe: - httpGet: - path: / - port: {{ .Values.servicePort }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 10}} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 5}} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{ toYaml .Values.readinessProbe | indent 12 }} env: - name: SCHEMA_REGISTRY_HOST_NAME valueFrom: diff --git a/incubator/schema-registry/values.yaml b/incubator/schema-registry/values.yaml index 3c80f9a68afd..8651c1c8ae47 100644 --- a/incubator/schema-registry/values.yaml +++ b/incubator/schema-registry/values.yaml @@ -59,10 +59,19 @@ kafkaStore: ## Additional Java arguments to pass to Kafka. # schemaRegistryOpts: -Dfoo=bar -## Readiness probe config. +## Liveness and readiness probe config. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## +livenessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 readinessProbe: + httpGet: + path: / + port: 8081 initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 From 64b0988b97b159273e26f2acf0365c61ce68d93e Mon Sep 17 00:00:00 2001 From: Ryan Holt Date: Fri, 14 Feb 2020 15:21:28 -0500 Subject: [PATCH 129/304] add deploymentannotations, bump chart version (#20763) Signed-off-by: Ryan Holt --- stable/unifi/Chart.yaml | 2 +- stable/unifi/README.md | 1 + stable/unifi/templates/deployment.yaml | 6 ++++++ stable/unifi/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml index 6f732c06fa58..034181282a71 100644 --- a/stable/unifi/Chart.yaml +++ b/stable/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.0 +version: 0.6.1 keywords: - ubiquiti - unifi diff --git a/stable/unifi/README.md b/stable/unifi/README.md index e58015c6ab22..87fdecb8d61b 100644 --- a/stable/unifi/README.md +++ b/stable/unifi/README.md @@ -101,6 +101,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | | `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | +| `deploymentAnnotations` | Key-value pairs to add as deployment annotations | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/unifi/templates/deployment.yaml b/stable/unifi/templates/deployment.yaml index 890fe5d4e490..fa66e72b215f 100644 --- a/stable/unifi/templates/deployment.yaml +++ b/stable/unifi/templates/deployment.yaml @@ -2,6 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "unifi.fullname" . }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- range $key, $value := .Values.deploymentAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: app.kubernetes.io/name: {{ include "unifi.name" . }} helm.sh/chart: {{ include "unifi.chart" . }} diff --git a/stable/unifi/values.yaml b/stable/unifi/values.yaml index 88f64985fd4d..910b28df040e 100644 --- a/stable/unifi/values.yaml +++ b/stable/unifi/values.yaml @@ -222,3 +222,5 @@ tolerations: [] affinity: {} podAnnotations: {} + +deploymentAnnotations: {} From f518252aff4f5aa8ac7808405c9c54ef4f85cfbc Mon Sep 17 00:00:00 2001 From: rowanr Date: Fri, 14 Feb 2020 22:21:28 +0100 Subject: [PATCH 130/304] [stable/pgadmin] update api versions (#20751) Update Ingress and Deployment apiVersions for Kubernetes 1.16 support Signed-off-by: Rowan Ruseler --- stable/pgadmin/Chart.yaml | 2 +- stable/pgadmin/templates/_helpers.tpl | 22 ++++++++++++++++++++++ stable/pgadmin/templates/deployment.yaml | 2 +- stable/pgadmin/templates/ingress.yaml | 2 +- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/stable/pgadmin/Chart.yaml b/stable/pgadmin/Chart.yaml index 34fed2c17359..2e5ce60edf34 100644 --- a/stable/pgadmin/Chart.yaml +++ b/stable/pgadmin/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: pgAdmin is a web based administration tool for PostgreSQL database name: pgadmin -version: 1.1.5 +version: 1.2.0 appVersion: 4.18.0 home: https://www.pgadmin.org/ source: https://github.com/rowanruseler/pgadmin diff --git a/stable/pgadmin/templates/_helpers.tpl b/stable/pgadmin/templates/_helpers.tpl index ed3ae385a0b0..cad0afa0dfbe 100644 --- a/stable/pgadmin/templates/_helpers.tpl +++ b/stable/pgadmin/templates/_helpers.tpl @@ -61,3 +61,25 @@ Defines a JSON file containing server definitions. This allows connection inform } } {{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "ingress.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} diff --git a/stable/pgadmin/templates/deployment.yaml b/stable/pgadmin/templates/deployment.yaml index 1042967b6d18..b8edf76589b9 100644 --- a/stable/pgadmin/templates/deployment.yaml +++ b/stable/pgadmin/templates/deployment.yaml @@ -1,5 +1,5 @@ {{- $fullName := include "pgadmin.fullname" . -}} -apiVersion: apps/v1 +apiVersion: {{ template "deployment.apiVersion" . }} kind: Deployment metadata: name: {{ $fullName }} diff --git a/stable/pgadmin/templates/ingress.yaml b/stable/pgadmin/templates/ingress.yaml index e91a2549814d..d12c3115cda5 100644 --- a/stable/pgadmin/templates/ingress.yaml +++ b/stable/pgadmin/templates/ingress.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "pgadmin.fullname" . -}} -apiVersion: extensions/v1beta1 +apiVersion: {{ template "ingress.apiVersion" . }} kind: Ingress metadata: name: {{ $fullName }} From 422fdc4a1cca18376d421019e2c600ed5fd4da74 Mon Sep 17 00:00:00 2001 From: Naseem Date: Sat, 15 Feb 2020 00:17:27 -0500 Subject: [PATCH 131/304] [stable/influxdb] labels, serviceaccount and remove clusterIP specificity (#20770) * update-labels In accordance with https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/\#labels, this PR uses recommended labels and creates the required helpers to keep teplates more DRY. This PR also adds a serviceaccount, a first step in allowing GCP users to use workload identity for storage access. Signed-off-by: Naseem * get rid of specifying clusterIP And add README note Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/README.md | 10 ++++-- stable/influxdb/templates/_helpers.tpl | 31 +++++++++++++++++ stable/influxdb/templates/backup-cronjob.yaml | 9 +++-- stable/influxdb/templates/config.yaml | 17 ++++------ stable/influxdb/templates/ingress.yaml | 7 ++-- stable/influxdb/templates/init-config.yaml | 7 ++-- stable/influxdb/templates/meta-config.yaml | 8 ++--- stable/influxdb/templates/meta-service.yaml | 11 +++---- .../influxdb/templates/meta-statefulset.yaml | 31 +++++++++-------- .../templates/post-install-set-auth.yaml | 7 ++-- stable/influxdb/templates/secret.yaml | 7 ++-- stable/influxdb/templates/service.yaml | 21 ++---------- stable/influxdb/templates/serviceaccount.yaml | 12 +++++++ stable/influxdb/templates/statefulset.yaml | 33 ++++++++----------- stable/influxdb/values.yaml | 14 ++++---- 16 files changed, 116 insertions(+), 111 deletions(-) create mode 100644 stable/influxdb/templates/serviceaccount.yaml diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 35a4e021237e..4ed999e75cd9 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 3.2.1 +version: 4.0.0 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/README.md b/stable/influxdb/README.md index 0384cb9909b1..b76df3f10dc4 100644 --- a/stable/influxdb/README.md +++ b/stable/influxdb/README.md @@ -78,7 +78,7 @@ To enable InfluxDB Enterprise, set the following keys and values in a values fil | `service.ClusterIP` | Use a headless service for StatefulSets | `"None"` | | `env.name[_HOSTNAME]` | Used to provide a unique `name.service` for InfluxDB. See [values.yaml]() for an example | `valueFrom.fieldRef.fieldPath: metadata.name` | | `enterprise.enabled` | Create StatefulSets for use with `influx-data` and `influx-meta` images | `true` | -| `enterprise.licensekey` | License for InfluxDB Enterprise | | +| `enterprise.licensekey` | License for InfluxDB Enterprise | | | `enterprise.clusterSize` | Replicas for `influx` StatefulSet | Dependent on license | | `enterprise.meta.image.tag` | Set to an `meta` image. See https://hub.docker.com/_/influxdb for details | `meta` | | `enterprise.meta.clusterSize` | Replicas for `influxdb-meta` StatefulSet. | `3` | @@ -114,7 +114,7 @@ To handle this setup on startup, a job can be enabled in `values.yaml` by settin Make sure to uncomment or configure the job settings after enabling it. If a password is not set, a random password will be generated. -Alternatively, if `.Values.setDefaultUser.user.existingSecret` is set the user and password are obtained from an existing Secret, the expected keys are `influxdb-user` and `influxdb-password`. Use this variable if you need to check in the `values.yaml` in a repository to avoid exposing your secrets. +Alternatively, if `.Values.setDefaultUser.user.existingSecret` is set the user and password are obtained from an existing Secret, the expected keys are `influxdb-user` and `influxdb-password`. Use this variable if you need to check in the `values.yaml` in a repository to avoid exposing your secrets. ## Upgrading @@ -129,3 +129,9 @@ The Kubernetes API change to support 1.160 may not be backwards compatible and m ### From < 3.0.0 to >= 3.0.0 Since version 3.0.0 this chart uses a StatefulSet instead of a Deployment. As part of this update the existing persistent volume (and all data) is deleted and a new one is created. Make sure to backup and restore the data manually. + +### From < 4.0.0 to >= 4.0.0 + +Labels are changed to those in accordance with [kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/\#labels). This change also removes the ability to configure clusterIP value as to avoid `Error: UPGRADE FAILED: failed to replace object: Service "my-influxdb" is invalid: spec.clusterIP: Invalid value: "": field is immutable` type errors. For more info on this error and why it should be avoided at all costs, please see [this github issue](https://github.com/helm/helm/issues/6378#issuecomment-582764215). + +Due to the significance of the changes. The recommended approach is to uninstall and reinstall the chart (the PVC *should* not be deleted during this process, but it is highly recommended to backup your data before). diff --git a/stable/influxdb/templates/_helpers.tpl b/stable/influxdb/templates/_helpers.tpl index 1536fd0e0299..4866664e1299 100644 --- a/stable/influxdb/templates/_helpers.tpl +++ b/stable/influxdb/templates/_helpers.tpl @@ -30,3 +30,34 @@ Create chart name and version as used by the chart label. {{- define "influxdb.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "influxdb.labels" -}} +helm.sh/chart: {{ include "influxdb.chart" . }} +{{ include "influxdb.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "influxdb.selectorLabels" -}} +app.kubernetes.io/name: {{ include "influxdb.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "influxdb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "influxdb.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/influxdb/templates/backup-cronjob.yaml b/stable/influxdb/templates/backup-cronjob.yaml index 781a9149a5fb..d92b16a119e7 100644 --- a/stable/influxdb/templates/backup-cronjob.yaml +++ b/stable/influxdb/templates/backup-cronjob.yaml @@ -2,12 +2,10 @@ apiVersion: batch/v1beta1 kind: CronJob metadata: - name: "{{ template "influxdb.fullname" . }}-backup" + name: {{ include "influxdb.fullname" . }}-backup labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: backup annotations: {{- toYaml .Values.backup.annotations | nindent 4 }} spec: @@ -30,6 +28,7 @@ spec: secret: secretName: {{ .Values.backup.gcs.serviceAccountSecret | quote }} {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} initContainers: - name: influxdb-backup image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/stable/influxdb/templates/config.yaml b/stable/influxdb/templates/config.yaml index 69b1219c5c7c..aaa0cb9d2e58 100644 --- a/stable/influxdb/templates/config.yaml +++ b/stable/influxdb/templates/config.yaml @@ -1,12 +1,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: "{{ template "influxdb.fullname" . }}" + name: {{ include "influxdb.fullname" . }} labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} data: influxdb.conf: |+ reporting-disabled = {{ .Values.config.reporting_disabled | default false }} @@ -96,9 +93,9 @@ data: realm = "{{ .Values.config.http.realm }}" unix-socket-enabled = {{ .Values.config.http.unix_socket_enabled }} bind-socket = "{{ .Values.config.http.bind_socket }}" - + # TODO: allow multiple graphite listeners - + [[graphite]] enabled = {{ .Values.config.graphite.enabled }} bind-address = ":{{ .Values.config.graphite.bind_address }}" @@ -118,7 +115,7 @@ data: {{- end }} ] {{- end }} - + # TODO: allow multiple collectd listeners with templates [[collectd]] @@ -133,7 +130,7 @@ data: typesdb = "{{ .Values.config.collectd.typesdb }}" security-level = "{{ .Values.config.collectd.security_level }}" auth-file = "{{ .Values.config.collectd.auth_file }}" - + # TODO: allow multiple opentsdb listeners with templates [[opentsdb]] @@ -148,7 +145,7 @@ data: batch-pending = {{ .Values.config.opentsdb.batch_pending | int64 }} batch-timeout = "{{ .Values.config.opentsdb.batch_timeout }}" log-point-errors = {{ .Values.config.opentsdb.log_point_errors }} - + # TODO: allow multiple udp listeners with templates [[udp]] diff --git a/stable/influxdb/templates/ingress.yaml b/stable/influxdb/templates/ingress.yaml index 04702b146381..5ffa73606baf 100644 --- a/stable/influxdb/templates/ingress.yaml +++ b/stable/influxdb/templates/ingress.yaml @@ -2,12 +2,9 @@ apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: - name: "{{ template "influxdb.fullname" . }}" + name: {{ include "influxdb.fullname" . }} labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} annotations: {{ toYaml .Values.ingress.annotations | indent 4 }} spec: diff --git a/stable/influxdb/templates/init-config.yaml b/stable/influxdb/templates/init-config.yaml index 1184b5ea48a7..5f6089852693 100644 --- a/stable/influxdb/templates/init-config.yaml +++ b/stable/influxdb/templates/init-config.yaml @@ -2,12 +2,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: "{{ template "influxdb.fullname" . }}-init" + name: {{ include "influxdb.fullname" . }}-init labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} data: {{ toYaml .Values.initScripts.scripts | indent 2 }} {{- end -}} diff --git a/stable/influxdb/templates/meta-config.yaml b/stable/influxdb/templates/meta-config.yaml index 21ab49133848..ae5992815e61 100644 --- a/stable/influxdb/templates/meta-config.yaml +++ b/stable/influxdb/templates/meta-config.yaml @@ -2,12 +2,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: "{{ template "influxdb.fullname" . }}-meta" + name: {{ include "influxdb.fullname" . }}-meta labels: - app: "{{ template "influxdb.fullname" . }}-meta" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: meta data: influxdb-meta.conf: |+ reporting-disabled = {{ .Values.config.reporting_disabled | default false }} diff --git a/stable/influxdb/templates/meta-service.yaml b/stable/influxdb/templates/meta-service.yaml index aaf67a372dd1..6bd355d68d3e 100644 --- a/stable/influxdb/templates/meta-service.yaml +++ b/stable/influxdb/templates/meta-service.yaml @@ -6,12 +6,10 @@ metadata: annotations: {{ toYaml .Values.service.annotations | indent 4 }} {{- end }} - name: "{{ template "influxdb.fullname" . }}-meta" + name: {{ include "influxdb.fullname" . }}-meta labels: - app: "{{ template "influxdb.fullname" . }}-meta" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernets.io/component: meta spec: type: ClusterIP clusterIP: None @@ -22,5 +20,6 @@ spec: port: {{ .Values.config.meta.bind_address }} targetPort: {{ .Values.config.meta.bind_address }} selector: - app: "{{ template "influxdb.fullname" . }}-meta" + {{- include "influxdb.selectorLabels" . | nindent 4 }} + app.kubernets.io/component: meta {{- end }} diff --git a/stable/influxdb/templates/meta-statefulset.yaml b/stable/influxdb/templates/meta-statefulset.yaml index 601b529837a5..9fa09164c5c1 100644 --- a/stable/influxdb/templates/meta-statefulset.yaml +++ b/stable/influxdb/templates/meta-statefulset.yaml @@ -2,23 +2,22 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: "{{ template "influxdb.fullname" . }}-meta" + name: {{ include "influxdb.fullname" . }}-meta labels: - app: "{{ template "influxdb.fullname" . }}-meta" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} + app.kubernetes.io/component: meta spec: replicas: {{ .Values.enterprise.meta.clusterSize }} selector: matchLabels: - app: "{{ template "influxdb.fullname" . }}-meta" - serviceName: "{{ template "influxdb.fullname" . }}-meta" + {{- include "influxdb.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: meta + serviceName: "{{ include "influxdb.fullname" . }}-meta" template: metadata: labels: - app: "{{ template "influxdb.fullname" . }}-meta" - release: "{{ .Release.Name }}" + {{- include "influxdb.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: meta {{- if .Values.podAnnotations }} annotations: {{ toYaml .Values.podAnnotations | indent 8 }} @@ -31,7 +30,7 @@ spec: {{- end}} {{- end }} containers: - - name: "{{ template "influxdb.fullname" . }}-meta" + - name: "{{ include "influxdb.fullname" . }}-meta" image: "{{ .Values.image.repository }}:{{ .Values.enterprise.meta.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} resources: @@ -48,7 +47,7 @@ spec: {{ toYaml .Values.env | indent 10 }} # Values.env's HOSTNAME isn't fundamentally different from $HOSTNAME, but this way we get a distinguished name for InfluxDB at runtime. - name: INFLUXDB_HOSTNAME - value: "$(_HOSTNAME).{{ template "influxdb.fullname" . }}-meta" + value: "$(_HOSTNAME).{{ include "influxdb.fullname" . }}-meta" {{- end }} livenessProbe: httpGet: @@ -71,7 +70,7 @@ spec: periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} {{- end }} volumeMounts: - - name: {{ template "influxdb.fullname" . }}-meta + - name: {{ include "influxdb.fullname" . }}-meta mountPath: {{ .Values.config.storage_directory }} - name: config mountPath: /etc/influxdb @@ -82,14 +81,14 @@ spec: volumes: - name: config configMap: - name: {{ template "influxdb.fullname" . }}-meta + name: {{ include "influxdb.fullname" . }}-meta {{- if .Values.initScripts.enabled }} - name: init configMap: - name: {{ template "influxdb.fullname" . }}-init + name: {{ include "influxdb.fullname" . }}-init {{- end }} {{- if (not .Values.persistence.enabled ) }} - - name: {{ template "influxdb.fullname" . }}-meta + - name: {{ include "influxdb.fullname" . }}-meta emptyDir: {} {{- end }} {{- if .Values.schedulerName }} @@ -110,7 +109,7 @@ spec: {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: - name: {{ template "influxdb.fullname" . }}-meta + name: {{ include "influxdb.fullname" . }}-meta annotations: {{- range $key, $value := .Values.persistence.annotations }} {{ $key }}: "{{ $value }}" diff --git a/stable/influxdb/templates/post-install-set-auth.yaml b/stable/influxdb/templates/post-install-set-auth.yaml index dab33b4e4cec..5af5d6233e54 100644 --- a/stable/influxdb/templates/post-install-set-auth.yaml +++ b/stable/influxdb/templates/post-install-set-auth.yaml @@ -2,12 +2,9 @@ apiVersion: batch/v1 kind: Job metadata: + name: {{ include "caca.fullname" . }}-set-auth labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ template "influxdb.fullname" . }}-set-auth + {{- include "caca.labels" . | nindent 4 }} annotations: "helm.sh/hook": post-install "helm.sh/hook-delete-policy": hook-succeeded diff --git a/stable/influxdb/templates/secret.yaml b/stable/influxdb/templates/secret.yaml index 8bfc43b01b1c..c6390f1eb911 100644 --- a/stable/influxdb/templates/secret.yaml +++ b/stable/influxdb/templates/secret.yaml @@ -3,12 +3,9 @@ apiVersion: v1 kind: Secret metadata: + name: {{ include "influxdb.fullname" . }}-auth labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" - name: {{ template "influxdb.fullname" . }}-auth + {{- include "influxdb.labels" . | nindent 4 }} data: {{- if .Values.setDefaultUser.user.password }} influxdb-password: {{ .Values.setDefaultUser.user.password | b64enc | quote }} diff --git a/stable/influxdb/templates/service.yaml b/stable/influxdb/templates/service.yaml index 5d3fcb4a85db..4f3fc4f7dcb1 100644 --- a/stable/influxdb/templates/service.yaml +++ b/stable/influxdb/templates/service.yaml @@ -5,28 +5,11 @@ metadata: annotations: {{ toYaml .Values.service.annotations | indent 4 }} {{- end }} - name: "{{ template "influxdb.fullname" . }}" + name: {{ include "influxdb.fullname" . }} labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: - {{ toYaml .Values.service.externalIPs | indent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} ports: {{- if .Values.config.http.enabled }} - name: api diff --git a/stable/influxdb/templates/serviceaccount.yaml b/stable/influxdb/templates/serviceaccount.yaml new file mode 100644 index 000000000000..2b0928035339 --- /dev/null +++ b/stable/influxdb/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "influxdb.serviceAccountName" . }} + labels: +{{ include "influxdb.labels" . | indent 4 }} +{{- end -}} diff --git a/stable/influxdb/templates/statefulset.yaml b/stable/influxdb/templates/statefulset.yaml index feae2ef71069..73444dcd7566 100644 --- a/stable/influxdb/templates/statefulset.yaml +++ b/stable/influxdb/templates/statefulset.yaml @@ -1,12 +1,9 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: "{{ template "influxdb.fullname" . }}" + name: {{ include "influxdb.fullname" . }} labels: - app: "{{ template "influxdb.fullname" . }}" - chart: "{{ template "influxdb.chart" . }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + {{- include "influxdb.labels" . | nindent 4 }} spec: {{- if .Values.enterprise.enabled }} replicas: {{ .Values.enterprise.clusterSize }} @@ -15,15 +12,12 @@ spec: {{- end}} selector: matchLabels: - app: {{ template "influxdb.fullname" . }} - release: "{{ .Release.Name }}" - serviceName: "{{ template "influxdb.fullname" . }}" + {{- include "influxdb.selectorLabels" . | nindent 6 }} + serviceName: "{{ include "influxdb.fullname" . }}" template: metadata: labels: - app: {{ template "influxdb.fullname" . }} - release: "{{ .Release.Name }}" - chart: "{{ template "influxdb.chart" . }}" + {{- include "influxdb.selectorLabels" . | nindent 8 }} {{- if .Values.podAnnotations }} annotations: {{ toYaml .Values.podAnnotations | indent 8 }} @@ -50,8 +44,9 @@ spec: - name: {{ . }} {{- end}} {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} containers: - - name: {{ template "influxdb.fullname" . }} + - name: {{ include "influxdb.fullname" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} resources: @@ -90,7 +85,7 @@ spec: {{ toYaml .Values.env | indent 10 }} {{- if .Values.enterprise.enabled }} - name: INFLUXDB_HOSTNAME # Values.env's HOSTNAME isn't fundamentally different from $HOSTNAME, but this way weg get a distinguished name at runtime. - value: "$(_HOSTNAME).{{ template "influxdb.fullname" . }}" + value: "$(_HOSTNAME).{{ include "influxdb.fullname" . }}" {{- end }} {{- end }} livenessProbe: @@ -114,7 +109,7 @@ spec: periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} {{- end }} volumeMounts: - - name: {{ template "influxdb.fullname" . }}-data + - name: {{ include "influxdb.fullname" . }}-data mountPath: {{ .Values.config.storage_directory }} - name: config mountPath: /etc/influxdb @@ -125,20 +120,20 @@ spec: volumes: - name: config configMap: - name: {{ template "influxdb.fullname" . }} + name: {{ include "influxdb.fullname" . }} {{- if .Values.initScripts.enabled }} - name: init configMap: - name: {{ template "influxdb.fullname" . }}-init + name: {{ include "influxdb.fullname" . }}-init {{- end }} {{- if (not .Values.persistence.enabled ) }} - - name: {{ template "influxdb.fullname" . }}-data + - name: {{ include "influxdb.fullname" . }}-data emptyDir: {} {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: - name: {{ template "influxdb.fullname" . }}-data + name: {{ include "influxdb.fullname" . }}-data annotations: {{- range $key, $value := .Values.persistence.annotations }} {{ $key }}: "{{ $value }}" @@ -156,4 +151,4 @@ spec: storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index ba5def84138c..52e82cee7bc0 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -8,6 +8,12 @@ image: # pullSecrets: # - registry-secret + +serviceAccount: + create: true + name: + annotations: {} + ## Customize livenessProbe and readinessProbe ## ref: https://docs.influxdata.com/influxdb/v1.7/tools/api/#ping-http-endpoint ## @@ -31,14 +37,6 @@ service: ## Add annotations to service # annotations: {} type: ClusterIP - ## Add IP Cluster - # clusterIP: "" - ## Add external IPs that route to one or more cluster nodes - # externalIPs: [] - ## Specify LoadBalancer IP (only allow on some cloud provider) - # loadBalancerIP: "" - ## Allow source IPs to access on service (if empty, any access allow) - # loadBalancerSourceRanges: [] ## Persist data to a persistent volume ## From af4e3b1324e02d594bb53e4d2ea4fef194e9f6cd Mon Sep 17 00:00:00 2001 From: Naseem Date: Sat, 15 Feb 2020 01:27:27 -0500 Subject: [PATCH 132/304] [stable/influxdb] fix: labels (#20776) * influxdb-fix-labels Signed-off-by: Naseem * Fix labels Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/backup-cronjob.yaml | 3 +-- stable/influxdb/templates/meta-statefulset.yaml | 1 + stable/influxdb/templates/post-install-set-auth.yaml | 7 +++---- stable/influxdb/templates/service.yaml | 3 +-- stable/influxdb/templates/serviceaccount.yaml | 6 +++--- 6 files changed, 10 insertions(+), 12 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 4ed999e75cd9..ccfe7f44a0f1 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.0.0 +version: 4.0.1 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/backup-cronjob.yaml b/stable/influxdb/templates/backup-cronjob.yaml index d92b16a119e7..10f49e1f6c14 100644 --- a/stable/influxdb/templates/backup-cronjob.yaml +++ b/stable/influxdb/templates/backup-cronjob.yaml @@ -16,8 +16,7 @@ spec: template: metadata: labels: - app: {{ template "influxdb.fullname" . }} - release: "{{ .Release.Name }}" + {{- include "influxdb.selectorLabels" . | nindent 12 }} spec: restartPolicy: OnFailure volumes: diff --git a/stable/influxdb/templates/meta-statefulset.yaml b/stable/influxdb/templates/meta-statefulset.yaml index 9fa09164c5c1..e7f841011718 100644 --- a/stable/influxdb/templates/meta-statefulset.yaml +++ b/stable/influxdb/templates/meta-statefulset.yaml @@ -29,6 +29,7 @@ spec: - name: {{ . }} {{- end}} {{- end }} + serviceAccountName: {{ include "influxdb.serviceAccountName" . }} containers: - name: "{{ include "influxdb.fullname" . }}-meta" image: "{{ .Values.image.repository }}:{{ .Values.enterprise.meta.image.tag }}" diff --git a/stable/influxdb/templates/post-install-set-auth.yaml b/stable/influxdb/templates/post-install-set-auth.yaml index 5af5d6233e54..05981aa596f5 100644 --- a/stable/influxdb/templates/post-install-set-auth.yaml +++ b/stable/influxdb/templates/post-install-set-auth.yaml @@ -2,9 +2,9 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "caca.fullname" . }}-set-auth + name: {{ include "influxdb.fullname" . }}-set-auth labels: - {{- include "caca.labels" . | nindent 4 }} + {{- include "influxdb.labels" . | nindent 4 }} annotations: "helm.sh/hook": post-install "helm.sh/hook-delete-policy": hook-succeeded @@ -13,8 +13,7 @@ spec: template: metadata: labels: - app: {{ template "influxdb.fullname" . }} - release: "{{ .Release.Name }}" + {{- include "influxdb.selectorLabels" . | nindent 8 }} spec: containers: - name: {{ template "influxdb.fullname" . }}-set-auth diff --git a/stable/influxdb/templates/service.yaml b/stable/influxdb/templates/service.yaml index 4f3fc4f7dcb1..c51e17bb4410 100644 --- a/stable/influxdb/templates/service.yaml +++ b/stable/influxdb/templates/service.yaml @@ -47,5 +47,4 @@ spec: targetPort: {{ .Values.config.rpc.bind_address }} {{- end }} selector: - app: {{ template "influxdb.fullname" . }} - release: "{{ .Release.Name }}" + {{- include "influxdb.selectorLabels" . | nindent 4 }} diff --git a/stable/influxdb/templates/serviceaccount.yaml b/stable/influxdb/templates/serviceaccount.yaml index 2b0928035339..c496696559c0 100644 --- a/stable/influxdb/templates/serviceaccount.yaml +++ b/stable/influxdb/templates/serviceaccount.yaml @@ -2,11 +2,11 @@ apiVersion: v1 kind: ServiceAccount metadata: + name: {{ include "influxdb.serviceAccountName" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} - name: {{ template "influxdb.serviceAccountName" . }} - labels: -{{ include "influxdb.labels" . | indent 4 }} {{- end -}} From c10dd592a0ab6bcfa3a7d1cf6063229e4affdd77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Picot?= Date: Sat, 15 Feb 2020 12:07:27 +0100 Subject: [PATCH 133/304] [stable/nginx-ingress] fix psp for daemonsets with userHostPort (#20764) Signed-off-by: fpicot --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/templates/controller-psp.yaml | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 2fbc32573858..efc5ec26a4f7 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.30.2 +version: 1.30.3 appVersion: 0.28.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/templates/controller-psp.yaml b/stable/nginx-ingress/templates/controller-psp.yaml index 96154686780d..b91ecba22d59 100644 --- a/stable/nginx-ingress/templates/controller-psp.yaml +++ b/stable/nginx-ingress/templates/controller-psp.yaml @@ -21,13 +21,21 @@ spec: - 'secret' #- 'downwardAPI' hostNetwork: {{ .Values.controller.hostNetwork }} -{{- if .Values.controller.hostNetwork }} +{{- if or .Values.controller.hostNetwork .Values.controller.daemonset.useHostPort }} hostPorts: +{{- if .Values.controller.hostNetwork }} {{- range $key, $value := .Values.controller.containerPort }} # {{ $key }} - min: {{ $value }} max: {{ $value }} {{- end }} +{{- else if .Values.controller.daemonset.useHostPort }} +{{- range $key, $value := .Values.controller.daemonset.hostPorts }} + # {{ $key }} + - min: {{ $value }} + max: {{ $value }} +{{- end }} +{{- end }} {{- if .Values.controller.metrics.enabled }} # metrics - min: {{ .Values.controller.metrics.port }} From b299d6c813d8f509952af1604237c4105f23e0a1 Mon Sep 17 00:00:00 2001 From: Jesse Millan Date: Sat, 15 Feb 2020 04:09:27 -0800 Subject: [PATCH 134/304] Add triggerLoopOnEvent option to trigger sync loop on create/update/delete events. (#20595) Signed-off-by: jlamillan --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/README.md | 1 + stable/external-dns/templates/deployment.yaml | 3 +++ stable/external-dns/values-production.yaml | 3 +++ stable/external-dns/values.yaml | 3 +++ 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index 89d4561e88d6..48e4f9ace7e3 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: external-dns -version: 2.17.0 +version: 2.18.0 appVersion: 0.6.0 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index 808daea9a05f..22b3c2f8d096 100755 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -135,6 +135,7 @@ The following table lists the configurable parameters of the external-dns chart | `logLevel` | Verbosity of the logs (options: panic, debug, info, warn, error, fatal) | `info` | | `logFormat` | Which format to output logs in (options: text, json) | `text` | | `interval` | Interval update period to use | `1m` | +| `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional)| `false` | | `istioIngressGateways` | The fully-qualified name of the Istio ingress gateway services . | `""` | | `policy` | Modify how DNS records are sychronized between sources and providers (options: sync, upsert-only ) | `upsert-only` | | `registry` | Registry method to use (options: txt, noop) | `txt` | diff --git a/stable/external-dns/templates/deployment.yaml b/stable/external-dns/templates/deployment.yaml index 8264d956f022..b4f2647b2d93 100755 --- a/stable/external-dns/templates/deployment.yaml +++ b/stable/external-dns/templates/deployment.yaml @@ -57,6 +57,9 @@ spec: {{- if .Values.dryRun }} - --dry-run {{- end }} + {{- if .Values.triggerLoopOnEvent }} + - --events + {{- end }} {{- if .Values.namespace }} - --namespace={{ .Values.namespace }} {{- end }} diff --git a/stable/external-dns/values-production.yaml b/stable/external-dns/values-production.yaml index 44168bef7402..021708fc2219 100644 --- a/stable/external-dns/values-production.yaml +++ b/stable/external-dns/values-production.yaml @@ -294,6 +294,9 @@ dryRun: false ## Adjust the interval for DNS updates ## interval: "1m" +## When enabled, triggers run loop on create/update/delete events (optional, in addition of regular interval) +## +triggerLoopOnEvent: false ## Verbosity of the ExternalDNS logs. Available values are: ## - panic, debug, info, warn, error, fatal ## diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 843b784086e5..7f32fae2bedd 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -290,6 +290,9 @@ annotationFilter: "" ## When enabled, prints DNS record changes rather than actually performing them ## dryRun: false +## When enabled, triggers run loop on create/update/delete events (optional, in addition of regular interval) +## +triggerLoopOnEvent: false ## Adjust the interval for DNS updates ## interval: "1m" From b0815c9cea2857fdf99a7144b022d5751a329a72 Mon Sep 17 00:00:00 2001 From: Prateek Pandey Date: Sat, 15 Feb 2020 18:53:27 +0530 Subject: [PATCH 135/304] [stable/openebs] update charts to 1.7.0 release (#20773) - Updated README - Updated chart version - Updated values.yaml Signed-off-by: prateekpandey14 --- stable/openebs/Chart.yaml | 4 +- stable/openebs/README.md | 37 ++++++++++--------- stable/openebs/templates/daemonset-ndm.yaml | 6 +++ .../templates/deployment-maya-apiserver.yaml | 4 ++ stable/openebs/values.yaml | 37 +++++++++++-------- 5 files changed, 52 insertions(+), 36 deletions(-) diff --git a/stable/openebs/Chart.yaml b/stable/openebs/Chart.yaml index b27ce5774eb8..f663d0767d16 100644 --- a/stable/openebs/Chart.yaml +++ b/stable/openebs/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 -version: 1.6.1 +version: 1.7.0 name: openebs -appVersion: 1.6.0 +appVersion: 1.7.0 description: Containerized Storage for Containers icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png home: http://www.openebs.io/ diff --git a/stable/openebs/README.md b/stable/openebs/README.md index fc6676fed7c4..14345fe3ff9e 100644 --- a/stable/openebs/README.md +++ b/stable/openebs/README.md @@ -42,31 +42,31 @@ The following table lists the configurable parameters of the OpenEBS chart and t | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `apiserver.enabled` | Enable API Server | `true` | | `apiserver.image` | Image for API Server | `quay.io/openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `1.6.0` | +| `apiserver.imageTag` | Image Tag for API Server | `1.7.0` | | `apiserver.replicas` | Number of API Server Replicas | `1` | | `apiserver.sparse.enabled` | Create Sparse Pool based on Sparsefile | `false` | | `provisioner.enabled` | Enable Provisioner | `true` | | `provisioner.image` | Image for Provisioner | `quay.io/openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `1.6.0` | +| `provisioner.imageTag` | Image Tag for Provisioner | `1.7.0` | | `provisioner.replicas` | Number of Provisioner Replicas | `1` | | `localprovisioner.enabled` | Enable localProvisioner | `true` | | `localprovisioner.image` | Image for localProvisioner | `quay.io/openebs/provisioner-localpv` | -| `localprovisioner.imageTag` | Image Tag for localProvisioner | `1.6.0` | +| `localprovisioner.imageTag` | Image Tag for localProvisioner | `1.7.0` | | `localprovisioner.replicas` | Number of localProvisioner Replicas | `1` | | `localprovisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | | `webhook.enabled` | Enable admission server | `true` | | `webhook.image` | Image for admission server | `quay.io/openebs/admission-server` | -| `webhook.imageTag` | Image Tag for admission server | `1.6.0` | +| `webhook.imageTag` | Image Tag for admission server | `1.7.0` | | `webhook.replicas` | Number of admission server Replicas | `1` | | `snapshotOperator.enabled` | Enable Snapshot Provisioner | `true` | | `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `quay.io/openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.6.0` | +| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.7.0` | | `snapshotOperator.controller.image` | Image for Snapshot Controller | `quay.io/openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.6.0` | +| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.7.0` | | `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | | `ndm.enabled` | Enable Node Disk Manager | `true` | | `ndm.image` | Image for Node Disk Manager | `quay.io/openebs/node-disk-manager-amd64` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.4.6` | +| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.4.7` | | `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | | `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | | `ndm.sparse.count` | Number of sparse files to be created | `0` | @@ -77,28 +77,29 @@ The following table lists the configurable parameters of the OpenEBS chart and t | `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | | `ndmOperator.enabled` | Enable NDM Operator | `true` | | `ndmOperator.image` | Image for NDM Operator | `quay.io/openebs/node-disk-operator-amd64`| -| `ndmOperator.imageTag` | Image Tag for NDM Operator | `v0.4.6` | +| `ndmOperator.imageTag` | Image Tag for NDM Operator | `v0.4.7` | | `jiva.image` | Image for Jiva | `quay.io/openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `1.6.0` | +| `jiva.imageTag` | Image Tag for Jiva | `1.7.0` | | `jiva.replicas` | Number of Jiva Replicas | `3` | | `jiva.defaultStoragePath` | hostpath used by default Jiva StorageClass | `/var/openebs` | | `cstor.pool.image` | Image for cStor Pool | `quay.io/openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.6.0` | +| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.7.0` | | `cstor.poolMgmt.image` | Image for cStor Pool Management | `quay.io/openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.6.0` | +| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.7.0` | | `cstor.target.image` | Image for cStor Target | `quay.io/openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `1.6.0` | +| `cstor.target.imageTag` | Image Tag for cStor Target | `1.7.0` | | `cstor.volumeMgmt.image` | Image for cStor Volume Management | `quay.io/openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.6.0` | +| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.7.0` | | `helper.image` | Image for helper | `quay.io/openebs/linux-utils` | -| `helper.imageTag` | Image Tag for helper | `1.6.0` | +| `helper.imageTag` | Image Tag for helper | `1.7.0` | | `policies.monitoring.image` | Image for Prometheus Exporter | `quay.io/openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.6.0` | +| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.7.0` | | `analytics.enabled` | Enable sending stats to Google Analytics | `true` | | `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | -| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | -| `HealthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | | 30 | -| `HealthCheck.periodSeconds` | How often to perform the liveness probe | `60` | | 10 | +| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | +| `varDirectoryPath.baseDir` | To store debug info of OpenEBS containers | `/var/openebs` | +| `healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | | 30 | +| `healthCheck.periodSeconds` | How often to perform the liveness probe | `60` | | 10 | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/openebs/templates/daemonset-ndm.yaml b/stable/openebs/templates/daemonset-ndm.yaml index fe32ffaed047..d40b88e1a9d0 100644 --- a/stable/openebs/templates/daemonset-ndm.yaml +++ b/stable/openebs/templates/daemonset-ndm.yaml @@ -84,6 +84,8 @@ spec: - name: procmount mountPath: /host/proc readOnly: true + - name: basepath + mountPath: /var/openebs/ndm {{- if .Values.ndm.sparse }} {{- if .Values.ndm.sparse.path }} - name: sparsepath @@ -104,6 +106,10 @@ spec: hostPath: path: /proc type: Directory + - name: basepath + hostPath: + path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" + type: DirectoryOrCreate {{- if .Values.ndm.sparse }} {{- if .Values.ndm.sparse.path }} - name: sparsepath diff --git a/stable/openebs/templates/deployment-maya-apiserver.yaml b/stable/openebs/templates/deployment-maya-apiserver.yaml index 395d905748ef..9c15096da8c1 100644 --- a/stable/openebs/templates/deployment-maya-apiserver.yaml +++ b/stable/openebs/templates/deployment-maya-apiserver.yaml @@ -105,6 +105,10 @@ spec: # is set to true - name: OPENEBS_IO_LOCALPV_HOSTPATH_DIR value: "{{ .Values.localprovisioner.basePath }}" + # OPENEBS_IO_BASE_DIR used by the OpenEBS to store debug information and + # so forth that are generated in the course of running OpenEBS containers. + - name: OPENEBS_IO_BASE_DIR + value: "{{ .Values.varDirectoryPath.baseDir }}" - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE value: "{{ .Values.jiva.image }}:{{ .Values.jiva.imageTag }}" - name: OPENEBS_IO_JIVA_REPLICA_IMAGE diff --git a/stable/openebs/values.yaml b/stable/openebs/values.yaml index 39907bf83359..e5c9150b9f1d 100644 --- a/stable/openebs/values.yaml +++ b/stable/openebs/values.yaml @@ -13,7 +13,7 @@ serviceAccount: release: # "openebs.io/version" label for control plane components - version: "1.6.0" + version: "1.7.0" image: pullPolicy: IfNotPresent @@ -21,7 +21,7 @@ image: apiserver: enabled: true image: "quay.io/openebs/m-apiserver" - imageTag: "1.6.0" + imageTag: "1.7.0" replicas: 1 ports: externalPort: 5656 @@ -38,10 +38,15 @@ apiserver: defaultStorageConfig: enabled: "true" +# Directory used by the OpenEBS to store debug information and so forth +# that are generated in the course of running OpenEBS containers. +varDirectoryPath: + baseDir: "/var/openebs" + provisioner: enabled: true image: "quay.io/openebs/openebs-k8s-provisioner" - imageTag: "1.6.0" + imageTag: "1.7.0" replicas: 1 nodeSelector: {} tolerations: [] @@ -53,7 +58,7 @@ provisioner: localprovisioner: enabled: true image: "quay.io/openebs/provisioner-localpv" - imageTag: "1.6.0" + imageTag: "1.7.0" replicas: 1 basePath: "/var/openebs/local" nodeSelector: {} @@ -67,10 +72,10 @@ snapshotOperator: enabled: true controller: image: "quay.io/openebs/snapshot-controller" - imageTag: "1.6.0" + imageTag: "1.7.0" provisioner: image: "quay.io/openebs/snapshot-provisioner" - imageTag: "1.6.0" + imageTag: "1.7.0" replicas: 1 upgradeStrategy: "Recreate" nodeSelector: {} @@ -83,7 +88,7 @@ snapshotOperator: ndm: enabled: true image: "quay.io/openebs/node-disk-manager-amd64" - imageTag: "v0.4.6" + imageTag: "v0.4.7" sparse: path: "/var/openebs/sparse" size: "10737418240" @@ -103,7 +108,7 @@ ndm: ndmOperator: enabled: true image: "quay.io/openebs/node-disk-operator-amd64" - imageTag: "v0.4.6" + imageTag: "v0.4.7" replicas: 1 upgradeStrategy: Recreate nodeSelector: {} @@ -116,7 +121,7 @@ ndmOperator: webhook: enabled: true image: "quay.io/openebs/admission-server" - imageTag: "1.6.0" + imageTag: "1.7.0" failurePolicy: Ignore replicas: 1 nodeSelector: {} @@ -125,33 +130,33 @@ webhook: jiva: image: "quay.io/openebs/jiva" - imageTag: "1.6.0" + imageTag: "1.7.0" replicas: 3 defaultStoragePath: "/var/openebs" cstor: pool: image: "quay.io/openebs/cstor-pool" - imageTag: "1.6.0" + imageTag: "1.7.0" poolMgmt: image: "quay.io/openebs/cstor-pool-mgmt" - imageTag: "1.6.0" + imageTag: "1.7.0" target: image: "quay.io/openebs/cstor-istgt" - imageTag: "1.6.0" + imageTag: "1.7.0" volumeMgmt: image: "quay.io/openebs/cstor-volume-mgmt" - imageTag: "1.6.0" + imageTag: "1.7.0" helper: image: "quay.io/openebs/linux-utils" - imageTag: "1.6.0" + imageTag: "1.7.0" policies: monitoring: enabled: true image: "quay.io/openebs/m-exporter" - imageTag: "1.6.0" + imageTag: "1.7.0" analytics: enabled: true From aa29b856ef9a296d6e6cc1754e15d5401f30dc7d Mon Sep 17 00:00:00 2001 From: Naseem Date: Sat, 15 Feb 2020 09:41:27 -0500 Subject: [PATCH 136/304] [stable/Influxdb] make mounting of GSA key optional for backups to GCS (#20780) * influxdb-fix-labels Signed-off-by: Naseem * Fix labels Signed-off-by: Naseem * Allow use of workload identity to auth to GCS By making the mounting of a GSA key optional, it give the option of using workload identity to provide the backup with access to GCS. For more info on workload identity please see https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 4 +++- stable/influxdb/OWNERS | 2 ++ stable/influxdb/templates/backup-cronjob.yaml | 14 +++++++++++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index ccfe7f44a0f1..c61e3a9ea3a8 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.0.1 +version: 4.1.0 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: @@ -15,4 +15,6 @@ maintainers: email: jack@influxdb.com - name: aisuko email: urakiny@gmail.com +- name: naseemkullah + email: naseem@transit.app engine: gotpl diff --git a/stable/influxdb/OWNERS b/stable/influxdb/OWNERS index 4e5989f509b1..cb26731a33f4 100644 --- a/stable/influxdb/OWNERS +++ b/stable/influxdb/OWNERS @@ -1,6 +1,8 @@ approvers: - jackzampolin - aisuko +- naseemkullah reviewers: - jackzampolin - aisuko +- naseemkullah diff --git a/stable/influxdb/templates/backup-cronjob.yaml b/stable/influxdb/templates/backup-cronjob.yaml index 10f49e1f6c14..9d7aee9dc63d 100644 --- a/stable/influxdb/templates/backup-cronjob.yaml +++ b/stable/influxdb/templates/backup-cronjob.yaml @@ -22,11 +22,13 @@ spec: volumes: - name: backups emptyDir: {} - {{- if and .Values.backup.gcs }} + {{- if .Values.backup.gcs }} + {{- if .Values.backup.gcs.serviceAccountSecret }} - name: google-cloud-key secret: secretName: {{ .Values.backup.gcs.serviceAccountSecret | quote }} {{- end }} + {{- end }} serviceAccountName: {{ include "influxdb.serviceAccountName" . }} initContainers: - name: influxdb-backup @@ -41,7 +43,7 @@ spec: - | influxd backup -host {{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.config.rpc.bind_address }} -portable /backups/backup_$(date +%Y%m%d_%H%M%S) containers: - {{- if .Values.backup.gcs}} + {{- if .Values.backup.gcs }} - name: gsutil-cp image: google/cloud-sdk:alpine command: @@ -49,20 +51,26 @@ spec: args: - '-c' - | - gcloud auth activate-service-account --key-file $KEY_FILE + if [ -n "$KEY_FILE" ]; then + gcloud auth activate-service-account --key-file $KEY_FILE + fi gsutil -m cp -r "$SRC_URL" "$DST_URL" volumeMounts: - name: backups mountPath: /backups + {{- if .Values.backup.gcs.serviceAccountSecretKey}} - name: google-cloud-key mountPath: /var/secrets/google/ + {{- end }} env: - name: SRC_URL value: /backups - name: DST_URL value: {{ .Values.backup.gcs.destination}} + {{- if .Values.backup.gcs.serviceAccountSecretKey}} - name: KEY_FILE value: /var/secrets/google/{{ .Values.backup.gcs.serviceAccountSecretKey }} + {{- end }} {{- end }} {{- if .Values.backup.azure }} - name: azure-cli From 9adfbb1060ed6e18de7c83cf8c68a27f17713598 Mon Sep 17 00:00:00 2001 From: Naseem Date: Sat, 15 Feb 2020 22:39:27 -0500 Subject: [PATCH 137/304] [stable/influxdb] use named ports (#20781) * influxdb-fix-labels Signed-off-by: Naseem * Fix labels Signed-off-by: Naseem * use names ports Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/meta-service.yaml | 2 +- stable/influxdb/templates/service.yaml | 14 +++++++------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index c61e3a9ea3a8..48bbacbb77dd 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.1.0 +version: 4.1.1 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/meta-service.yaml b/stable/influxdb/templates/meta-service.yaml index 6bd355d68d3e..32606f3de70a 100644 --- a/stable/influxdb/templates/meta-service.yaml +++ b/stable/influxdb/templates/meta-service.yaml @@ -18,7 +18,7 @@ spec: ports: - name: meta port: {{ .Values.config.meta.bind_address }} - targetPort: {{ .Values.config.meta.bind_address }} + targetPort: meta selector: {{- include "influxdb.selectorLabels" . | nindent 4 }} app.kubernets.io/component: meta diff --git a/stable/influxdb/templates/service.yaml b/stable/influxdb/templates/service.yaml index c51e17bb4410..f204109390b4 100644 --- a/stable/influxdb/templates/service.yaml +++ b/stable/influxdb/templates/service.yaml @@ -14,37 +14,37 @@ spec: {{- if .Values.config.http.enabled }} - name: api port: {{ .Values.config.http.bind_address }} - targetPort: {{ .Values.config.http.bind_address }} + targetPort: api {{- end }} {{- if .Values.config.admin.enabled }} - name: admin port: {{ .Values.config.admin.bind_address }} - targetPort: {{ .Values.config.admin.bind_address }} + targetPort: admin {{- end }} {{- if .Values.config.graphite.enabled }} - name: graphite port: {{ .Values.config.graphite.bind_address }} - targetPort: {{ .Values.config.graphite.bind_address }} + targetPort: graphite {{- end }} {{- if .Values.config.collectd.enabled }} - name: collectd port: {{ .Values.config.collectd.bind_address }} - targetPort: {{ .Values.config.collectd.bind_address }} + targetPort: collectd {{- end }} {{- if .Values.config.udp.enabled }} - name: udp port: {{ .Values.config.udp.bind_address }} - targetPort: {{ .Values.config.udp.bind_address }} + targetPort: udp {{- end }} {{- if .Values.config.opentsdb.enabled }} - name: opentsdb port: {{ .Values.config.opentsdb.bind_address }} - targetPort: {{ .Values.config.opentsdb.bind_address }} + targetPort: opentsdb {{- end }} {{- if .Values.config.rpc.enabled }} - name: rpc port: {{ .Values.config.rpc.bind_address }} - targetPort: {{ .Values.config.rpc.bind_address }} + targetPort: rpc {{- end }} selector: {{- include "influxdb.selectorLabels" . | nindent 4 }} From 273dfac9ef7660bcaa5aab7257f3e49f5cfe27cb Mon Sep 17 00:00:00 2001 From: Naseem Date: Sun, 16 Feb 2020 00:57:28 -0500 Subject: [PATCH 138/304] [stable/influxdb] Refactor configmap by using implicit default values (#20787) * Refactor configmap by using implicit default values Instead of having every default value explicitly described in the values file and put into the corresponding configmap(s), just use defaults and adjust these values as needed. This is beneficial because overtime defaults may change and it is duplicate work to match it in the values file. Furthermore documenting configurable values in the README will be much more feasible. This PR also removes the now defunct admin section of the config. Signed-off-by: Naseem * Rename config to configmap Signed-off-by: Naseem * enable api and rpc ports always Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/NOTES.txt | 6 +- stable/influxdb/templates/backup-cronjob.yaml | 2 +- stable/influxdb/templates/config.yaml | 170 ------------------ stable/influxdb/templates/configmap.yaml | 112 ++++++++++++ .../{meta-config.yaml => meta-configmap.yaml} | 21 +-- stable/influxdb/templates/meta-service.yaml | 2 +- .../influxdb/templates/meta-statefulset.yaml | 8 +- .../templates/post-install-set-auth.yaml | 2 +- stable/influxdb/templates/service.yaml | 25 +-- stable/influxdb/templates/statefulset.yaml | 20 +-- stable/influxdb/values.yaml | 143 ++------------- 12 files changed, 167 insertions(+), 346 deletions(-) delete mode 100644 stable/influxdb/templates/config.yaml create mode 100644 stable/influxdb/templates/configmap.yaml rename stable/influxdb/templates/{meta-config.yaml => meta-configmap.yaml} (51%) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 48bbacbb77dd..9345160b655c 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.1.1 +version: 4.2.0 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/NOTES.txt b/stable/influxdb/templates/NOTES.txt index a555aaff0c5c..42622c8c55a1 100644 --- a/stable/influxdb/templates/NOTES.txt +++ b/stable/influxdb/templates/NOTES.txt @@ -1,10 +1,10 @@ -InfluxDB can be accessed via port {{ .Values.config.http.bind_address }} on the following DNS name from within your cluster: +InfluxDB can be accessed via port {{ .Values.config.http.bind_address | default 8086 }} on the following DNS name from within your cluster: -- http://{{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.config.http.bind_address }} +- http://{{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.config.http.bind_address | default 8086 }} You can easily connect to the remote instance with your local influx cli. To forward the API port to localhost:8086 run the following: -- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ .Values.config.http.bind_address }} +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ .Values.config.http.bind_address | default 8086 }} You can also connect to the influx cli from inside the container. To open a shell session in the InfluxDB pod run the following: diff --git a/stable/influxdb/templates/backup-cronjob.yaml b/stable/influxdb/templates/backup-cronjob.yaml index 9d7aee9dc63d..e966a8b78b7c 100644 --- a/stable/influxdb/templates/backup-cronjob.yaml +++ b/stable/influxdb/templates/backup-cronjob.yaml @@ -41,7 +41,7 @@ spec: args: - '-c' - | - influxd backup -host {{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.config.rpc.bind_address }} -portable /backups/backup_$(date +%Y%m%d_%H%M%S) + influxd backup -host {{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.config.rpc.bind_address | default 8088 }} -portable /backups/backup_$(date +%Y%m%d_%H%M%S) containers: {{- if .Values.backup.gcs }} - name: gsutil-cp diff --git a/stable/influxdb/templates/config.yaml b/stable/influxdb/templates/config.yaml deleted file mode 100644 index aaa0cb9d2e58..000000000000 --- a/stable/influxdb/templates/config.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "influxdb.fullname" . }} - labels: - {{- include "influxdb.labels" . | nindent 4 }} -data: - influxdb.conf: |+ - reporting-disabled = {{ .Values.config.reporting_disabled | default false }} - bind-address = ":{{ .Values.config.rpc.bind_address }}" - - {{ if .Values.enterprise.enabled -}} - [enterprise] - license-key = {{ .Values.enterprise.licensekey | quote }} - [hinted-handoff] - enabled = true - dir = "{{ .Values.config.storage_directory }}/hh" - {{- end }} - - [meta] - dir = "{{ .Values.config.storage_directory }}/meta" - retention-autocreate = {{ .Values.config.meta.retention_autocreate }} - logging-enabled = {{ .Values.config.meta.logging_enabled }} - {{- if .Values.enterprise.enabled }} - internal-shared-secret = "{{ sha256sum .Values.enterprise.meta.seed }}" - meta-auth-enabled = {{ .Values.config.meta.authEnabled }} - {{- end }} - - [data] - dir = "{{ .Values.config.storage_directory }}/data" - wal-dir = "{{ .Values.config.storage_directory }}/wal" - query-log-enabled = {{ .Values.config.data.query_log_enabled }} - cache-max-memory-size = {{ .Values.config.data.cache_max_memory_size | int64 }} - cache-snapshot-memory-size = {{ .Values.config.data.cache_snapshot_memory_size | int64 }} - cache-snapshot-write-cold-duration = "{{ .Values.config.data.cache_snapshot_write_cold_duration }}" - compact-full-write-cold-duration = "{{ .Values.config.data.compact_full_write_cold_duration }}" - max-series-per-database = {{ .Values.config.data.max_series_per_database | int64 }} - max-values-per-tag = {{ .Values.config.data.max_values_per_tag | int64 }} - index-version = "{{ .Values.config.data.index_version }}" - trace-logging-enabled = {{ .Values.config.data.trace_logging_enabled }} - - [coordinator] - write-timeout = "{{ .Values.config.coordinator.write_timeout }}" - max-concurrent-queries = {{ .Values.config.coordinator.max_concurrent_queries | int64 }} - query-timeout = "{{ .Values.config.coordinator.query_timeout }}" - log-queries-after = "{{ .Values.config.coordinator.log_queries_after }}" - max-select-point = {{ .Values.config.coordinator.max_select_point | int64 }} - max-select-series = {{ .Values.config.coordinator.max_select_series | int64 }} - max-select-buckets = {{ .Values.config.coordinator.max_select_buckets | int64 }} - - [retention] - enabled = {{ .Values.config.retention.enabled }} - check-interval = "{{ .Values.config.retention.check_interval }}" - - [shard-precreation] - enabled = {{ .Values.config.shard_precreation.enabled }} - check-interval = "{{ .Values.config.shard_precreation.check_interval }}" - advance-period = "{{ .Values.config.shard_precreation.advance_period }}" - - [admin] - enabled = {{ .Values.config.admin.enabled }} - bind-address = ":{{ .Values.config.admin.bind_address }}" - https-enabled = {{ .Values.config.admin.https_enabled }} - https-certificate = "{{ .Values.config.admin.https_certificate }}" - - [monitor] - store-enabled = {{ .Values.config.monitor.store_enabled }} - store-database = "{{ .Values.config.monitor.store_database }}" - store-interval = "{{ .Values.config.monitor.store_interval }}" - - [subscriber] - enabled = {{ .Values.config.subscriber.enabled }} - http-timeout = "{{ .Values.config.subscriber.http_timeout }}" - insecure-skip-verify = {{ .Values.config.subscriber.insecure_skip_verify }} - ca-certs = "{{ .Values.config.subscriber.ca_certs }}" - write-concurrency = {{ .Values.config.subscriber.write_concurrency | int64 }} - write-buffer-size = {{ .Values.config.subscriber.write_buffer_size | int64 }} - - [http] - enabled = {{ .Values.config.http.enabled }} - bind-address = ":{{ .Values.config.http.bind_address }}" - flux-enabled = {{ .Values.config.http.flux_enabled }} - auth-enabled = {{ .Values.config.http.auth_enabled }} - log-enabled = {{ .Values.config.http.log_enabled }} - write-tracing = {{ .Values.config.http.write_tracing }} - pprof-enabled = {{ .Values.config.http.pprof_enabled }} - https-enabled = {{ .Values.config.http.https_enabled }} - https-certificate = "{{ .Values.config.http.https_certificate }}" - https-private-key = "{{ .Values.config.http.https_private_key }}" - max-row-limit = {{ .Values.config.http.max_row_limit | int64 }} - max-connection-limit = {{ .Values.config.http.max_connection_limit | int64 }} - shared-secret = "{{ .Values.config.http.shared_secret }}" - realm = "{{ .Values.config.http.realm }}" - unix-socket-enabled = {{ .Values.config.http.unix_socket_enabled }} - bind-socket = "{{ .Values.config.http.bind_socket }}" - - # TODO: allow multiple graphite listeners - - [[graphite]] - enabled = {{ .Values.config.graphite.enabled }} - bind-address = ":{{ .Values.config.graphite.bind_address }}" - database = "{{ .Values.config.graphite.database }}" - retention-policy = "{{ .Values.config.graphite.retention_policy }}" - protocol = "{{ .Values.config.graphite.protocol }}" - batch-size = {{ .Values.config.graphite.batch_size | int64 }} - batch-pending = {{ .Values.config.graphite.batch_pending | int64 }} - batch-timeout = "{{ .Values.config.graphite.batch_timeout }}" - consistency-level = "{{ .Values.config.graphite.consistency_level }}" - separator = "{{ .Values.config.graphite.separator }}" - udp-read-buffer = {{ .Values.config.graphite.udp_read_buffer | int64 }} - {{- if .Values.config.graphite.templates }} - templates = [ - {{- range .Values.config.graphite.templates }} - {{ quote . }}, - {{- end }} - ] - {{- end }} - - # TODO: allow multiple collectd listeners with templates - - [[collectd]] - enabled = {{ .Values.config.collectd.enabled }} - bind-address = ":{{ .Values.config.collectd.bind_address }}" - database = "{{ .Values.config.collectd.database }}" - retention-policy = "{{ .Values.config.collectd.retention_policy }}" - batch-size = {{ .Values.config.collectd.batch_size | int64 }} - batch-pending = {{ .Values.config.collectd.batch_pending | int64 }} - batch-timeout = "{{ .Values.config.collectd.batch_timeout }}" - read-buffer = {{ .Values.config.collectd.read_buffer | int64 }} - typesdb = "{{ .Values.config.collectd.typesdb }}" - security-level = "{{ .Values.config.collectd.security_level }}" - auth-file = "{{ .Values.config.collectd.auth_file }}" - - # TODO: allow multiple opentsdb listeners with templates - - [[opentsdb]] - enabled = {{ .Values.config.opentsdb.enabled }} - bind-address = ":{{ .Values.config.opentsdb.bind_address }}" - database = "{{ .Values.config.opentsdb.database }}" - retention-policy = "{{ .Values.config.opentsdb.retention_policy }}" - consistency-level = "{{ .Values.config.opentsdb.consistency_level }}" - tls-enabled = {{ .Values.config.opentsdb.tls_enabled }} - certificate = "{{ .Values.config.opentsdb.certificate }}" - batch-size = {{ .Values.config.opentsdb.batch_size | int64 }} - batch-pending = {{ .Values.config.opentsdb.batch_pending | int64 }} - batch-timeout = "{{ .Values.config.opentsdb.batch_timeout }}" - log-point-errors = {{ .Values.config.opentsdb.log_point_errors }} - - # TODO: allow multiple udp listeners with templates - - [[udp]] - enabled = {{ .Values.config.udp.enabled }} - bind-address = ":{{ .Values.config.udp.bind_address }}" - database = "{{ .Values.config.udp.database }}" - retention-policy = "{{ .Values.config.udp.retention_policy }}" - batch-size = {{ .Values.config.udp.batch_size | int64 }} - batch-pending = {{ .Values.config.udp.batch_pending | int64 }} - read-buffer = {{ .Values.config.udp.read_buffer | int64 }} - batch-timeout = "{{ .Values.config.udp.batch_timeout }}" - precision = "{{ .Values.config.udp.precision }}" - - [continuous_queries] - log-enabled = {{ .Values.config.continuous_queries.log_enabled }} - enabled = {{ .Values.config.continuous_queries.enabled }} - run-interval = "{{ .Values.config.continuous_queries.run_interval }}" - - [logging] - format = "{{ .Values.config.logging.format }}" - level = "{{ .Values.config.logging.level }}" - supress-logo = {{ .Values.config.logging.supress_logo }} diff --git a/stable/influxdb/templates/configmap.yaml b/stable/influxdb/templates/configmap.yaml new file mode 100644 index 000000000000..a6867488813e --- /dev/null +++ b/stable/influxdb/templates/configmap.yaml @@ -0,0 +1,112 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "influxdb.fullname" . }} + labels: + {{- include "influxdb.labels" . | nindent 4 }} +data: + influxdb.conf: |+ + reporting-disabled = {{ .Values.config.reporting_disabled | default false }} + bind-address = ":{{ .Values.config.rpc.bind_address | default 8088 }}" + + [meta] + dir = "/var/lib/influxdb/meta" + {{- range $key, $value := index .Values.config.meta }} + {{ $key }} = {{ $value }} + {{- end }} + + {{- if .Values.enterprise.enabled }} + internal-shared-secret = "{{ sha256sum .Values.enterprise.meta.seed }}" + meta-auth-enabled = {{ .Values.config.meta.authEnabled }} + {{- end }} + + [data] + dir = "/var/lib/influxdb/data" + wal-dir = "/var/lib/influxdb/wal" + {{- range $key, $value := index .Values.config.data }} + {{ $key }} = {{ $value }} + {{- end }} + + [coordinator] + {{- range $key, $value := index .Values.config.coordinator }} + {{ $key }} = {{ $value }} + {{- end }} + + [retention] + {{- range $key, $value := index .Values.config.retention }} + {{ $key }} = {{ $value }} + {{- end }} + + [shard-precreation] + {{- range $key, $value := index .Values.config.shard_precreation }} + {{ $key }} = {{ $value }} + {{- end }} + + [monitor] + {{- range $key, $value := index .Values.config.monitor }} + {{ $key }} = {{ $value }} + {{- end }} + + [subscriber] + {{- range $key, $value := index .Values.config.subscriber }} + {{ $key }} = {{ $value }} + {{- end }} + + [http] + {{- range $key, $value := index .Values.config.http }} + {{ $key }} = {{ $value }} + {{- end }} + + # TODO: allow multiple graphite listeners + + [[graphite]] + {{- range $key, $value := index .Values.config.graphite }} + {{ $key }} = {{ $value }} + {{- end }} + {{- if .Values.config.graphite.templates }} + templates = [ + {{- range .Values.config.graphite.templates }} + {{ quote . }}, + {{- end }} + ] + {{- end }} + + # TODO: allow multiple collectd listeners with templates + + [[collectd]] + {{- range $key, $value := index .Values.config.collectd }} + {{ $key }} = {{ $value }} + {{- end }} + + # TODO: allow multiple opentsdb listeners with templates + + [[opentsdb]] + {{- range $key, $value := index .Values.config.opentsdb }} + {{ $key }} = {{ $value }} + {{- end }} + + # TODO: allow multiple udp listeners with templates + + [[udp]] + {{- range $key, $value := index .Values.config.udp }} + {{ $key }} = {{ $value }} + {{- end }} + + [continuous_queries] + {{- range $key, $value := index .Values.config.continuous_queries }} + {{ $key }} = {{ $value }} + {{- end }} + + [logging] + {{- range $key, $value := index .Values.config.logging }} + {{ $key }} = {{ $value }} + {{- end }} + + {{ if .Values.enterprise.enabled -}} + [enterprise] + license-key = {{ .Values.enterprise.licensekey | quote }} + + [hinted-handoff] + enabled = true + dir = "/var/lib/influxdb/hh" + {{- end }} diff --git a/stable/influxdb/templates/meta-config.yaml b/stable/influxdb/templates/meta-configmap.yaml similarity index 51% rename from stable/influxdb/templates/meta-config.yaml rename to stable/influxdb/templates/meta-configmap.yaml index ae5992815e61..8e312d1fa0b8 100644 --- a/stable/influxdb/templates/meta-config.yaml +++ b/stable/influxdb/templates/meta-configmap.yaml @@ -9,26 +9,27 @@ metadata: data: influxdb-meta.conf: |+ reporting-disabled = {{ .Values.config.reporting_disabled | default false }} - bind-address = ":{{ .Values.config.meta.bind_address }}" + bind-address = ":{{ .Values.config.meta.bind_address | default 8091 }}" [enterprise] license-key = {{ .Values.enterprise.licensekey | quote }} [meta] - dir = "{{ .Values.config.storage_directory }}/meta" - retention-autocreate = {{ .Values.config.meta.retention_autocreate }} - logging-enabled = {{ .Values.config.meta.logging_enabled }} - internal-shared-secret = "{{ sha256sum .Values.enterprise.meta.seed }}" + dir = "/var/lib/influxdb/meta" + {{- range $key, $value := index .Values.config.meta }} + {{ $key }} = {{ $value }} + {{- end }} {{- if .Values.enterprise.enabled }} meta-auth-enabled = {{ .Values.config.meta.authEnabled }} {{- end }} [logging] - format = "{{ .Values.config.logging.format }}" - level = "{{ .Values.config.logging.level }}" - supress-logo = {{ .Values.config.logging.supress_logo }} + {{- range $key, $value := index .Values.config.logging }} + {{ $key }} = {{ $value }} + {{- end }} [tls] - min-version = "" - max-version = "" + {{- range $key, $value := index .Values.config.tls }} + {{ $key }} = {{ $value }} + {{- end }} {{- end }} diff --git a/stable/influxdb/templates/meta-service.yaml b/stable/influxdb/templates/meta-service.yaml index 32606f3de70a..78d18e5ebec1 100644 --- a/stable/influxdb/templates/meta-service.yaml +++ b/stable/influxdb/templates/meta-service.yaml @@ -17,7 +17,7 @@ spec: publishNotReadyAddresses: true ports: - name: meta - port: {{ .Values.config.meta.bind_address }} + port: {{ .Values.config.meta.bind_address | default 8091 }} targetPort: meta selector: {{- include "influxdb.selectorLabels" . | nindent 4 }} diff --git a/stable/influxdb/templates/meta-statefulset.yaml b/stable/influxdb/templates/meta-statefulset.yaml index e7f841011718..df414719922c 100644 --- a/stable/influxdb/templates/meta-statefulset.yaml +++ b/stable/influxdb/templates/meta-statefulset.yaml @@ -38,11 +38,11 @@ spec: {{ toYaml .Values.enterprise.meta.resources | indent 10 }} ports: - name: udp - containerPort: {{ .Values.config.udp.bind_address }} + containerPort: {{ .Values.config.udp.bind_address | default 8089 }} - name: rpc - containerPort: {{ .Values.config.rpc.bind_address }} + containerPort: {{ .Values.config.rpc.bind_address | default 8088 }} - name: meta - containerPort: {{ .Values.config.meta.bind_address }} + containerPort: {{ .Values.config.meta.bind_address | default 8091 }} {{- if .Values.env }} env: {{ toYaml .Values.env | indent 10 }} @@ -72,7 +72,7 @@ spec: {{- end }} volumeMounts: - name: {{ include "influxdb.fullname" . }}-meta - mountPath: {{ .Values.config.storage_directory }} + mountPath: /var/lib/influxdb - name: config mountPath: /etc/influxdb {{- if .Values.initScripts.enabled }} diff --git a/stable/influxdb/templates/post-install-set-auth.yaml b/stable/influxdb/templates/post-install-set-auth.yaml index 05981aa596f5..9a806a86361b 100644 --- a/stable/influxdb/templates/post-install-set-auth.yaml +++ b/stable/influxdb/templates/post-install-set-auth.yaml @@ -41,7 +41,7 @@ spec: - "/bin/sh" - "-c" - | - curl -X POST http://{{ template "influxdb.fullname" . }}:{{ .Values.config.http.bind_address }}/query \ + curl -X POST http://{{ template "influxdb.fullname" . }}:{{ .Values.config.http.bind_address | default 8086 }}/query \ --data-urlencode \ "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' {{ .Values.setDefaultUser.user.privileges }}" restartPolicy: {{ .Values.setDefaultUser.restartPolicy }} diff --git a/stable/influxdb/templates/service.yaml b/stable/influxdb/templates/service.yaml index f204109390b4..e11cf119a5d8 100644 --- a/stable/influxdb/templates/service.yaml +++ b/stable/influxdb/templates/service.yaml @@ -11,40 +11,31 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{- if .Values.config.http.enabled }} - name: api - port: {{ .Values.config.http.bind_address }} + port: {{ .Values.config.http.bind_address | default 8086 }} targetPort: api - {{- end }} - {{- if .Values.config.admin.enabled }} - - name: admin - port: {{ .Values.config.admin.bind_address }} - targetPort: admin - {{- end }} + - name: rpc + port: {{ .Values.config.rpc.bind_address | default 8088 }} + targetPort: rpc {{- if .Values.config.graphite.enabled }} - name: graphite - port: {{ .Values.config.graphite.bind_address }} + port: {{ .Values.config.graphite.bind_address | default 2003 }} targetPort: graphite {{- end }} {{- if .Values.config.collectd.enabled }} - name: collectd - port: {{ .Values.config.collectd.bind_address }} + port: {{ .Values.config.collectd.bind_address | default 25826 }} targetPort: collectd {{- end }} {{- if .Values.config.udp.enabled }} - name: udp - port: {{ .Values.config.udp.bind_address }} + port: {{ .Values.config.udp.bind_address | default 8089 }} targetPort: udp {{- end }} {{- if .Values.config.opentsdb.enabled }} - name: opentsdb - port: {{ .Values.config.opentsdb.bind_address }} + port: {{ .Values.config.opentsdb.bind_address | default 4242 }} targetPort: opentsdb {{- end }} - {{- if .Values.config.rpc.enabled }} - - name: rpc - port: {{ .Values.config.rpc.bind_address }} - targetPort: rpc - {{- end }} selector: {{- include "influxdb.selectorLabels" . | nindent 4 }} diff --git a/stable/influxdb/templates/statefulset.yaml b/stable/influxdb/templates/statefulset.yaml index 73444dcd7566..8eae1710628d 100644 --- a/stable/influxdb/templates/statefulset.yaml +++ b/stable/influxdb/templates/statefulset.yaml @@ -53,32 +53,28 @@ spec: {{ toYaml .Values.resources | indent 10 }} ports: - name: api - containerPort: {{ .Values.config.http.bind_address }} - {{- if .Values.config.admin.enabled }} - - name: admin - containerPort: {{ .Values.config.admin.bind_address }} - {{- end }} + containerPort: {{ .Values.config.http.bind_address | default 8086 }} {{- if .Values.config.graphite.enabled }} - name: graphite - containerPort: {{ .Values.config.graphite.bind_address }} + containerPort: {{ .Values.config.graphite.bind_address | default 2003 }} {{- end }} {{- if .Values.config.collectd.enabled }} - name: collectd - containerPort: {{ .Values.config.collectd.bind_address }} + containerPort: {{ .Values.config.collectd.bind_address | default 25826 }} {{- end }} {{- if .Values.config.udp.enabled }} - name: udp - containerPort: {{ .Values.config.udp.bind_address }} + containerPort: {{ .Values.config.udp.bind_address | default 8089 }} {{- end }} {{- if .Values.config.opentsdb.enabled }} - name: opentsdb - containerPort: {{ .Values.config.opentsdb.bind_address }} + containerPort: {{ .Values.config.opentsdb.bind_address | default 4242 }} {{- end }} {{- if .Values.enterprise.enabled }} - name: rpc - containerPort: {{ .Values.config.rpc.bind_address }} + containerPort: {{ .Values.config.rpc.bind_address | default 8088 }} - name: meta - containerPort: {{ .Values.config.meta.bind_address }} + containerPort: {{ .Values.config.meta.bind_address | default 8091 }} {{- end }} {{- if .Values.env }} env: @@ -110,7 +106,7 @@ spec: {{- end }} volumeMounts: - name: {{ include "influxdb.fullname" . }}-data - mountPath: {{ .Values.config.storage_directory }} + mountPath: /var/lib/influxdb - name: config mountPath: /etc/influxdb {{- if .Values.initScripts.enabled }} diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index 52e82cee7bc0..4116c83257fd 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -173,135 +173,26 @@ env: {} # - name: INFLUXDB_DB # value: "demo" -## Change InfluxDB configuration parameters below: -## Defaults are indicated +## InfluxDB configuration ## ref: https://docs.influxdata.com/influxdb/v1.7/administration/config config: reporting_disabled: false - storage_directory: /var/lib/influxdb - rpc: - enabled: true - bind_address: 8088 - meta: - bind_address: 8091 - retention_autocreate: true - logging_enabled: true - authEnabled: false - data: - query_log_enabled: true - cache_max_memory_size: 1073741824 - cache_snapshot_memory_size: 26214400 - cache_snapshot_write_cold_duration: 10m0s - compact_full_write_cold_duration: 4h0m0s - max_series_per_database: 1000000 - max_values_per_tag: 100000 - index_version: inmem - trace_logging_enabled: false - coordinator: - write_timeout: 10s - max_concurrent_queries: 0 - query_timeout: 0s - log_queries_after: 0s - max_select_point: 0 - max_select_series: 0 - max_select_buckets: 0 - retention: - enabled: true - check_interval: 30m0s - shard_precreation: - enabled: true - check_interval: 10m0s - advance_period: 30m0s - admin: - enabled: false - bind_address: 8083 - https_enabled: false - https_certificate: /etc/ssl/influxdb.pem - monitor: - store_enabled: true - store_database: _internal - store_interval: 10s - subscriber: - enabled: true - http_timeout: 30s - insecure_skip_verify: false - ca_certs: "" - write_concurrency: 40 - write_buffer_size: 1000 - http: - enabled: true - bind_address: 8086 - auth_enabled: false - flux_enabled: true - log_enabled: true - write_tracing: false - pprof_enabled: true - https_enabled: false - https_certificate: /etc/ssl/influxdb.pem - https_private_key: "" - max_row_limit: 10000 - max_connection_limit: 0 - shared_secret: "beetlejuicebeetlejuicebeetlejuice" - realm: InfluxDB - unix_socket_enabled: false - bind_socket: /var/run/influxdb.sock - graphite: - enabled: false - bind_address: 2003 - database: graphite - retention_policy: autogen - protocol: tcp - batch_size: 5000 - batch_pending: 10 - batch_timeout: 1s - consistency_level: one - separator: . - udp_read_buffer: 0 - # Uncomment to define graphite templates - # templates: - # - "graphite.metric.*.*.* measurement.run" - collectd: - enabled: false - bind_address: 25826 - database: collectd - retention_policy: autogen - batch_size: 5000 - batch_pending: 10 - batch_timeout: 10s - read_buffer: 0 - typesdb: /usr/share/collectd/types.db - security_level: none - auth_file: /etc/collectd/auth_file - opentsdb: - enabled: false - bind_address: 4242 - database: opentsdb - retention_policy: autogen - consistency_level: one - tls_enabled: false - certificate: /etc/ssl/influxdb.pem - batch_size: 1000 - batch_pending: 5 - batch_timeout: 1s - log_point_errors: true - udp: - enabled: false - bind_address: 8089 - database: udp - retention_policy: autogen - batch_size: 5000 - batch_pending: 10 - read_buffer: 0 - batch_timeout: 1s - precision: "ns" - continuous_queries: - log_enabled: true - enabled: true - run_interval: 1s - logging: - format: auto - level: info - supress_logo: false + rpc: {} + meta: {} + data: {} + coordinator: {} + retention: {} + shard_precreation: {} + monitor: {} + http: {} + logging: {} + subscriber: {} + graphite: {} + collectd: {} + opentsdb: {} + udp: {} + continuous_queries: {} + tls: {} # Allow executing custom init scripts # From 82a059d2c900b30262ecd45880264253fcc8ad18 Mon Sep 17 00:00:00 2001 From: Asher Foa Date: Sun, 16 Feb 2020 07:53:27 -0500 Subject: [PATCH 139/304] [stable/fluent-bit] update to fluent-bit v1.3.7 (#20768) Signed-off-by: Asher Foa --- stable/fluent-bit/Chart.yaml | 4 ++-- stable/fluent-bit/README.md | 2 +- stable/fluent-bit/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index f52d8cb1952e..7b3416c5165c 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: fluent-bit -version: 2.8.8 -appVersion: 1.3.5 +version: 2.8.9 +appVersion: 1.3.7 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: - logging diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index 19c607270a86..d67ef3bf8178 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -122,7 +122,7 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `filter.mergeLogKey` | If set, append the processed log keys under a new root key specified by this variable. | `nil` | | `filter.useJournal` | If true, the filter reads logs coming in Journald format. | `false` | | `image.fluent_bit.repository` | Image | `fluent/fluent-bit` | -| `image.fluent_bit.tag` | Image tag | `1.3.5` | +| `image.fluent_bit.tag` | Image tag | `1.3.7` | | `image.pullPolicy` | Image pull policy | `Always` | | `nameOverride` | Override name of app | `nil` | | `fullnameOverride` | Override full name of app | `nil` | diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index 9dd7db2812bc..871fb07b73f6 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -5,7 +5,7 @@ on_minikube: false image: fluent_bit: repository: fluent/fluent-bit - tag: 1.3.5 + tag: 1.3.7 pullPolicy: Always testFramework: From 13cb9eabb3b3f1cf900b7fea043dff8322d25120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karl=20B=C3=B6hlmark?= Date: Sun, 16 Feb 2020 17:23:28 +0100 Subject: [PATCH 140/304] [stable/telegraf] Add nodeSelector support (#20792) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Karl Böhlmark --- stable/telegraf/Chart.yaml | 2 +- stable/telegraf/templates/deployment.yaml | 4 ++++ stable/telegraf/values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/telegraf/Chart.yaml b/stable/telegraf/Chart.yaml index e132073e8411..88f0504443da 100755 --- a/stable/telegraf/Chart.yaml +++ b/stable/telegraf/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: telegraf -version: 1.5.0 +version: 1.6.0 appVersion: 1.12 deprecated: false description: Telegraf is an agent written in Go for collecting, processing, aggregating, and writing metrics. diff --git a/stable/telegraf/templates/deployment.yaml b/stable/telegraf/templates/deployment.yaml index 3094ebfe59a1..4cea753925ef 100644 --- a/stable/telegraf/templates/deployment.yaml +++ b/stable/telegraf/templates/deployment.yaml @@ -58,6 +58,10 @@ spec: imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: config configMap: diff --git a/stable/telegraf/values.yaml b/stable/telegraf/values.yaml index 72d60d4f241d..13adda445411 100644 --- a/stable/telegraf/values.yaml +++ b/stable/telegraf/values.yaml @@ -27,6 +27,10 @@ resources: {} # memory: 128Mi # cpu: 100m +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + service: enabled: true type: ClusterIP From 8feeaa24a97fe50a2ec2a60bd908d90f8b33fe63 Mon Sep 17 00:00:00 2001 From: Julien DOCHE Date: Sun, 16 Feb 2020 19:35:28 +0100 Subject: [PATCH 141/304] [stable/minecraft] Add failure/successThreshold and timeoutSeconds conf (#20794) Signed-off-by: Julien DOCHE --- stable/minecraft/Chart.yaml | 2 +- stable/minecraft/templates/deployment.yaml | 6 ++++++ stable/minecraft/values.yaml | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/minecraft/Chart.yaml b/stable/minecraft/Chart.yaml index bd56bfabf221..999fd10eca83 100755 --- a/stable/minecraft/Chart.yaml +++ b/stable/minecraft/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: minecraft -version: 1.1.6 +version: 1.1.7 appVersion: 1.14.4 home: https://minecraft.net/ description: Minecraft server diff --git a/stable/minecraft/templates/deployment.yaml b/stable/minecraft/templates/deployment.yaml index 525eddfa0c8c..da33ee5dddd3 100644 --- a/stable/minecraft/templates/deployment.yaml +++ b/stable/minecraft/templates/deployment.yaml @@ -38,12 +38,18 @@ spec: {{ toYaml .Values.readinessProbe.command | indent 14 }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} livenessProbe: exec: command: {{ toYaml .Values.livenessProbe.command | indent 14 }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} env: - name: EULA value: {{ .Values.minecraftServer.eula | quote }} diff --git a/stable/minecraft/values.yaml b/stable/minecraft/values.yaml index b99d7f54e2b0..5fa42213d672 100644 --- a/stable/minecraft/values.yaml +++ b/stable/minecraft/values.yaml @@ -29,6 +29,9 @@ livenessProbe: - status initialDelaySeconds: 30 periodSeconds: 5 + failureThreshold: 10 + successThreshold: 1 + timeoutSeconds: 1 readinessProbe: command: - mcstatus @@ -36,6 +39,9 @@ readinessProbe: - status initialDelaySeconds: 30 periodSeconds: 5 + failureThreshold: 10 + successThreshold: 1 + timeoutSeconds: 1 minecraftServer: # This must be overridden, since we can't accept this for the user. eula: "FALSE" From 275d0344f38ae4d6626464c02f6869d9c56f4e55 Mon Sep 17 00:00:00 2001 From: MattTheCat <32645437+grumpymatt@users.noreply.github.com> Date: Sun, 16 Feb 2020 16:29:27 -0500 Subject: [PATCH 142/304] add ability to use a configmap to provide the (#20744) datadog-cluster.yaml config file Signed-off-by: Matthew Gifford --- stable/datadog/Chart.yaml | 2 +- .../cluster-agent-config-configmap.yaml | 18 ++++++++++++++++++ .../templates/cluster-agent-deployment.yaml | 12 ++++++++++++ stable/datadog/values.yaml | 6 +++++- 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 stable/datadog/templates/cluster-agent-config-configmap.yaml diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 2a50a6b928ce..b5ea620fc271 100644 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 1.39.8 +version: 1.39.9 appVersion: "7" description: DataDog Agent keywords: diff --git a/stable/datadog/templates/cluster-agent-config-configmap.yaml b/stable/datadog/templates/cluster-agent-config-configmap.yaml new file mode 100644 index 000000000000..2365b239ac91 --- /dev/null +++ b/stable/datadog/templates/cluster-agent-config-configmap.yaml @@ -0,0 +1,18 @@ +{{- if .Values.clusterAgent.datadog_cluster_yaml }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-cluster-agent-config + labels: + app: "{{ template "datadog.fullname" . }}" + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +data: +{{tpl (toYaml .Values.clusterAgent.datadog_cluster_yaml) . | indent 2}} +{{- end }} diff --git a/stable/datadog/templates/cluster-agent-deployment.yaml b/stable/datadog/templates/cluster-agent-deployment.yaml index 22b605ceec43..08fc0f02c75a 100644 --- a/stable/datadog/templates/cluster-agent-deployment.yaml +++ b/stable/datadog/templates/cluster-agent-deployment.yaml @@ -175,12 +175,24 @@ spec: {{- if .Values.clusterAgent.volumeMounts }} {{ toYaml .Values.clusterAgent.volumeMounts | indent 10 }} {{- end }} +{{- if .Values.clusterAgent.datadog_cluster_yaml }} + - name: cluster-agent-yaml + mountPath: /etc/datadog-agent/datadog-cluster.yaml + subPath: datadog-cluster.yaml + readOnly: true +{{- end}} volumes: {{- if .Values.clusterAgent.confd }} - name: confd configMap: name: {{ template "datadog.fullname" . }}-cluster-agent-confd {{- end }} +{{- if .Values.clusterAgent.datadog_cluster_yaml }} + - name: cluster-agent-yaml + configMap: + name: {{ template "datadog.fullname" . }}-cluster-agent-config +{{- end}} + {{- if .Values.clusterAgent.volumes }} {{ toYaml .Values.clusterAgent.volumes | indent 10 }} {{- end }} diff --git a/stable/datadog/values.yaml b/stable/datadog/values.yaml index c653c0d2a716..ef0af021f089 100644 --- a/stable/datadog/values.yaml +++ b/stable/datadog/values.yaml @@ -486,6 +486,10 @@ clusterAgent: # - name: # mountPath: # readOnly: true + ## @param datadog-cluster.yaml - object - optional + ## Specify custom contents for the datadog cluster agent config (datadog-cluster.yaml). + # + # datadog_cluster_yaml: {} rbac: @@ -760,7 +764,7 @@ daemonset: deployment: ## @param enabled - boolean - required ## Apart from DaemonSet, deploy Datadog agent pods and related service for - ## applications that want to send custom metrics. Provides DogStasD service. + ## applications that want to send custom metrics. Provides DogStatsD service. # enabled: false From 77006531bece80fab2f29e203d5f0e96f2cc232c Mon Sep 17 00:00:00 2001 From: Jan <55805868+Jaydee94@users.noreply.github.com> Date: Mon, 17 Feb 2020 03:37:28 +0100 Subject: [PATCH 143/304] [stable/minio] Fixes Post-install-create-bucket-job fails on openshift (#20766) * Fixing the issue Post-install-create-bucket-job fails on openshift Signed-off-by: jaydee94 * Fix typo Signed-off-by: jaydee94 * Bumped chart version to 5.0.8 Signed-off-by: jaydee94 * Usage of the variable configPathmc; Removed mcConfigDir Signed-off-by: jaydee94 --- stable/minio/Chart.yaml | 2 +- .../minio/templates/_helper_create_bucket.txt | 17 ++++++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 9095360f4985..189abf3b35a2 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads. name: minio -version: 5.0.7 +version: 5.0.8 appVersion: master keywords: - storage diff --git a/stable/minio/templates/_helper_create_bucket.txt b/stable/minio/templates/_helper_create_bucket.txt index 06808264fc85..5d1c5b1283be 100755 --- a/stable/minio/templates/_helper_create_bucket.txt +++ b/stable/minio/templates/_helper_create_bucket.txt @@ -1,6 +1,13 @@ #!/bin/sh set -e ; # Have script exit in the event of a failed command. +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc" +{{- end }} + # connectToMinio # Use a check-sleep-check loop to wait for Minio service to be available connectToMinio() { @@ -10,7 +17,7 @@ connectToMinio() { ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; set +e ; # The connections to minio are allowed to fail. echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; - MC_COMMAND="mc config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; $MC_COMMAND ; STATUS=$? ; until [ $STATUS = 0 ] @@ -32,7 +39,7 @@ connectToMinio() { # Check if the bucket exists, by using the exit code of `mc ls` checkBucketExists() { BUCKET=$1 - CMD=$(/usr/bin/mc ls myminio/$BUCKET > /dev/null 2>&1) + CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) return $? } @@ -49,7 +56,7 @@ createBucket() { if checkBucketExists $BUCKET ; then echo "Purging bucket '$BUCKET'." set +e ; # don't exit if this fails - /usr/bin/mc rm -r --force myminio/$BUCKET + ${MC} rm -r --force myminio/$BUCKET set -e ; # reset `e` as active else echo "Bucket '$BUCKET' does not exist, skipping purge." @@ -59,7 +66,7 @@ createBucket() { # Create the bucket if it does not exist if ! checkBucketExists $BUCKET ; then echo "Creating bucket '$BUCKET'" - /usr/bin/mc mb myminio/$BUCKET + ${MC} mb myminio/$BUCKET else echo "Bucket '$BUCKET' already exists." fi @@ -67,7 +74,7 @@ createBucket() { # At this point, the bucket should exist, skip checking for existence # Set policy on the bucket echo "Setting policy of bucket '$BUCKET' to '$POLICY'." - /usr/bin/mc policy set $POLICY myminio/$BUCKET + ${MC} policy set $POLICY myminio/$BUCKET } # Try connecting to Minio instance From 4b357b917b3041b6e7474e6d0d0dfc956354afb4 Mon Sep 17 00:00:00 2001 From: Naseem Date: Sun, 16 Feb 2020 21:55:28 -0500 Subject: [PATCH 144/304] Use include function instead of template. (#20788) Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/NOTES.txt | 12 ++++++------ stable/influxdb/templates/backup-cronjob.yaml | 2 +- stable/influxdb/templates/ingress.yaml | 2 +- stable/influxdb/templates/post-install-set-auth.yaml | 8 ++++---- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 9345160b655c..b6018cbbf8e9 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.2.0 +version: 4.2.1 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/NOTES.txt b/stable/influxdb/templates/NOTES.txt index 42622c8c55a1..ac5c3c82b520 100644 --- a/stable/influxdb/templates/NOTES.txt +++ b/stable/influxdb/templates/NOTES.txt @@ -1,18 +1,18 @@ InfluxDB can be accessed via port {{ .Values.config.http.bind_address | default 8086 }} on the following DNS name from within your cluster: -- http://{{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.config.http.bind_address | default 8086 }} +- http://{{ include "influxdb.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.config.http.bind_address | default 8086 }} You can easily connect to the remote instance with your local influx cli. To forward the API port to localhost:8086 run the following: -- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ .Values.config.http.bind_address | default 8086 }} +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') 8086:{{ .Values.config.http.bind_address | default 8086 }} You can also connect to the influx cli from inside the container. To open a shell session in the InfluxDB pod run the following: -- kubectl exec -i -t --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{.items[0].metadata.name}') /bin/sh +- kubectl exec -i -t --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{.items[0].metadata.name}') /bin/sh To tail the logs for the InfluxDB pod run the following: -- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ template "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') +- kubectl logs -f --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l app={{ include "influxdb.fullname" . }} -o jsonpath='{ .items[0].metadata.name }') {{- if .Values.setDefaultUser.enabled }} @@ -24,7 +24,7 @@ To retrieve the default user name: {{- else }} -- echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) +- echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-user']}" --namespace {{ .Release.Namespace }} | base64 --decode) {{- end }} @@ -36,7 +36,7 @@ To retrieve the default user password: {{- else }} -- echo $(kubectl get secret {{ template "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) +- echo $(kubectl get secret {{ include "influxdb.fullname" . }}-auth -o "jsonpath={.data['influxdb-password']}" --namespace {{ .Release.Namespace }} | base64 --decode) {{- end }} {{- end }} diff --git a/stable/influxdb/templates/backup-cronjob.yaml b/stable/influxdb/templates/backup-cronjob.yaml index e966a8b78b7c..772df2b605fd 100644 --- a/stable/influxdb/templates/backup-cronjob.yaml +++ b/stable/influxdb/templates/backup-cronjob.yaml @@ -41,7 +41,7 @@ spec: args: - '-c' - | - influxd backup -host {{ template "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.config.rpc.bind_address | default 8088 }} -portable /backups/backup_$(date +%Y%m%d_%H%M%S) + influxd backup -host {{ include "influxdb.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.config.rpc.bind_address | default 8088 }} -portable /backups/backup_$(date +%Y%m%d_%H%M%S) containers: {{- if .Values.backup.gcs }} - name: gsutil-cp diff --git a/stable/influxdb/templates/ingress.yaml b/stable/influxdb/templates/ingress.yaml index 5ffa73606baf..fa5710b72f86 100644 --- a/stable/influxdb/templates/ingress.yaml +++ b/stable/influxdb/templates/ingress.yaml @@ -20,6 +20,6 @@ spec: paths: - path: / backend: - serviceName: {{ template "influxdb.fullname" . }} + serviceName: {{ include "influxdb.fullname" . }} servicePort: 8086 {{- end -}} diff --git a/stable/influxdb/templates/post-install-set-auth.yaml b/stable/influxdb/templates/post-install-set-auth.yaml index 9a806a86361b..59787318a90d 100644 --- a/stable/influxdb/templates/post-install-set-auth.yaml +++ b/stable/influxdb/templates/post-install-set-auth.yaml @@ -16,7 +16,7 @@ spec: {{- include "influxdb.selectorLabels" . | nindent 8 }} spec: containers: - - name: {{ template "influxdb.fullname" . }}-set-auth + - name: {{ include "influxdb.fullname" . }}-set-auth image: "{{ .Values.setDefaultUser.image }}" env: - name: INFLUXDB_USER @@ -25,7 +25,7 @@ spec: {{- if .Values.setDefaultUser.user.existingSecret }} name: {{ .Values.setDefaultUser.user.existingSecret -}} {{ else }} - name: {{ template "influxdb.fullname" . }}-auth + name: {{ include "influxdb.fullname" . }}-auth {{- end }} key: influxdb-user - name: INFLUXDB_PASSWORD @@ -34,14 +34,14 @@ spec: {{- if .Values.setDefaultUser.user.existingSecret }} name: {{ .Values.setDefaultUser.user.existingSecret -}} {{ else }} - name: {{ template "influxdb.fullname" . }}-auth + name: {{ include "influxdb.fullname" . }}-auth {{- end }} key: influxdb-password args: - "/bin/sh" - "-c" - | - curl -X POST http://{{ template "influxdb.fullname" . }}:{{ .Values.config.http.bind_address | default 8086 }}/query \ + curl -X POST http://{{ include "influxdb.fullname" . }}:{{ .Values.config.http.bind_address | default 8086 }}/query \ --data-urlencode \ "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' {{ .Values.setDefaultUser.user.privileges }}" restartPolicy: {{ .Values.setDefaultUser.restartPolicy }} From 2fbc8a5cec749ec839c4771754109038cbb86746 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Mon, 17 Feb 2020 08:43:27 +0530 Subject: [PATCH 145/304] [stable/minio]: update default images to latest (#20799) Signed-off-by: Harshavardhana --- stable/minio/Chart.yaml | 2 +- stable/minio/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 189abf3b35a2..27cad1965f96 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads. name: minio -version: 5.0.8 +version: 5.0.9 appVersion: master keywords: - storage diff --git a/stable/minio/values.yaml b/stable/minio/values.yaml index 3dd22c9baab3..e2e3d41c4bdd 100755 --- a/stable/minio/values.yaml +++ b/stable/minio/values.yaml @@ -14,7 +14,7 @@ clusterDomain: cluster.local ## image: repository: minio/minio - tag: RELEASE.2020-01-16T22-40-29Z + tag: RELEASE.2020-02-07T23-28-16Z pullPolicy: IfNotPresent ## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio @@ -22,7 +22,7 @@ image: ## mcImage: repository: minio/mc - tag: RELEASE.2020-01-13T22-49-03Z + tag: RELEASE.2020-02-14T19-35-50Z pullPolicy: IfNotPresent ## minio server mode, i.e. standalone or distributed. From 4c0bf6a25690b04524481d72e5c83aeec472f060 Mon Sep 17 00:00:00 2001 From: Hugo Cortes Date: Sun, 16 Feb 2020 20:07:28 -0800 Subject: [PATCH 146/304] stable/graylog: use correct object path for existing root secret (#20784) Signed-off-by: Hugo Cortes --- stable/graylog/Chart.yaml | 2 +- stable/graylog/templates/job.yaml | 2 +- stable/graylog/templates/statefulset.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/graylog/Chart.yaml b/stable/graylog/Chart.yaml index 77fc091626ce..4ff4bca83e16 100755 --- a/stable/graylog/Chart.yaml +++ b/stable/graylog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: graylog home: https://www.graylog.org -version: 1.5.6 +version: 1.5.7 appVersion: 3.1 description: Graylog is the centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. keywords: diff --git a/stable/graylog/templates/job.yaml b/stable/graylog/templates/job.yaml index 34c842ce29ae..12f2c19dcd13 100644 --- a/stable/graylog/templates/job.yaml +++ b/stable/graylog/templates/job.yaml @@ -27,7 +27,7 @@ spec: - name: GRAYLOG_PASSWORD_SECRET valueFrom: secretKeyRef: - name: {{ .Values.existingRootSecret | default (include "graylog.fullname" .) }} + name: {{ .Values.graylog.existingRootSecret | default (include "graylog.fullname" .) }} key: graylog-password-secret volumeMounts: diff --git a/stable/graylog/templates/statefulset.yaml b/stable/graylog/templates/statefulset.yaml index 58e7288fcbc9..c9f7b6972406 100644 --- a/stable/graylog/templates/statefulset.yaml +++ b/stable/graylog/templates/statefulset.yaml @@ -95,12 +95,12 @@ spec: - name: GRAYLOG_PASSWORD_SECRET valueFrom: secretKeyRef: - name: {{ .Values.existingRootSecret | default (include "graylog.fullname" .) }} + name: {{ .Values.graylog.existingRootSecret | default (include "graylog.fullname" .) }} key: graylog-password-secret - name: GRAYLOG_ROOT_PASSWORD_SHA2 valueFrom: secretKeyRef: - name: {{ .Values.existingRootSecret | default (include "graylog.fullname" .) }} + name: {{ .Values.graylog.existingRootSecret | default (include "graylog.fullname" .) }} key: graylog-password-sha2 {{- range $key, $value := .Values.graylog.env }} - name: {{ $key }} From b92d7c17efb4a9a97e4f3296a160bb44503c2b48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 17 Feb 2020 08:35:28 +0100 Subject: [PATCH 147/304] [bitnami/redis] Use buster in CI (#20732) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redis/Chart.yaml | 2 +- stable/redis/ci/insecure-sentinel-values.yaml | 4 ++-- stable/redis/ci/production-sentinel-values.yaml | 4 ++-- stable/redis/ci/production-values.yaml | 4 ++-- stable/redis/templates/_helpers.tpl | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index e685b181f206..38d9a9cfd807 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.5.1 +version: 10.5.2 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/ci/insecure-sentinel-values.yaml b/stable/redis/ci/insecure-sentinel-values.yaml index 4ca1a9316148..2e9174f4954a 100644 --- a/stable/redis/ci/insecure-sentinel-values.yaml +++ b/stable/redis/ci/insecure-sentinel-values.yaml @@ -481,7 +481,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -508,7 +508,7 @@ sysctlImage: command: [] registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/ci/production-sentinel-values.yaml b/stable/redis/ci/production-sentinel-values.yaml index 57df7dc1abb2..36a00e37fb96 100644 --- a/stable/redis/ci/production-sentinel-values.yaml +++ b/stable/redis/ci/production-sentinel-values.yaml @@ -481,7 +481,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -508,7 +508,7 @@ sysctlImage: command: [] registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/ci/production-values.yaml b/stable/redis/ci/production-values.yaml index 7b535c9c790e..6fa9c88ad3b5 100644 --- a/stable/redis/ci/production-values.yaml +++ b/stable/redis/ci/production-values.yaml @@ -482,7 +482,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -509,7 +509,7 @@ sysctlImage: command: [] registry: docker.io repository: bitnami/minideb - tag: stretch + tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/templates/_helpers.tpl b/stable/redis/templates/_helpers.tpl index 8c1df0da0740..3397a7b6c70f 100644 --- a/stable/redis/templates/_helpers.tpl +++ b/stable/redis/templates/_helpers.tpl @@ -208,7 +208,7 @@ Return sysctl image {{- define "redis.sysctl.image" -}} {{- $registryName := default "docker.io" .Values.sysctlImage.registry -}} {{- $repositoryName := .Values.sysctlImage.repository -}} -{{- $tag := default "stretch" .Values.sysctlImage.tag | toString -}} +{{- $tag := default "buster" .Values.sysctlImage.tag | toString -}} {{/* Helm 2.11 supports the assignment of a value to a variable defined in a different scope, but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. From 07e1b3f42444a842fc0456cea40a53fcd565de86 Mon Sep 17 00:00:00 2001 From: Florian Nagel Date: Mon, 17 Feb 2020 09:25:28 +0100 Subject: [PATCH 148/304] [stable/spinnaker] Template Annotations for Spinnaker HAL Cleanup Job (#20047) * Custom annotation support for halyard cleanup job Signed-off-by: Florian Nagel * Bump Spinnaker Version Number Signed-off-by: Florian Nagel --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/templates/hooks/cleanup.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index 7b3b129a1d76..61d1cec6c89a 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.23.2 +version: 1.23.3 appVersion: 1.16.2 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/templates/hooks/cleanup.yaml b/stable/spinnaker/templates/hooks/cleanup.yaml index 044fb2963bd1..437a62f43a92 100644 --- a/stable/spinnaker/templates/hooks/cleanup.yaml +++ b/stable/spinnaker/templates/hooks/cleanup.yaml @@ -11,6 +11,10 @@ metadata: spec: template: metadata: + {{- if .Values.halyard.annotations }} + annotations: +{{ toYaml .Values.halyard.annotations | indent 8 }} + {{- end }} labels: {{ include "spinnaker.standard-labels" . | indent 8 }} component: halyard From 0cf85decb978d06ef638cf11eca3f320dad2178c Mon Sep 17 00:00:00 2001 From: Carlos Date: Mon, 17 Feb 2020 09:55:29 +0000 Subject: [PATCH 149/304] Upgrade k8s integration with new configuration option for integrations configurations (#20765) Signed-off-by: croman --- stable/newrelic-infrastructure/Chart.yaml | 2 +- stable/newrelic-infrastructure/README.md | 5 +-- .../templates/configmap.yaml | 14 ++++++++ .../templates/daemonset.yaml | 9 ++++++ stable/newrelic-infrastructure/values.yaml | 32 +++++++++++++++++++ 5 files changed, 59 insertions(+), 3 deletions(-) diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index dd1d44ba239f..2aae34cc2061 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.13.22 +version: 0.13.23 appVersion: 1.13.2 home: https://hub.docker.com/r/newrelic/infrastructure-k8s/ source: diff --git a/stable/newrelic-infrastructure/README.md b/stable/newrelic-infrastructure/README.md index ed7cd8f1963d..6c954c3f5695 100644 --- a/stable/newrelic-infrastructure/README.md +++ b/stable/newrelic-infrastructure/README.md @@ -13,8 +13,9 @@ This chart will deploy the New Relic Infrastructure agent as a Daemonset. | `customSecretName` | Name of the Secret object where the license key is stored | | | `customSecretLicenseKey` | Key in the Secret object where the license key is stored. | | | `config` | A `newrelic.yml` file if you wish to provide. | | -| `kubeStateMetricsUrl` | If provided, the discovery process for kube-state-metrics endpoint won't be triggered. Example: http://172.17.0.3:8080 | -| `kubeStateMetricsPodLabel` | If provided, the kube-state-metrics pod will be discovered using this label. (should be `true` on target pod) | +| `integrations_config` | List of Integrations configuration to monitor services running on Kubernetes. More information on can be found [here](https://docs.newrelic.com/docs/integrations/kubernetes-integration/link-apps-services/monitor-services-running-kubernetes). | | +| `kubeStateMetricsUrl` | If provided, the discovery process for kube-state-metrics endpoint won't be triggered. Example: http://172.17.0.3:8080 | | +| `kubeStateMetricsPodLabel` | If provided, the kube-state-metrics pod will be discovered using this label. (should be `true` on target pod) | | | `kubeStateMetricsTimeout` | Timeout for accessing kube-state-metrics in milliseconds. If not set the newrelic default is 5000 | | | `rbac.create` | Enable Role-based authentication | `true` | | `rbac.pspEnabled` | Enable pod security policy support | `false` | diff --git a/stable/newrelic-infrastructure/templates/configmap.yaml b/stable/newrelic-infrastructure/templates/configmap.yaml index 1e9cc9a76f6d..5fd02ef651c9 100644 --- a/stable/newrelic-infrastructure/templates/configmap.yaml +++ b/stable/newrelic-infrastructure/templates/configmap.yaml @@ -8,3 +8,17 @@ data: newrelic-infra.yml: | {{ toYaml .Values.config | indent 6 }} {{ end }} +{{ if .Values.integrations_config }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: {{ include "newrelic.labels" . | indent 4 }} + name: {{ template "newrelic.fullname" . }}-integrations-cfg +data: +{{ range .Values.integrations_config -}} +{{ .name | indent 2 }}: | + --- +{{ toYaml .data | indent 4 }} +{{ end }} +{{ end }} diff --git a/stable/newrelic-infrastructure/templates/daemonset.yaml b/stable/newrelic-infrastructure/templates/daemonset.yaml index 7a32f224c01e..cb6c03132762 100644 --- a/stable/newrelic-infrastructure/templates/daemonset.yaml +++ b/stable/newrelic-infrastructure/templates/daemonset.yaml @@ -107,6 +107,10 @@ spec: mountPath: /etc/newrelic-infra.yml subPath: newrelic-infra.yml {{- end }} + {{- if .Values.integrations_config }} + - name: nri-integrations-cfg-volume + mountPath: /etc/newrelic-infra/integrations.d/ + {{- end }} {{- if .Values.privileged }} - name: dev mountPath: /dev @@ -163,6 +167,11 @@ spec: - key: newrelic-infra.yml path: newrelic-infra.yml {{- end }} + {{- if .Values.integrations_config }} + - name: nri-integrations-cfg-volume + configMap: + name: {{ template "newrelic.fullname" . }}-integrations-cfg + {{- end }} {{- if $.Values.priorityClassName }} priorityClassName: {{ $.Values.priorityClassName }} {{- end }} diff --git a/stable/newrelic-infrastructure/values.yaml b/stable/newrelic-infrastructure/values.yaml index bdb0d42f3a04..cffe62adf27b 100644 --- a/stable/newrelic-infrastructure/values.yaml +++ b/stable/newrelic-infrastructure/values.yaml @@ -112,3 +112,35 @@ customAttribues: "'{\"clusterName\":\"$(CLUSTER_NAME)\"}'" # etcdTlsSecretName: newrelic-infra-etcd-tls-secret etcdTlsSecretNamespace: default + +# If you wish to monitor services running on Kubernetes you can provide integrations +# configuration under integrations_config. You just need to create a new entry where +# the "name" is the filename of the configuration file and the data is the content of +# the integration configuration. The name must end in ".yaml" as this will be the +# filename generated and the Infrastructure agent only looks for YAML files. The data +# part is the actual integration configuration as described in the spec here: +# https://docs.newrelic.com/docs/integrations/integrations-sdk/file-specifications/integration-configuration-file-specifications-agent-v180 + +# For example, if you wanted do to monitor a Redis instance that has a label "app=redis" +# you could do so by adding following entry: + # integrations_config: + # - name: nri-rabbit.yaml + # data: + # discovery: + # command: + # # Run NRI Discovery for Kubernetes + # # https://github.com/newrelic/nri-discovery-kubernetes + # exec: /var/db/newrelic-infra/nri-discovery-kubernetes + # match: + # label.app: redis + # integrations: + # - name: nri-redis + # env: + # # using the discovered IP as the hostname address + # HOSTNAME: ${discovery.ip} + # PORT: 6379 + # labels: + # env: test +# For more details on monitoring services on Kubernetes see +# https://docs.newrelic.com/docs/integrations/kubernetes-integration/link-apps-services/monitor-services-running-kubernetes +integrations_config: {} From 3dc7af6739466a720b2c324e47eb5cd710c08590 Mon Sep 17 00:00:00 2001 From: Julien Francoz Date: Mon, 17 Feb 2020 12:45:28 +0100 Subject: [PATCH 150/304] [stable/minio] exclude job from service selector (#20759) during post-install-create-bucket-job, the job can be included in service endpoints, and can lead to connection refused errors during job and helm install failed Signed-off-by: jfcoz --- stable/minio/Chart.yaml | 2 +- stable/minio/templates/post-install-create-bucket-job.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 27cad1965f96..034167f1f562 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads. name: minio -version: 5.0.9 +version: 5.0.10 appVersion: master keywords: - storage diff --git a/stable/minio/templates/post-install-create-bucket-job.yaml b/stable/minio/templates/post-install-create-bucket-job.yaml index e21a3c171cb0..92ae62b9fa77 100755 --- a/stable/minio/templates/post-install-create-bucket-job.yaml +++ b/stable/minio/templates/post-install-create-bucket-job.yaml @@ -15,7 +15,7 @@ spec: template: metadata: labels: - app: {{ template "minio.name" . }} + app: {{ template "minio.name" . }}-job release: {{ .Release.Name }} {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 8 }} From cf1ea06e43005adeabd717e9fe3fc5de69830d3d Mon Sep 17 00:00:00 2001 From: Tine Jozelj Date: Mon, 17 Feb 2020 13:45:28 +0100 Subject: [PATCH 151/304] [stable/prometheus-adapter] Upgrading to v0.6.0 (#20750) * upgrade prometheus-adapter image to v0.6.0 Signed-off-by: Tine Jozelj * bump version to 2.1.0 Signed-off-by: Tine Jozelj --- stable/prometheus-adapter/Chart.yaml | 4 ++-- stable/prometheus-adapter/README.md | 2 +- stable/prometheus-adapter/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-adapter/Chart.yaml b/stable/prometheus-adapter/Chart.yaml index 1eb17a31099c..d33b8d22eb20 100644 --- a/stable/prometheus-adapter/Chart.yaml +++ b/stable/prometheus-adapter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: prometheus-adapter -version: 2.0.1 -appVersion: v0.5.0 +version: 2.1.0 +appVersion: v0.6.0 description: A Helm chart for k8s prometheus adapter home: https://github.com/DirectXMan12/k8s-prometheus-adapter keywords: diff --git a/stable/prometheus-adapter/README.md b/stable/prometheus-adapter/README.md index 942ca6dcc52d..ea54c9f9ff6b 100644 --- a/stable/prometheus-adapter/README.md +++ b/stable/prometheus-adapter/README.md @@ -112,7 +112,7 @@ The following table lists the configurable parameters of the Prometheus Adapter | ------------------------------- | ------------------------------------------------------------------------------- | --------------------------------------------| | `affinity` | Node affinity | `{}` | | `image.repository` | Image repository | `directxman12/k8s-prometheus-adapter-amd64` | -| `image.tag` | Image tag | `v0.5.0` | +| `image.tag` | Image tag | `v0.6.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `{}` | | `logLevel` | Log level | `4` | diff --git a/stable/prometheus-adapter/values.yaml b/stable/prometheus-adapter/values.yaml index 9e4b9a5e9dec..8e960bbc391a 100644 --- a/stable/prometheus-adapter/values.yaml +++ b/stable/prometheus-adapter/values.yaml @@ -3,7 +3,7 @@ affinity: {} image: repository: directxman12/k8s-prometheus-adapter-amd64 - tag: v0.5.0 + tag: v0.6.0 pullPolicy: IfNotPresent logLevel: 4 From e6a866cddf03798373d3e285357de09b451bcf52 Mon Sep 17 00:00:00 2001 From: Naseem Date: Mon, 17 Feb 2020 08:13:28 -0500 Subject: [PATCH 152/304] [stable/influxdb] probes (#20800) * Use include function instead of template. Signed-off-by: Naseem * Hardcode probe path. There is no value in making the path configurable. By hardcoding it to /ping we remove unecessary templating and config complexity. Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/meta-statefulset.yaml | 6 +++--- stable/influxdb/templates/statefulset.yaml | 6 +++--- stable/influxdb/values.yaml | 14 ++++++++------ 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index b6018cbbf8e9..3b804aff5ab8 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.2.1 +version: 4.2.2 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/meta-statefulset.yaml b/stable/influxdb/templates/meta-statefulset.yaml index df414719922c..81f498da94de 100644 --- a/stable/influxdb/templates/meta-statefulset.yaml +++ b/stable/influxdb/templates/meta-statefulset.yaml @@ -52,20 +52,20 @@ spec: {{- end }} livenessProbe: httpGet: - path: {{ .Values.livenessProbe.probePath }} + path: /ping port: meta initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5 }} readinessProbe: httpGet: - path: {{ .Values.readinessProbe.probePath }} + path: /ping port: meta initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 5 }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 1 }} {{- if .Values.startupProbe.enabled }} startupProbe: httpGet: - path: {{ .Values.startupProbe.probePath }} + path: /ping port: meta failureThreshold: {{ .Values.startupProbe.failureThreshold | default 6 }} periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} diff --git a/stable/influxdb/templates/statefulset.yaml b/stable/influxdb/templates/statefulset.yaml index 8eae1710628d..fe98a7f7a207 100644 --- a/stable/influxdb/templates/statefulset.yaml +++ b/stable/influxdb/templates/statefulset.yaml @@ -86,20 +86,20 @@ spec: {{- end }} livenessProbe: httpGet: - path: {{ .Values.livenessProbe.probePath }} + path: /ping port: api initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds | default 30 }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds | default 5 }} readinessProbe: httpGet: - path: {{ .Values.readinessProbe.probePath }} + path: /ping port: api initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds | default 5 }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds | default 1 }} {{- if .Values.startupProbe.enabled }} startupProbe: httpGet: - path: {{ .Values.startupProbe.probePath }} + path: /ping port: api failureThreshold: {{ .Values.startupProbe.failureThreshold | default 6 }} periodSeconds: {{ .Values.startupProbe.periodSeconds | default 5 }} diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index 4116c83257fd..2bb5b865c058 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -14,18 +14,20 @@ serviceAccount: name: annotations: {} -## Customize livenessProbe and readinessProbe +## Customize liveness, readiness and startup probes ## ref: https://docs.influxdata.com/influxdb/v1.7/tools/api/#ping-http-endpoint +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ ## -livenessProbe: - probePath: "/ping" +livenessProbe: {} + # initialDelaySeconds: 30 + # timeoutSeconds: 5 -readinessProbe: - probePath: "/ping" +readinessProbe: {} + # initialDelaySeconds: 5 + # timeoutSeconds: 1 startupProbe: enabled: false - probePath: "/ping" # failureThreshold: 6 # periodSeconds: 5 From 86819f44cd3348e5814e98c4555ec551411b8400 Mon Sep 17 00:00:00 2001 From: Aisuko Date: Mon, 17 Feb 2020 21:25:29 +0800 Subject: [PATCH 153/304] Add myself as a maintainer for kapacitor. (#20775) Signed-off-by: Aisuko --- stable/kapacitor/Chart.yaml | 4 +++- stable/kapacitor/OWNERS | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/kapacitor/Chart.yaml b/stable/kapacitor/Chart.yaml index 000a1c7f4b4c..37cd3b9cce9a 100755 --- a/stable/kapacitor/Chart.yaml +++ b/stable/kapacitor/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: kapacitor -version: 1.1.3 +version: 1.1.4 appVersion: 1.5.2 description: InfluxDB's native data processing engine. It can process both stream and batch data from InfluxDB. @@ -15,4 +15,6 @@ sources: maintainers: - name: jackzampolin email: jack@influxdb.com +- name: aisuko + email: urakiny@gmail.com engine: gotpl diff --git a/stable/kapacitor/OWNERS b/stable/kapacitor/OWNERS index 28cf42774b40..7e33be7e7c72 100644 --- a/stable/kapacitor/OWNERS +++ b/stable/kapacitor/OWNERS @@ -1,5 +1,7 @@ approvers: - jackzampolin +- aisuko reviewers: - jackzampolin - deepaksood619 +- aisuko From 9720c18ef6451ffdbed8e529999d4ab251e1a904 Mon Sep 17 00:00:00 2001 From: Naseem Date: Mon, 17 Feb 2020 09:03:28 -0500 Subject: [PATCH 154/304] [stable/influxdb] Update image (#20812) * Use include function instead of template. Signed-off-by: Naseem * Update image to 1.7.9 Signed-off-by: Naseem * Bump chart version. Signed-off-by: Naseem * Update to 1.7.10 Signed-off-by: Naseem * Revert "Update to 1.7.10" This reverts commit a6f146d332d1ee3fa2a3d4cdba685a4cfba5ea4f. Signed-off-by: Naseem --- stable/influxdb/Chart.yaml | 4 ++-- stable/influxdb/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 3b804aff5ab8..e546af98d231 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: influxdb -version: 4.2.2 -appVersion: 1.7.6 +version: 4.2.3 +appVersion: 1.7.9 description: Scalable datastore for metrics, events, and real-time analytics. keywords: - influxdb diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index 2bb5b865c058..b68602cd1cff 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -2,7 +2,7 @@ ## ref: https://hub.docker.com/r/library/influxdb/tags/ image: repository: "influxdb" - tag: "1.7.6-alpine" + tag: "1.7.9-alpine" pullPolicy: IfNotPresent ## If specified, use these secrets to access the images # pullSecrets: From 8a0bb4e865d035483e04ef0e0dc606f4783a2ace Mon Sep 17 00:00:00 2001 From: Chris Minton Date: Mon, 17 Feb 2020 18:25:28 +0000 Subject: [PATCH 155/304] [stable/fluent-bit] Add Logstash_Prefix_Key as an optional parameter (#20719) Signed-off-by: Chris Minton --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/README.md | 3 ++- stable/fluent-bit/templates/config.yaml | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 7b3416c5165c..9d2a69e35a03 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: fluent-bit -version: 2.8.9 +version: 2.8.10 appVersion: 1.3.7 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index d67ef3bf8178..cb8b16d9b389 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -46,7 +46,8 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `backend.es.retry_limit` | Max number of retries to attempt (False == no limit) | `False` | | `backend.es.time_key` | Elastic Time Key | `@timestamp` | | `backend.es.logstash_format` | Enable Logstash format compatibility. | `On` | -| `backend.es.logstash_prefix` | Index Prefix. If Logstash_Prefix is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'. | `kubernetes_cluster` | +| `backend.es.logstash_prefix` | Index Prefix. If Logstash_Prefix is equal to 'mydata' your index will become 'mydata-YYYY.MM.DD'. | `kubernetes_cluster` | +| `backend.es.logstash_prefix_key` | Index Prefix key. When included, the value in the record that belongs to the key will be looked up and overwrite `Logstash_Prefix` for index generation. If `Logstash_Prefix_Key` = 'mydata' the index becomes 'mydata-YYYY.MM.DD'. | `` | | `backend.es.replace_dots` | Enable/Disable Replace_Dots option. | `On` | | `backend.es.http_user` | Optional username credential for Elastic X-Pack access. | `` | | `backend.es.http_passwd` | Password for user defined in HTTP_User. | `` | diff --git a/stable/fluent-bit/templates/config.yaml b/stable/fluent-bit/templates/config.yaml index 3c429fbb9952..37bba568fdae 100644 --- a/stable/fluent-bit/templates/config.yaml +++ b/stable/fluent-bit/templates/config.yaml @@ -138,6 +138,9 @@ data: {{- end }} {{- if .Values.backend.es.logstash_prefix }} Logstash_Prefix {{ .Values.backend.es.logstash_prefix }} +{{- if .Values.backend.es.logstash_prefix_key }} + Logstash_Prefix_Key {{ .Values.backend.es.logstash_prefix_key }} +{{- end }} {{ else if .Values.backend.es.index }} Index {{ .Values.backend.es.index }} {{- end }} From 04796e40c1c5793e27cad29545380500ef3cecd9 Mon Sep 17 00:00:00 2001 From: Dudko Alexey Date: Tue, 18 Feb 2020 01:09:28 +0100 Subject: [PATCH 156/304] pass empty array if rules are empty (#19616) (#20819) Signed-off-by: Dudko Alexey --- stable/prometheus-adapter/Chart.yaml | 2 +- .../prometheus-adapter/templates/custom-metrics-configmap.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-adapter/Chart.yaml b/stable/prometheus-adapter/Chart.yaml index d33b8d22eb20..8fbfac790c54 100644 --- a/stable/prometheus-adapter/Chart.yaml +++ b/stable/prometheus-adapter/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prometheus-adapter -version: 2.1.0 +version: 2.1.1 appVersion: v0.6.0 description: A Helm chart for k8s prometheus adapter home: https://github.com/DirectXMan12/k8s-prometheus-adapter diff --git a/stable/prometheus-adapter/templates/custom-metrics-configmap.yaml b/stable/prometheus-adapter/templates/custom-metrics-configmap.yaml index 0864af71f87a..a191e8add3e6 100644 --- a/stable/prometheus-adapter/templates/custom-metrics-configmap.yaml +++ b/stable/prometheus-adapter/templates/custom-metrics-configmap.yaml @@ -10,6 +10,7 @@ metadata: heritage: {{ .Release.Service }} data: config.yaml: | +{{- if or .Values.rules.default .Values.rules.custom }} rules: {{- if .Values.rules.default }} - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' @@ -82,6 +83,7 @@ data: {{- if .Values.rules.custom }} {{ toYaml .Values.rules.custom | indent 4 }} {{- end -}} +{{- end -}} {{- if .Values.rules.external }} externalRules: {{ toYaml .Values.rules.external | indent 4 }} From ca058a2194b36862ce14ce7e81a387e51d098473 Mon Sep 17 00:00:00 2001 From: "l.h. riley" Date: Mon, 17 Feb 2020 16:29:28 -0800 Subject: [PATCH 157/304] [stable/rabbitmq-ha] Add support for additional pod affinity settings. (#20391) * [stable/rabbitmq-ha] Add support for additional pod affinity settings. Signed-off-by: l.h. riley * [stable/rabbitmq-ha] affinity overrides default podAntiAffinity settings. Signed-off-by: l.h. riley --- stable/rabbitmq-ha/Chart.yaml | 2 +- stable/rabbitmq-ha/README.md | 5 +++-- stable/rabbitmq-ha/templates/statefulset.yaml | 8 ++++++++ stable/rabbitmq-ha/values.yaml | 6 ++++++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/stable/rabbitmq-ha/Chart.yaml b/stable/rabbitmq-ha/Chart.yaml index 6846bb31cec8..4ff6e6d7b251 100644 --- a/stable/rabbitmq-ha/Chart.yaml +++ b/stable/rabbitmq-ha/Chart.yaml @@ -1,7 +1,7 @@ name: rabbitmq-ha apiVersion: v1 appVersion: 3.8.0 -version: 1.38.2 +version: 1.39.0 description: Highly available RabbitMQ cluster, the open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). keywords: diff --git a/stable/rabbitmq-ha/README.md b/stable/rabbitmq-ha/README.md index 6e5ee776c855..1b636ff55b35 100644 --- a/stable/rabbitmq-ha/README.md +++ b/stable/rabbitmq-ha/README.md @@ -98,8 +98,9 @@ and their default values. | `persistentVolume.name` | Persistent volume name | `data` | | `persistentVolume.size` | Persistent volume size | `8Gi` | | `persistentVolume.storageClass` | Persistent volume storage class | `-` | -| `podAntiAffinity` | Pod antiaffinity, `hard` or `soft` | `soft` | -| `podAntiAffinityTopologyKey` | TopologyKey for antiaffinity, default is hostname +| `podAntiAffinity` | Pod anti-affinity, `hard` or `soft` | `soft` | +| `podAntiAffinityTopologyKey` | TopologyKey for anti-affinity, default is hostname | `"kubernetes.io/hostname"` | +| `affinity` | Affinity settings. If specified, this will disable `podAntiAffinity` settings. If you still need anti-affinity, you must include the configuration here. | `{}` | | `podDisruptionBudget` | Pod Disruption Budget rules | `{}` | | `podManagementPolicy` | Whether the pods should be restarted in parallel or one at a time. Either `OrderedReady` or `Parallel`. | `OrderedReady` | | `prometheus.exporter.enabled` | Configures Prometheus Exporter to expose and scrape stats | `false` | diff --git a/stable/rabbitmq-ha/templates/statefulset.yaml b/stable/rabbitmq-ha/templates/statefulset.yaml index 257053f9f5ec..478fd398cf54 100644 --- a/stable/rabbitmq-ha/templates/statefulset.yaml +++ b/stable/rabbitmq-ha/templates/statefulset.yaml @@ -264,6 +264,12 @@ spec: {{- if .Values.schedulerName }} schedulerName: "{{ .Values.schedulerName }}" {{- end }} + {{- if .Values.affinity }} + affinity: + {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} {{- if eq .Values.podAntiAffinity "hard" }} affinity: podAntiAffinity: @@ -285,6 +291,8 @@ spec: app: {{ template "rabbitmq-ha.name" . }} release: {{ .Release.Name }} {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/stable/rabbitmq-ha/values.yaml b/stable/rabbitmq-ha/values.yaml index 85f4e026d2c8..bece51edf1b8 100644 --- a/stable/rabbitmq-ha/values.yaml +++ b/stable/rabbitmq-ha/values.yaml @@ -417,6 +417,12 @@ statefulSetAnnotations: {} podAntiAffinity: soft podAntiAffinityTopologyKey: "kubernetes.io/hostname" +## Affinity settings +## Defining 'affinity' will disable any podAntiAffinity settings. +## If you still need anti-affinity, you must include the configuration here. +## +affinity: {} + ## Create default configMap ## existingConfigMap: false From 5d57389d2c1ba337fb8b9045ec4f59521718220b Mon Sep 17 00:00:00 2001 From: Marcel Araujo <421794+marcelaraujo@users.noreply.github.com> Date: Tue, 18 Feb 2020 06:59:28 +0000 Subject: [PATCH 158/304] Make jenkins-home volume attachable to Azure disks without pvc (#19804) Signed-off-by: Marcel Araujo --- stable/jenkins/CHANGELOG.md | 13 +++++++++++++ stable/jenkins/Chart.yaml | 2 +- stable/jenkins/templates/home-pvc.yaml | 2 ++ .../templates/jenkins-master-deployment.yaml | 2 ++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/CHANGELOG.md b/stable/jenkins/CHANGELOG.md index dd0bf829546e..4bb1556c1c1f 100644 --- a/stable/jenkins/CHANGELOG.md +++ b/stable/jenkins/CHANGELOG.md @@ -5,6 +5,19 @@ numbering uses [semantic versioning](http://semver.org). NOTE: The change log until version 1.5.7 is auto generated based on git commits. Those include a reference to the git commit to be able to get more details. +## 1.9.18 + +Make `jenkins-home` attachable to Azure Disks without pvc + +``` + volumes: + - name: jenkins-home + azureDisk: + kind: Managed + diskName: myAKSDisk + diskURI: /subscriptions//resourceGroups/MC_myAKSCluster_myAKSCluster_eastus/providers/Microsoft.Compute/disks/myAKSDisk +``` + ## 1.9.16 Fix PodLabel for NetworkPolicy to work if enabled diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 4d344defc3ce..9b59eb49d542 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: jenkins home: https://jenkins.io/ -version: 1.9.17 +version: 1.9.18 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/templates/home-pvc.yaml b/stable/jenkins/templates/home-pvc.yaml index 869d56d41d75..eceace14aaf3 100644 --- a/stable/jenkins/templates/home-pvc.yaml +++ b/stable/jenkins/templates/home-pvc.yaml @@ -1,3 +1,4 @@ +{{- if not (contains "jenkins-home" (quote .Values.persistence.volumes)) }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 @@ -28,3 +29,4 @@ spec: {{- end }} {{- end }} {{- end }} +{{- end }} diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index bceacfdf185a..74d812174f30 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -371,6 +371,7 @@ spec: - name: plugin-dir emptyDir: {} {{- end }} + {{- if not (contains "jenkins-home" (quote .Values.persistence.volumes)) }} - name: jenkins-home {{- if .Values.persistence.enabled }} persistentVolumeClaim: @@ -378,6 +379,7 @@ spec: {{- else }} emptyDir: {} {{- end -}} + {{- end -}} {{- if .Values.master.JCasC.enabled }} - name: sc-config-volume emptyDir: {} From be4fd6c25b0640327a9f54c0b6dfa1ee6dd4a2df Mon Sep 17 00:00:00 2001 From: Mathew Wicks Date: Tue, 18 Feb 2020 18:25:28 +1100 Subject: [PATCH 159/304] [stable/airflow] fix postgres database config name (#20828) The docs suggest that `postgresql.postgresDatabase` was renamed to `postgresql.postgresqlDatabase`, this hotfix makes that true. Signed-off-by: Mathew Wicks --- stable/airflow/Chart.yaml | 2 +- stable/airflow/templates/configmap-env.yaml | 2 +- stable/airflow/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index d35dd4e5b668..026cac79e7c8 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 6.0.0 +version: 6.0.1 appVersion: 1.10.4 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/configmap-env.yaml b/stable/airflow/templates/configmap-env.yaml index e37d16eb9315..0c83910a7f00 100644 --- a/stable/airflow/templates/configmap-env.yaml +++ b/stable/airflow/templates/configmap-env.yaml @@ -13,7 +13,7 @@ data: ## Postgres DB configuration POSTGRES_HOST: "{{ template "airflow.postgresql.fullname" . }}" POSTGRES_PORT: "{{ .Values.postgresql.service.port }}" - POSTGRES_DB: "{{ .Values.postgresql.postgresDatabase }}" + POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}" {{- if eq .Values.airflow.executor "Celery" }} ## Redis DB configuration REDIS_HOST: "{{ template "airflow.redis.host" . }}" diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index baa49b91a39f..cbed5350e5a6 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -604,7 +604,7 @@ postgresql: ## ## If you are bringing your own PostgreSQL, you should set postgresHost and - ## also probably service.port, postgresUser, postgresPassword, and postgresDatabase + ## also probably service.port, postgresqlUsername, postgresqlPassword, and postgresqlDatabase ## postgresHost: ## ## PostgreSQL port From 5d1a52a1717359760d75d12f332dbec431a885da Mon Sep 17 00:00:00 2001 From: Jan <55805868+Jaydee94@users.noreply.github.com> Date: Tue, 18 Feb 2020 08:59:28 +0100 Subject: [PATCH 160/304] New Value for addtional annotations for the make-bucket-job. (#20824) Write new value to README.md. Bumped chart version. Signed-off-by: jaydee94 --- stable/minio/Chart.yaml | 2 +- stable/minio/README.md | 1 + stable/minio/templates/post-install-create-bucket-job.yaml | 1 + stable/minio/values.yaml | 4 ++++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 034167f1f562..25938e79c177 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads. name: minio -version: 5.0.10 +version: 5.0.11 appVersion: master keywords: - storage diff --git a/stable/minio/README.md b/stable/minio/README.md index 4c5cc710c99d..1bf4339db67d 100755 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -158,6 +158,7 @@ The following table lists the configurable parameters of the MinIO chart and the | `defaultBucket.policy` | Bucket policy | `none` | | `defaultBucket.purge` | Purge the bucket if already exists | `false` | | `buckets` | List of buckets to create after MinIO install | `[]` | +| `makeBucketJob.annotations` | Additional annotations for the Kubernetes Batch (make-bucket-job) | `""` | | `s3gateway.enabled` | Use MinIO as a [s3 gateway](https://github.com/minio/minio/blob/master/docs/gateway/s3.md) | `false` | | `s3gateway.replicas` | Number of s3 gateway instances to run in parallel | `4` | | `s3gateway.serviceEndpoint` | Endpoint to the S3 compatible service | `""` | diff --git a/stable/minio/templates/post-install-create-bucket-job.yaml b/stable/minio/templates/post-install-create-bucket-job.yaml index 92ae62b9fa77..0b074ca28337 100755 --- a/stable/minio/templates/post-install-create-bucket-job.yaml +++ b/stable/minio/templates/post-install-create-bucket-job.yaml @@ -11,6 +11,7 @@ metadata: annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": hook-succeeded + {{ toYaml .Values.makeBucketJob.annotations | indent 4 }} spec: template: metadata: diff --git a/stable/minio/values.yaml b/stable/minio/values.yaml index e2e3d41c4bdd..55e3b26673f7 100755 --- a/stable/minio/values.yaml +++ b/stable/minio/values.yaml @@ -222,6 +222,10 @@ buckets: [] # policy: none # purge: false +## Additional Annotations for the Kubernetes Batch (make-bucket-job) +makeBucketJob: + annotations: + s3gateway: enabled: false replicas: 4 From aa4f2265728158e724cf5d737a834bc0f29d4984 Mon Sep 17 00:00:00 2001 From: Alex Williams Date: Tue, 18 Feb 2020 08:55:28 +0000 Subject: [PATCH 161/304] [stable/coredns] add back the service account for autoscaler (#20823) * [stable/coredns] add back the service account for autoscaler Signed-off-by: Alex Williams * [stable/coredns] I didn't actually rename the file Signed-off-by: Alex Williams * [stable/coredns] check if rbac needs to be created Signed-off-by: Alex Williams --- stable/coredns/Chart.yaml | 2 +- .../templates/serviceaccount-autoscaler.yaml | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 stable/coredns/templates/serviceaccount-autoscaler.yaml diff --git a/stable/coredns/Chart.yaml b/stable/coredns/Chart.yaml index 1373e21f0f59..732b23e4a5eb 100644 --- a/stable/coredns/Chart.yaml +++ b/stable/coredns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: coredns -version: 1.9.2 +version: 1.9.3 appVersion: 1.6.7 description: CoreDNS is a DNS server that chains plugins and provides Kubernetes DNS Services keywords: diff --git a/stable/coredns/templates/serviceaccount-autoscaler.yaml b/stable/coredns/templates/serviceaccount-autoscaler.yaml new file mode 100644 index 000000000000..972c746129f0 --- /dev/null +++ b/stable/coredns/templates/serviceaccount-autoscaler.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.autoscaler.enabled .Values.rbac.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "coredns.fullname" . }}-autoscaler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- if .Values.isClusterService }} + k8s-app: {{ .Chart.Name }}-autoscaler + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +{{- end }} From 6a1736792b0f01988216e831034eb54b61ad207b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Pires?= Date: Tue, 18 Feb 2020 09:09:28 +0000 Subject: [PATCH 162/304] [incubator/cassandra] Add annotations to service manifest (#20810) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add service Annotations to helm values. Signed-off-by: André Pires * Bump Chart version. Signed-off-by: André Pires * remove empty line. Signed-off-by: André Pires --- incubator/cassandra/Chart.yaml | 2 +- incubator/cassandra/README.md | 1 + incubator/cassandra/templates/service.yaml | 4 ++++ incubator/cassandra/values.yaml | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index 87843c11719c..5a6f03498c75 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: cassandra -version: 0.14.0 +version: 0.14.1 appVersion: 3.11.5 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/README.md b/incubator/cassandra/README.md index a77df35f83d3..a5a7b27e1ed9 100644 --- a/incubator/cassandra/README.md +++ b/incubator/cassandra/README.md @@ -128,6 +128,7 @@ The following table lists the configurable parameters of the Cassandra chart and | `persistence.size` | Size of data volume | `10Gi` | | `resources` | CPU/Memory resource requests/limits | Memory: `4Gi`, CPU: `2` | | `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` | +| `service.annotations` | Annotations to apply to cassandra service | `""` | | `podManagementPolicy` | podManagementPolicy of the StatefulSet | `OrderedReady` | | `podDisruptionBudget` | Pod distruption budget | `{}` | | `podAnnotations` | pod annotations for the StatefulSet | `{}` | diff --git a/incubator/cassandra/templates/service.yaml b/incubator/cassandra/templates/service.yaml index bdd7b53c1cd3..da0a84e0dfdd 100644 --- a/incubator/cassandra/templates/service.yaml +++ b/incubator/cassandra/templates/service.yaml @@ -7,6 +7,10 @@ metadata: chart: {{ template "cassandra.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: clusterIP: None type: {{ .Values.service.type }} diff --git a/incubator/cassandra/values.yaml b/incubator/cassandra/values.yaml index d8c64c4277db..8fc698513656 100644 --- a/incubator/cassandra/values.yaml +++ b/incubator/cassandra/values.yaml @@ -12,6 +12,7 @@ image: ## ref: http://kubernetes.io/docs/user-guide/services/ service: type: ClusterIP + annotations: "" ## Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ From 32075fd8aa711e75192859a61096599c237bb525 Mon Sep 17 00:00:00 2001 From: Angelo Fausti Date: Tue, 18 Feb 2020 03:39:28 -0700 Subject: [PATCH 163/304] [stable/kapacitor] Use an existing secret for the InfluxDB auth (#19594) * Use an existing secret for the InfluxDB auth - Sometimes you need to check in the values.yaml in a repo and you don't want to expose the secrets. With the existingSecret option you can use and existing kubernetes secret with the keys `influxdb-user` and `infuxdb-password` to set the corresponding environment variables in Kapacitor. The keys are the same as the ones used in the `influxdb-auth` secret created by the InfluxDB Helm chart. Signed-off-by: Angelo Fausti * Bump minor version instead Signed-off-by: Angelo Fausti --- stable/kapacitor/Chart.yaml | 2 +- stable/kapacitor/README.md | 1 + stable/kapacitor/templates/deployment.yaml | 12 ++++++++++++ stable/kapacitor/values.yaml | 6 ++++++ 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/stable/kapacitor/Chart.yaml b/stable/kapacitor/Chart.yaml index 37cd3b9cce9a..9cf42686b239 100755 --- a/stable/kapacitor/Chart.yaml +++ b/stable/kapacitor/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: kapacitor -version: 1.1.4 +version: 1.2.0 appVersion: 1.5.2 description: InfluxDB's native data processing engine. It can process both stream and batch data from InfluxDB. diff --git a/stable/kapacitor/README.md b/stable/kapacitor/README.md index 879af7991d4c..cd387f213cca 100644 --- a/stable/kapacitor/README.md +++ b/stable/kapacitor/README.md @@ -62,6 +62,7 @@ The following table lists the configurable parameters of the Kapacitor chart and | `resources.limits.cpu` | Kapacitor cpu limit | `2` | | `envVars` | Environment variables to set initial Kapacitor configuration (https://hub.docker.com/_/kapacitor/) | `{}` | | `influxURL` | InfluxDB url used to interact with Kapacitor (also can be set with ```envVars.KAPACITOR_INFLUXDB_0_URLS_0```) | `http://influxdb-influxdb.tick:8086` | +| `existingSecret` | Name of an existing Secrect used to set the environment variables for the InfluxDB user and password. The expected keys in the secret are `influxdb-user` and `influxdb-password`. | The configurable parameters of the Kapacitor chart and the default values are listed in `values.yaml`. diff --git a/stable/kapacitor/templates/deployment.yaml b/stable/kapacitor/templates/deployment.yaml index 6e7bea3b67bc..4c956a80a9ab 100644 --- a/stable/kapacitor/templates/deployment.yaml +++ b/stable/kapacitor/templates/deployment.yaml @@ -29,6 +29,18 @@ spec: - name: {{ $key }} value: {{ $val | quote }} {{- end }} + {{- if .Values.existingSecret }} + - name: KAPACITOR_INFLUXDB_0_USERNAME + valueFrom: + secretKeyRef: + key: influxdb-user + name: {{ .Values.existingSecret }} + - name: KAPACITOR_INFLUXDB_0_PASSWORD + valueFrom: + secretKeyRef: + key: influxdb-password + name: {{ .Values.existingSecret }} + {{- end }} ports: - containerPort: 9092 volumeMounts: diff --git a/stable/kapacitor/values.yaml b/stable/kapacitor/values.yaml index f872cb73af89..5ab902526ed7 100644 --- a/stable/kapacitor/values.yaml +++ b/stable/kapacitor/values.yaml @@ -60,3 +60,9 @@ resources: ## ref: https://docs.influxdata.com/kapacitor/v1.1/introduction/getting_started/ ## # influxURL: http://influxdb-influxdb.tick:8086 + +## Name of an existing Secrect used to set the environment variables for the +## InfluxDB user and password. The expected keys in the secret are +## `influxdb-user` and `influxdb-password`. +## +# existingSecret: influxdb-auth From 4e8736c578516d0ca4cdbc8eb337a26554328469 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 18 Feb 2020 12:03:29 +0100 Subject: [PATCH 164/304] [stable/phabricator] Release 9.0.9 (using Helm 2) (#20839) Signed-off-by: Carlos Rodriguez Hernandez --- stable/phabricator/Chart.yaml | 4 ++-- stable/phabricator/requirements.lock | 4 ++-- stable/phabricator/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 20527356effb..2f5ea8d07854 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: phabricator -version: 9.0.8 -appVersion: 2019.50.0 +version: 9.0.9 +appVersion: 2020.7.0 description: Collection of open source web applications that help software companies build better software. keywords: - phabricator diff --git a/stable/phabricator/requirements.lock b/stable/phabricator/requirements.lock index bdd5ffc52fb0..807712633530 100644 --- a/stable/phabricator/requirements.lock +++ b/stable/phabricator/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.9 digest: sha256:22662ca4b6b22e2476dbffb98118b0369277a68918a0129d17bf34bd66100653 -generated: 2020-01-24T13:07:16.998235444Z +generated: "2020-02-18T10:48:36.47906334Z" diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index db9cc5d68c82..428cf7f7047e 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2019.50.0-debian-10-r0 + tag: 2020.7.0-debian-10-r3 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -228,7 +228,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 3f17075fdb41e2e74dc160897fd020d41b963187 Mon Sep 17 00:00:00 2001 From: Alex Khaerov Date: Tue, 18 Feb 2020 19:49:28 +0800 Subject: [PATCH 165/304] Remove duplicate parameter from README (#20832) Signed-off-by: Alex Khaerov --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 38d9a9cfd807..fd2088a71cf4 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.5.2 +version: 10.5.3 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index 743b976ce32a..72eb83642277 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -59,7 +59,6 @@ The following table lists the configurable parameters of the Redis chart and the | `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | `global.storageClass` | Global storage class for dynamic provisioning | `nil` | | `global.redis.password` | Redis password (overrides `password`) | `nil` | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | | `image.registry` | Redis Image registry | `docker.io` | | `image.repository` | Redis Image name | `bitnami/redis` | | `image.tag` | Redis Image tag | `{TAG_NAME}` | From c89126cc9189e8eb5b02c157092853e26fe3fe6b Mon Sep 17 00:00:00 2001 From: Bruno Clermont Date: Tue, 18 Feb 2020 21:35:29 +0800 Subject: [PATCH 166/304] [stable/drone] Add optional support for k8s pipelines runner and secrets (#20831) * [stable/drone] upgrade drone to 1.6.5 Signed-off-by: Bruno Clermont * [stable/drone] add optional support for kubernetes runner and secrets Signed-off-by: Bruno Clermont --- stable/drone/Chart.yaml | 4 +- stable/drone/README.md | 30 ++++ stable/drone/templates/deployment-agent.yaml | 2 +- stable/drone/templates/deployment-runner.yaml | 87 +++++++++++ .../drone/templates/deployment-secrets.yaml | 73 +++++++++ .../templates/role-binding-pipeline.yaml | 2 +- .../drone/templates/role-binding-secrets.yaml | 19 +++ stable/drone/templates/role-pipeline.yaml | 2 +- stable/drone/templates/role-secrets.yaml | 23 +++ .../templates/service-account-pipeline.yaml | 2 +- .../templates/service-account-secrets.yaml | 12 ++ stable/drone/templates/service-secrets.yaml | 27 ++++ stable/drone/values.yaml | 138 +++++++++++++++++- 13 files changed, 410 insertions(+), 11 deletions(-) create mode 100644 stable/drone/templates/deployment-runner.yaml create mode 100644 stable/drone/templates/deployment-secrets.yaml create mode 100644 stable/drone/templates/role-binding-secrets.yaml create mode 100644 stable/drone/templates/role-secrets.yaml create mode 100644 stable/drone/templates/service-account-secrets.yaml create mode 100644 stable/drone/templates/service-secrets.yaml diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index 44dc5ec84370..be9fca74c274 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.6.1 -appVersion: 1.6.1 +version: 2.7.0 +appVersion: 1.6.5 description: Drone is a Continuous Delivery system built on container technology keywords: - continuous-delivery diff --git a/stable/drone/README.md b/stable/drone/README.md index c5ff492fd593..c1c95b90dfee 100644 --- a/stable/drone/README.md +++ b/stable/drone/README.md @@ -64,6 +64,12 @@ The following table lists the configurable parameters of the drone charts and th | `images.dind.repository` | Docker **dind** image | `docker.io/library/docker` | | `images.dind.tag` | Docker **dind** image tag | `18.06.1-ce-dind` | | `images.dind.pullPolicy` | Docker **dind** image pull policy | `IfNotPresent` | +| `images.runner.repository` | Docker **runner** image | `docker.io/drone/drone-runner-kube` | +| `images.runner.tag` | Docker **runner** image tag | `1.0.0-beta.2` | +| `images.runner.pullPolicy` | Docker **runner** image pull policy | `IfNotPresent` | +| `images.secrets.repository` | Docker **secrets plugin** image | `robotinfra/drone-kubernetes-secrets` | +| `images.secrets.tag` | Docker **secrets plugin** image tag | `0c5746b` | +| `images.secrets.pullPolicy` | Docker **secrets plugin** image pull policy | `IfNotPresent` | | `service.annotations` | Service annotations | `{}` | | `service.httpPort` | Drone's Web GUI HTTP port | `80` | | `service.nodePort` | If `service.type` is `NodePort` and this is non-empty, sets the http node port of the service | `32015` | @@ -129,6 +135,30 @@ The following table lists the configurable parameters of the drone charts and th | `dind.env` | **DinD** environment variables | `nil` | | `dind.command` | **DinD** custom command instead of default entry point | `nil` | | `dind.args` | **DinD** arguments for custom command or entry point | `nil` | +| `runner.enabled` | Enable or disable Drone Kubernetes **runner** enable | `false` | +| `runner.replicas` | Drone **runner** replicas | `1` | +| `runner.env` | Drone **runner** environment variables | `(default values)` | +| `runner.logs.debug` | Drone **runner** enables debug mode | `false` | +| `runner.logs.trace` | Drone **runner** enables trace mode | `false` | +| `runner.annotations` | Drone **runner** annotations | `{}` | +| `runner.resources` | Drone **runner** pod resource requests & limits | `{}` | +| `runner.schedulerName` | Drone **runner** alternate scheduler name | `nil` | +| `runner.affinity` | Drone **runner** scheduling preferences | `{}` | +| `runner.nodeSelector` | Drone **runner** node labels for pod assignment | `{}` | +| `runner.tolerations` | Drone **runner** node taints to tolerate | `[]` | +| `runner.securityContext` | Drone **runner** securityContext | `{}` | +| `secrets.enabled` | Enable or disable Drone **secrets plugin**, only used if `server.kubernetes.enabled` is `false` and `runner.enabled` is `true` | `false` | +| `secrets.replicas` | Drone **secrets plugin** replicas | `1` | +| `secrets.service.httpPort` | Drone **secrets plugin** service HTTP port | `80` | +| `secrets.httpPort` | Drone **secrets plugin** HTTP port port | `3000` | +| `secrets.logs.debug` | Drone **secrets plugin** enables debug mode | `false` | +| `secrets.annotations` | Drone **secrets plugin** annotations | `{}` | +| `secrets.resources` | Drone **secrets plugin** pod resource requests & limits | `{}` | +| `secrets.schedulerName` | Drone **secrets plugin** alternate scheduler name | `nil` | +| `secrets.affinity` | Drone **secrets plugin** scheduling preferences | `{}` | +| `secrets.nodeSelector` | Drone **secrets plugin** node labels for pod assignment | `{}` | +| `secrets.tolerations` | Drone **secrets plugin** node taints to tolerate | `[]` | +| `secrets.securityContext` | Drone **secrets plugin** securityContext | `{}` | | `metrics.prometheus.enabled` | Enable Prometheus metrics endpoint | `false` | | `persistence.enabled` | Use a PVC to persist data | `true` | | `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | diff --git a/stable/drone/templates/deployment-agent.yaml b/stable/drone/templates/deployment-agent.yaml index 561e379ec52b..25d148b9edff 100644 --- a/stable/drone/templates/deployment-agent.yaml +++ b/stable/drone/templates/deployment-agent.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.server.kubernetes.enabled -}} +{{- if and (not .Values.server.kubernetes.enabled) (not .Values.runner.enabled) -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/stable/drone/templates/deployment-runner.yaml b/stable/drone/templates/deployment-runner.yaml new file mode 100644 index 000000000000..44575685e254 --- /dev/null +++ b/stable/drone/templates/deployment-runner.yaml @@ -0,0 +1,87 @@ +{{- if and (not .Values.server.kubernetes.enabled) .Values.runner.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "drone.fullname" . }}-runner + labels: + app: {{ template "drone.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: runner +spec: + selector: + matchLabels: + app: {{ template "drone.name" . }} + release: "{{ .Release.Name }}" + component: runner + replicas: {{ .Values.runner.replicas }} + template: + metadata: +{{- if .Values.runner.annotations }} + annotations: +{{ toYaml .Values.runner.annotations | indent 8 }} +{{- end }} + labels: + app: {{ template "drone.name" . }} + release: "{{ .Release.Name }}" + component: runner + spec: +{{- if .Values.runner.schedulerName }} + schedulerName: "{{ .Values.runner.schedulerName }}" +{{- end }} +{{- if .Values.runner.affinity }} + affinity: +{{ toYaml .Values.runner.affinity | indent 8 }} +{{- end }} +{{- if .Values.runner.nodeSelector }} + nodeSelector: +{{ toYaml .Values.runner.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.runner.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} +{{- end }} + serviceAccountName: {{ template "drone.pipelineServiceAccount" . }} + containers: + - name: runner + image: "{{ .Values.images.runner.repository }}:{{ .Values.images.runner.tag }}" + imagePullPolicy: {{ .Values.images.runner.pullPolicy }} + env: + - name: DRONE_LOGS_DEBUG + value: {{ .Values.runner.logs.debug | quote }} + - name: DRONE_LOGS_TRACE + value: {{ .Values.runner.logs.trace | quote }} + - name: DRONE_LOGS_COLOR + value: "false" + - name: DRONE_LOGS_PRETTY + value: "false" + - name: DRONE_LOGS_TEXT + value: "true" + - name: DRONE_RPC_PROTO + value: {{ .Values.server.rpcProtocol }} + - name: DRONE_RPC_HOST + value: "{{ template "drone.fullname" . }}" + - name: DRONE_RPC_SECRET + valueFrom: + secretKeyRef: + name: {{ template "drone.fullname" . }} + key: secret + - name: DRONE_NAMESPACE_DEFAULT + value: {{ default .Release.Namespace .Values.runner.namespace }} + {{- if .Values.secrets.enabled }} + - name: DRONE_SECRET_PLUGIN_ENDPOINT + value: http://{{ template "drone.fullname" . }}-secrets:{{ .Values.secrets.service.httpPort }} + - name: DRONE_SECRET_PLUGIN_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "drone.fullname" . }} + key: secret + {{- end }} + {{- range $key, $value := .Values.runner.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + resources: +{{ toYaml .Values.runner.resources | indent 10 }} +{{- end }} \ No newline at end of file diff --git a/stable/drone/templates/deployment-secrets.yaml b/stable/drone/templates/deployment-secrets.yaml new file mode 100644 index 000000000000..ae51d46747ce --- /dev/null +++ b/stable/drone/templates/deployment-secrets.yaml @@ -0,0 +1,73 @@ +{{- if and (not .Values.server.kubernetes.enabled) .Values.runner.enabled .Values.secrets.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "drone.fullname" . }}-secrets + labels: + app: {{ template "drone.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + component: secrets +spec: + selector: + matchLabels: + app: {{ template "drone.name" . }} + release: "{{ .Release.Name }}" + component: secrets + replicas: {{ .Values.secrets.replicas }} + template: + metadata: +{{- if .Values.secrets.annotations }} + annotations: +{{ toYaml .Values.secrets.annotations | indent 8 }} +{{- end }} + labels: + app: {{ template "drone.name" . }} + release: "{{ .Release.Name }}" + component: secrets + spec: +{{- if .Values.secrets.schedulerName }} + schedulerName: "{{ .Values.secrets.schedulerName }}" +{{- end }} +{{- if .Values.secrets.affinity }} + affinity: +{{ toYaml .Values.secrets.affinity | indent 8 }} +{{- end }} +{{- if .Values.secrets.nodeSelector }} + nodeSelector: +{{ toYaml .Values.secrets.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.secrets.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} +{{- end }} + serviceAccountName: {{ template "drone.serviceAccountName" . }} + containers: + - name: secrets + image: {{ .Values.images.secrets.repository }}:{{ .Values.images.secrets.tag }} + imagePullPolicy: {{ .Values.images.secrets.pullPolicy }} + resources: + {{ toYaml .Values.secrets.resources | indent 10 }} + ports: + - name: http + containerPort: {{ .Values.secrets.httpPort }} + protocol: TCP + livenessProbe: + initialDelaySeconds: 2 + periodSeconds: 20 + tcpSocket: + port: http + env: + - name: DEBUG + value: {{ .Values.secrets.logs.debug | quote }} + - name: KUBERNETES_NAMESPACE + value: {{ .Release.Namespace }} + - name: SERVER_ADDRESS + value: :{{ .Values.secrets.httpPort }} + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ template "drone.fullname" . }} + key: secret +{{- end }} diff --git a/stable/drone/templates/role-binding-pipeline.yaml b/stable/drone/templates/role-binding-pipeline.yaml index 7454f6644a41..6da9684aaac7 100644 --- a/stable/drone/templates/role-binding-pipeline.yaml +++ b/stable/drone/templates/role-binding-pipeline.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.create .Values.server.kubernetes.enabled -}} +{{ if and .Values.rbac.create (or .Values.server.kubernetes.enabled .Values.runner.enabled ) -}} apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }} kind: ClusterRoleBinding metadata: diff --git a/stable/drone/templates/role-binding-secrets.yaml b/stable/drone/templates/role-binding-secrets.yaml new file mode 100644 index 000000000000..a6103044fa6c --- /dev/null +++ b/stable/drone/templates/role-binding-secrets.yaml @@ -0,0 +1,19 @@ +{{ if and .Values.rbac.create (not .Values.server.kubernetes.enabled) .Values.runner.enabled -}} +apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }} +kind: RoleBinding +metadata: + name: {{ template "drone.fullname" . }}-secrets + labels: + app: {{ template "drone.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "drone.fullname" . }}-secrets +subjects: +- kind: ServiceAccount + name: {{ template "drone.fullname" . }}-secrets + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/stable/drone/templates/role-pipeline.yaml b/stable/drone/templates/role-pipeline.yaml index 615e8ff589f7..7fefd1a378bf 100644 --- a/stable/drone/templates/role-pipeline.yaml +++ b/stable/drone/templates/role-pipeline.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.create .Values.server.kubernetes.enabled -}} +{{ if and .Values.rbac.create (or .Values.server.kubernetes.enabled .Values.runner.enabled ) -}} apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }} kind: ClusterRole metadata: diff --git a/stable/drone/templates/role-secrets.yaml b/stable/drone/templates/role-secrets.yaml new file mode 100644 index 000000000000..1d5ccfcaea98 --- /dev/null +++ b/stable/drone/templates/role-secrets.yaml @@ -0,0 +1,23 @@ +{{ if and .Values.serviceAccount.create (not .Values.server.kubernetes.enabled) .Values.runner.enabled -}} +apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }} +kind: Role +metadata: + name: {{ template "drone.fullname" . }}-secrets + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "drone.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - watch +{{ end }} diff --git a/stable/drone/templates/service-account-pipeline.yaml b/stable/drone/templates/service-account-pipeline.yaml index 78aaf4dc30f8..c8ee2dd7237c 100644 --- a/stable/drone/templates/service-account-pipeline.yaml +++ b/stable/drone/templates/service-account-pipeline.yaml @@ -1,4 +1,4 @@ -{{ if and .Values.serviceAccount.create .Values.server.kubernetes.enabled -}} +{{ if and .Values.serviceAccount.create (or .Values.server.kubernetes.enabled .Values.runner.enabled ) -}} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/stable/drone/templates/service-account-secrets.yaml b/stable/drone/templates/service-account-secrets.yaml new file mode 100644 index 000000000000..1c0354a3e780 --- /dev/null +++ b/stable/drone/templates/service-account-secrets.yaml @@ -0,0 +1,12 @@ +{{- if and (not .Values.server.kubernetes.enabled) .Values.runner.enabled .Values.secrets.enabled .Values.runner.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "drone.fullname" . }}-secrets + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "drone.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end -}} \ No newline at end of file diff --git a/stable/drone/templates/service-secrets.yaml b/stable/drone/templates/service-secrets.yaml new file mode 100644 index 000000000000..14590875a68b --- /dev/null +++ b/stable/drone/templates/service-secrets.yaml @@ -0,0 +1,27 @@ +{{- if and (not .Values.server.kubernetes.enabled) .Values.runner.enabled .Values.secrets.enabled .Values.runner.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "drone.fullname" . }}-secrets +{{- if .Values.secrets.service.annotations }} + annotations: + {{- range $key, $value := .Values.secrets.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app: {{ template "drone.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: ClusterIP + ports: + - name: http + port: {{ .Values.secrets.service.httpPort }} + targetPort: {{ .Values.secrets.httpPort }} + selector: + app: {{ template "drone.name" . }} + release: {{ .Release.Name | quote }} + component: secrets +{{- end -}} \ No newline at end of file diff --git a/stable/drone/values.yaml b/stable/drone/values.yaml index 867c9b66484b..9abc802b91e7 100644 --- a/stable/drone/values.yaml +++ b/stable/drone/values.yaml @@ -4,7 +4,7 @@ images: ## server: repository: "docker.io/drone/drone" - tag: 1.6.1 + tag: 1.6.5 pullPolicy: IfNotPresent ## The official drone (agent) image, change tag to use a different version. @@ -12,7 +12,7 @@ images: ## agent: repository: "docker.io/drone/agent" - tag: 1.6.1 + tag: 1.6.5 pullPolicy: IfNotPresent ## The official docker (dind) image, change tag to use a different version. @@ -23,6 +23,19 @@ images: tag: 18.06.1-ce-dind pullPolicy: IfNotPresent + ## The official drone (runner-kubernetes) image, change tag to use a different version. + ## ref: https://hub.docker.com/r/drone/drone-runner-kube/tags/ + ## + runner: + repository: "docker.io/drone/drone-runner-kube" + tag: 1.0.0-beta.2 + pullPolicy: IfNotPresent + + secrets: + repository: "robotinfra/drone-kubernetes-secrets" + tag: 0c5746b + pullPolicy: IfNotPresent + service: httpPort: 80 @@ -144,10 +157,10 @@ server: ## when your source code management system (e.g. GitHub Enterprise) has private mode enabled. alwaysAuth: false - ## Configures drone to use kubernetes to run pipelines rather than agents, if enabled - ## will not deploy any agents. + ## Configures drone to use legacy kubernetes runner to run pipelines rather than agents + ## if enabled will not deploy any agents. kubernetes: - ## set to true if you want drone to use kubernetes to run pipelines + ## set to true if you want drone to use old kubernetes legacy to run pipelines enabled: true ## you can run pipeline jobs in another namespace, if you choose to do this ## you'll need to create that namespace manually. @@ -222,6 +235,121 @@ server: ## extraVolumes: | +## Kubernetes runner is the new method to run pipelines, might requires changes to `.drone.yaml` files +runner: + # requires server.kubernetes.enabled=`false` + enabled: false + + logs: + debug: false + + ## Number of drone kube-runner replicas + replicas: 1 + + ## Additional kube-runner annotations. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## drone runner does not currently have a health endpoint to check against. + livenessProbe: {} + readinessProbe: {} + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + ## Pod scheduling preferences. + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection + ## + nodeSelector: {} + + ## Node taints to tolerate + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Drone kube-runner configuration. + ## Values in here get injected as environment variables to the kube-runner + ## Ref: https://kube-runner.docs.drone.io/installation/reference/ + ## + env: {} + + ## CPU and memory limits for drone kube-runner + ## + resources: {} + # requests: + # memory: 32Mi + # cpu: 40m + # limits: + # memory: 2Gi + # cpu: 1 + +# kubernetes secrets plugins container +secrets: + # runner.enabled must also be `true` + enabled: false + service: + httpPort: 80 + # annotations: + + logs: + debug: false + + httpPort: 3000 + + ## Number of drone kube-runner replicas + replicas: 1 + + ## Additional kubernetes secrets annotations. + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + annotations: {} + + ## Liveness and readiness probe values + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## drone runner does not currently have a health endpoint to check against. + livenessProbe: {} + readinessProbe: {} + + ## Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + # schedulerName: + + ## Pod scheduling preferences. + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection + ## + nodeSelector: {} + + ## Node taints to tolerate + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## CPU and memory limits for drone kube-runner + ## + resources: {} + # requests: + # memory: 32Mi + # cpu: 40m + # limits: + # memory: 2Gi + # cpu: 1 + agent: ## Drone agent configuration. ## Values in here get injected as environment variables. From d3b9ed1ecdc0b0661cca093d04fe50df0321406b Mon Sep 17 00:00:00 2001 From: Chris Suran Date: Tue, 18 Feb 2020 09:53:28 -0500 Subject: [PATCH 167/304] [stable/sonarqube] Remove privileged securityContext from chmod-volume-mounts init container (#20525) * [stable/sonarqube] Remove privileged securityContext from chmod-volume-mounts init container Signed-off-by: Chris Suran * [stable/sonarqube] Update README to clarify Elasticsearch settings Signed-off-by: Chris Suran --- stable/sonarqube/Chart.yaml | 2 +- stable/sonarqube/README.md | 4 ++-- stable/sonarqube/templates/deployment.yaml | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index e1c67157c7db..30de94217f34 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 3.4.0 +version: 3.4.1 appVersion: 7.9.2 keywords: - coverage diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index 857cd3abb5f5..dbaf43069a51 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -149,8 +149,8 @@ Since SonarQube comes bundled with an Elasticsearch instance, some [bootstrap ch This chart offers the option to use an initContainer in privilaged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide. -To enable auto-configuration of the kube worker node, set `elasticsearch.configureNode` to `true` +To enable auto-configuration of the kube worker node, set `elasticsearch.configureNode` to `true`. This is the default behavior, so you do not need to explicitly set this. This will run `sysctl -w vm.max_map_count=262144` on the worker where the sonarqube pod(s) get scheduled. This needs to be set to `262144` but normally defaults to `65530`. Other kernel settings are recommended by the [docker image](https://hub.docker.com/_/sonarqube/#requirements), but the defaults work fine in most cases. -Note that if node configuration is not enabled, then you will likely need to disable the Elasticsearch bootstrap checks. These can be explicitly enabled by setting `elasticsearch.bootstrapChecks` to `false`. +To disable worker node configuration, set `elasticsearch.configureNode` to `false`. Note that if node configuration is not enabled, then you will likely need to also disable the Elasticsearch bootstrap checks. These can be explicitly disabled by setting `elasticsearch.bootstrapChecks` to `false`. diff --git a/stable/sonarqube/templates/deployment.yaml b/stable/sonarqube/templates/deployment.yaml index 48762ac648ad..e20fa4a93eb5 100644 --- a/stable/sonarqube/templates/deployment.yaml +++ b/stable/sonarqube/templates/deployment.yaml @@ -43,8 +43,6 @@ spec: chown 999:999 -R $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins)' image: busybox:1.31 imagePullPolicy: IfNotPresent - securityContext: - privileged: true volumeMounts: - mountPath: /opt/sonarqube/temp name: sonarqube From 4f4fc0213accf2fa5ab9f5acd04f732cba6c7b64 Mon Sep 17 00:00:00 2001 From: Christian Tortorich Date: Tue, 18 Feb 2020 10:45:29 -0600 Subject: [PATCH 168/304] update PSP.yaml to reflect API changes in 1.16 (#20854) update psp.yaml and update chart version Signed-off-by: bit-herder --- stable/sealed-secrets/Chart.yaml | 2 +- stable/sealed-secrets/templates/psp.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index 42ec1dc5103b..c9d9533195be 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,6 +1,6 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.7.5 +version: 1.7.6 appVersion: 0.9.7 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets diff --git a/stable/sealed-secrets/templates/psp.yaml b/stable/sealed-secrets/templates/psp.yaml index df9d6e45b86c..c744e190e2df 100644 --- a/stable/sealed-secrets/templates/psp.yaml +++ b/stable/sealed-secrets/templates/psp.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.pspEnabled }} -apiVersion: extensions/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ template "sealed-secrets.fullname" . }} From 4de6a98d7025dbb82b7bccd62766d738d295d97b Mon Sep 17 00:00:00 2001 From: Igor Belikov Date: Tue, 18 Feb 2020 18:10:29 +0100 Subject: [PATCH 169/304] [stable/cluster-autoscaler] Deployment strategy option (#20801) Signed-off-by: Igor Belikov --- stable/cluster-autoscaler/Chart.yaml | 2 +- stable/cluster-autoscaler/README.md | 1 + stable/cluster-autoscaler/templates/deployment.yaml | 4 ++++ stable/cluster-autoscaler/values.yaml | 8 ++++++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index 1b96badc47f3..fbe468757eea 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 6.4.0 +version: 6.5.0 appVersion: 1.14.6 home: https://github.com/kubernetes/autoscaler sources: diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md index e86af693d9c3..10adaf8a5de3 100644 --- a/stable/cluster-autoscaler/README.md +++ b/stable/cluster-autoscaler/README.md @@ -176,6 +176,7 @@ Parameter | Description | Default `securityContext` | [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `nil` `containerSecurityContext` | [Security context for container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `nil` `resources` | pod resource requests & limits | `{}` +`updateStrategy` | [Deployment update strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) | `nil` `service.annotations` | annotations to add to service | none `service.externalIPs` | service external IP addresses | `[]` `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` diff --git a/stable/cluster-autoscaler/templates/deployment.yaml b/stable/cluster-autoscaler/templates/deployment.yaml index 484555cf4b13..8a92000983a7 100644 --- a/stable/cluster-autoscaler/templates/deployment.yaml +++ b/stable/cluster-autoscaler/templates/deployment.yaml @@ -194,6 +194,10 @@ spec: securityContext: {{ toYaml .Values.securityContext | nindent 8 | trim }} {{- end }} + {{- if .Values.updateStrategy }} + strategy: + {{ toYaml .Values.updateStrategy | nindent 8 | trim }} + {{- end }} {{- if eq .Values.cloudProvider "gce" }} volumes: - name: cloudconfig diff --git a/stable/cluster-autoscaler/values.yaml b/stable/cluster-autoscaler/values.yaml index cd3e19538545..aa18085cc263 100644 --- a/stable/cluster-autoscaler/values.yaml +++ b/stable/cluster-autoscaler/values.yaml @@ -147,6 +147,14 @@ priorityClassName: "" # drop: # - all +## Deployment update strategy +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# updateStrategy: +# rollingUpdate: +# maxSurge: 1 +# maxUnavailable: 0 +# type: RollingUpdate + service: annotations: {} From 912f78aede95a9df64afd5d9ae5bf0343af7dee9 Mon Sep 17 00:00:00 2001 From: Toni Tauro Date: Tue, 18 Feb 2020 18:51:28 +0100 Subject: [PATCH 170/304] [incubator/solr] Bug/fix solr requirements (#20220) * add me as maintainer of ipfs Signed-off-by: Toni Tauro * [incubator/solr] fixes #19823 Signed-off-by: Toni Tauro * [incubator/solr] bump version Signed-off-by: Toni Tauro * [incubator/solr] helm dep up to update requirements.lock Signed-off-by: Toni Tauro * [incubator/solr] helm dep up to update requirements.lock Signed-off-by: Toni Tauro * bump version of solr to 8.4.0 as this is better compatible with new version of zookeeper (3.5.5) Signed-off-by: Toni Tauro * bump chart version Signed-off-by: Toni Tauro * bump to 1.4.0 Signed-off-by: Toni Tauro --- incubator/solr/Chart.yaml | 4 ++-- incubator/solr/requirements.lock | 6 +++--- incubator/solr/requirements.yaml | 2 +- incubator/solr/values.yaml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/incubator/solr/Chart.yaml b/incubator/solr/Chart.yaml index a867890c179d..a2f8156f9b6e 100644 --- a/incubator/solr/Chart.yaml +++ b/incubator/solr/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: "v1" name: "solr" -version: "1.3.3" -appVersion: "7.7.2" +version: "1.4.0" +appVersion: "8.4.0" description: "A helm chart to install Apache Solr: http://lucene.apache.org/solr/" keywords: - "solr" diff --git a/incubator/solr/requirements.lock b/incubator/solr/requirements.lock index 15d4874562e7..fc274f412da4 100644 --- a/incubator/solr/requirements.lock +++ b/incubator/solr/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: zookeeper repository: https://kubernetes-charts-incubator.storage.googleapis.com/ - version: 1.2.2 -digest: sha256:535c0850e71490a52df2686fc1f0b3c737535388df646e1eefe1f0a76999283e -generated: 2019-02-05T15:07:14.273428Z + version: 2.1.3 +digest: sha256:ce79cf63a1284c16e6b615a3dea62e619ce99dea85419be5b46a8ee6ceec3b4e +generated: 2020-01-17T16:30:14.272428Z+02:00" diff --git a/incubator/solr/requirements.yaml b/incubator/solr/requirements.yaml index 772ceaee01fa..4bce2903697c 100644 --- a/incubator/solr/requirements.yaml +++ b/incubator/solr/requirements.yaml @@ -2,5 +2,5 @@ dependencies: - name: zookeeper - version: 1.2.2 + version: 2.1.3 repository: "https://kubernetes-charts-incubator.storage.googleapis.com/" diff --git a/incubator/solr/values.yaml b/incubator/solr/values.yaml index be637a60e7c1..cafb88cb21c8 100644 --- a/incubator/solr/values.yaml +++ b/incubator/solr/values.yaml @@ -29,7 +29,7 @@ terminationGracePeriodSeconds: 180 # Solr image settings image: repository: solr - tag: 7.7.2 + tag: 8.4.0 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From f1dea9e0a212ae61704b559406fc8c6fca023bc4 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 18 Feb 2020 20:03:29 +0100 Subject: [PATCH 171/304] [stable/nats] Release 4.3.2 updating components versions (#20852) Signed-off-by: Bitnami Containers --- stable/nats/Chart.yaml | 2 +- stable/nats/values-production.yaml | 4 ++-- stable/nats/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index 4e189930f04c..1412ae0076da 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nats -version: 4.3.1 +version: 4.3.2 appVersion: 2.1.4 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/values-production.yaml b/stable/nats/values-production.yaml index fafa6ffd3490..d60cac4f05d8 100644 --- a/stable/nats/values-production.yaml +++ b/stable/nats/values-production.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/nats - tag: 2.1.4-debian-10-r0 + tag: 2.1.4-debian-10-r15 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -306,7 +306,7 @@ metrics: image: registry: docker.io repository: bitnami/nats-exporter - tag: 0.6.0-debian-10-r5 + tag: 0.6.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/nats/values.yaml b/stable/nats/values.yaml index 113e9d4937a4..618ed50c54ce 100644 --- a/stable/nats/values.yaml +++ b/stable/nats/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/nats - tag: 2.1.4-debian-10-r0 + tag: 2.1.4-debian-10-r15 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -306,7 +306,7 @@ metrics: image: registry: docker.io repository: bitnami/nats-exporter - tag: 0.6.0-debian-10-r5 + tag: 0.6.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 269b5baa40d840a7afc15c0ae0a8dfad243dff2d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 18 Feb 2020 21:00:25 +0100 Subject: [PATCH 172/304] [stable/mariadb] Release 7.3.10 updating components versions (#20845) Signed-off-by: Bitnami Containers --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/values-production.yaml | 4 ++-- stable/mariadb/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 85343029d487..87dfdd5ca0c0 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mariadb -version: 7.3.9 +version: 7.3.10 appVersion: 10.3.22 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index 459586646e97..964ad9b5b3df 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -19,7 +19,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.3.22-debian-10-r0 + tag: 10.3.22-debian-10-r17 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -459,7 +459,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.1-debian-10-r4 + tag: 0.12.1-debian-10-r19 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 3cb9508bf7f8..d8ccf895fae1 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -19,7 +19,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.3.22-debian-10-r0 + tag: 10.3.22-debian-10-r17 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -461,7 +461,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.1-debian-10-r4 + tag: 0.12.1-debian-10-r19 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 17c9656cbc71986f3e3218193980ce96d886dfb9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 18 Feb 2020 21:00:38 +0100 Subject: [PATCH 173/304] [stable/dokuwiki] Release 6.0.8 updating components versions (#20847) Signed-off-by: Bitnami Containers --- stable/dokuwiki/Chart.yaml | 2 +- stable/dokuwiki/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/dokuwiki/Chart.yaml b/stable/dokuwiki/Chart.yaml index 90dc239767b1..6ab294a51c30 100644 --- a/stable/dokuwiki/Chart.yaml +++ b/stable/dokuwiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: dokuwiki -version: 6.0.7 +version: 6.0.8 appVersion: 0.20180422.201901061035 description: DokuWiki is a standards-compliant, simple to use wiki optimized for creating documentation. It is targeted at developer teams, workgroups, and small companies. diff --git a/stable/dokuwiki/values.yaml b/stable/dokuwiki/values.yaml index cbc605415270..e1423c630d9d 100644 --- a/stable/dokuwiki/values.yaml +++ b/stable/dokuwiki/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/dokuwiki - tag: 0.20180422.201901061035-debian-10-r6 + tag: 0.20180422.201901061035-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -193,7 +193,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r5 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From bb8b16b59d9087adcb78c927a84c8d19fc5cf5e5 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 18 Feb 2020 21:00:46 +0100 Subject: [PATCH 174/304] [stable/kubewatch] Release 1.0.6 updating components versions (#20848) Signed-off-by: Bitnami Containers --- stable/kubewatch/Chart.yaml | 2 +- stable/kubewatch/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/kubewatch/Chart.yaml b/stable/kubewatch/Chart.yaml index dbdcfb2be1ee..c56c177d2f31 100644 --- a/stable/kubewatch/Chart.yaml +++ b/stable/kubewatch/Chart.yaml @@ -1,5 +1,5 @@ name: kubewatch -version: 1.0.5 +version: 1.0.6 apiVersion: v1 appVersion: 0.0.4 home: https://github.com/bitnami-labs/kubewatch diff --git a/stable/kubewatch/values.yaml b/stable/kubewatch/values.yaml index 6781452e750e..2d7edf482818 100644 --- a/stable/kubewatch/values.yaml +++ b/stable/kubewatch/values.yaml @@ -49,7 +49,7 @@ resourcesToWatch: image: registry: docker.io repository: bitnami/kubewatch - tag: 0.0.4-debian-10-r0 + tag: 0.0.4-debian-10-r22 pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 52ef275840b95f068096539d3607e01afd84e903 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 18 Feb 2020 21:20:24 +0100 Subject: [PATCH 175/304] [stable/suitecrm] Release 8.0.7 (#20798) * [stable/suitecrm] Release 8.0.7 updating components versions Signed-off-by: Bitnami Containers * Revert changes in requirement.lock Signed-off-by: Carlos Rodriguez Hernandez --- stable/suitecrm/Chart.yaml | 4 ++-- stable/suitecrm/requirements.lock | 2 +- stable/suitecrm/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index 12a89dd9e019..6301c8a54a97 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: suitecrm -version: 8.0.6 -appVersion: 7.11.11 +version: 8.0.7 +appVersion: 7.11.12 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: - suitecrm diff --git a/stable/suitecrm/requirements.lock b/stable/suitecrm/requirements.lock index 37ab5c5e43aa..99e93056cf60 100644 --- a/stable/suitecrm/requirements.lock +++ b/stable/suitecrm/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.9 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-12T08:53:14.633374699+05:30" +generated: "2020-02-18T11:09:15.718707619Z" diff --git a/stable/suitecrm/values.yaml b/stable/suitecrm/values.yaml index a540fdf0524e..e2f9bcf22e1e 100644 --- a/stable/suitecrm/values.yaml +++ b/stable/suitecrm/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/suitecrm - tag: 7.11.11-debian-10-r0 + tag: 7.11.12-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -267,7 +267,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r14 + tag: 0.7.0-debian-10-r19 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From bbd5a0ceb9cebe20799ef9c70b4a7c06f02f2a2d Mon Sep 17 00:00:00 2001 From: Vincent Latombe Date: Tue, 18 Feb 2020 22:14:25 +0100 Subject: [PATCH 176/304] [stable/nginx-ingress] Bump nginx-ingress version to 0.29.0 (#20813) * [stable/nginx-ingress] Bump nginx-ingress version to 0.29.0 Signed-off-by: Vincent Latombe * Bump minor version Signed-off-by: Vincent Latombe --- stable/nginx-ingress/Chart.yaml | 4 ++-- stable/nginx-ingress/README.md | 2 +- stable/nginx-ingress/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index efc5ec26a4f7..b24bed09866b 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: nginx-ingress -version: 1.30.3 -appVersion: 0.28.0 +version: 1.31.0 +appVersion: 0.29.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index 104bf2346d31..42b5875e3e91 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -48,7 +48,7 @@ Parameter | Description | Default --- | --- | --- `controller.name` | name of the controller component | `controller` `controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller` -`controller.image.tag` | controller container image tag | `0.28.0` +`controller.image.tag` | controller container image tag | `0.29.0` `controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` `controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101` `controller.containerPort.http` | The port that the controller container listens on for http connections. | `80` diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index dd8b3881e57a..270a1d3b1679 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -5,7 +5,7 @@ controller: name: controller image: repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller - tag: "0.28.0" + tag: "0.29.0" pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 From 1ccfc8be4f3ca5f26b991f7e1d2eaccd9bbefadf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Tue, 18 Feb 2020 22:24:25 +0100 Subject: [PATCH 177/304] update grafana & all other docker images - updated labels (#20808) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- stable/grafana/Chart.yaml | 4 +- stable/grafana/README.md | 69 ++++++++++--------- stable/grafana/templates/_helpers.tpl | 20 ++++++ stable/grafana/templates/clusterrole.yaml | 5 +- .../grafana/templates/clusterrolebinding.yaml | 5 +- .../configmap-dashboard-provider.yaml | 5 +- stable/grafana/templates/configmap.yaml | 5 +- .../templates/dashboards-json-configmap.yaml | 5 +- stable/grafana/templates/deployment.yaml | 11 +-- .../grafana/templates/headless-service.yaml | 5 +- stable/grafana/templates/ingress.yaml | 5 +- .../templates/poddisruptionbudget.yaml | 8 +-- .../grafana/templates/podsecuritypolicy.yaml | 5 +- stable/grafana/templates/pvc.yaml | 5 +- stable/grafana/templates/role.yaml | 5 +- stable/grafana/templates/rolebinding.yaml | 5 +- stable/grafana/templates/secret-env.yaml | 5 +- stable/grafana/templates/secret.yaml | 5 +- stable/grafana/templates/service.yaml | 8 +-- stable/grafana/templates/serviceaccount.yaml | 5 +- stable/grafana/templates/statefulset.yaml | 11 +-- .../templates/tests/test-configmap.yaml | 7 +- .../tests/test-podsecuritypolicy.yaml | 5 +- stable/grafana/templates/tests/test-role.yaml | 5 +- .../templates/tests/test-rolebinding.yaml | 5 +- .../templates/tests/test-serviceaccount.yaml | 5 +- stable/grafana/templates/tests/test.yaml | 24 +------ stable/grafana/values.yaml | 14 ++-- 28 files changed, 99 insertions(+), 167 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 247c13cfc8ff..7c31b8889c3d 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: grafana -version: 4.6.3 -appVersion: 6.6.0 +version: 5.0.0 +appVersion: 6.6.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 12d8c4811caf..059111ccefa7 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -35,20 +35,24 @@ incompatible breaking change needing manual actions. This version requires Helm >= 2.12.0. +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + ## Configuration | Parameter | Description | Default | |-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| | `replicas` | Number of nodes | `1` | -| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | -| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | | `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | | `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | | `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| | `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` | | `priorityClassName` | Name of Priority Class to assign pods | `nil` | | `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Image tag (`Must be >= 5.0.0`) | `6.5.2` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `6.6.1` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `{}` | | `service.type` | Kubernetes service type | `ClusterIP` | @@ -73,11 +77,11 @@ This version requires Helm >= 2.12.0. | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | -| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | -| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | | `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | | `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | | `persistence.size` | Size of persistent volume claim | `10Gi` | | `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | | `persistence.storageClassName` | Type of persistent volume claim | `nil` | @@ -97,28 +101,28 @@ This version requires Helm >= 2.12.0. | `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | -| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | -| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | | `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | -| `notifiers` | Configure grafana notifiers | `{}` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | | `dashboardProviders` | Configure grafana dashboard providers | `{}` | | `dashboards` | Dashboards to import | `{}` | | `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | | `grafana.ini` | Grafana's primary configuration | `{}` | | `ldap.enabled` | Enable LDAP authentication | `false` | | `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config ` | Grafana's LDAP configuration | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | | `annotations` | Deployment annotations | `{}` | | `labels` | Deployment labels | `{}` | | `podAnnotations` | Pod annotations | `{}` | | `podLabels` | Pod labels | `{}` | | `podPortName` | Name of the grafana port on the pod | `grafana` | -| `sidecar.image` | Sidecar image | `kiwigrid/k8s-sidecar:0.1.75` | +| `sidecar.image` | Sidecar image | `kiwigrid/k8s-sidecar:0.1.99` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | | `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | | `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | | `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | @@ -126,10 +130,10 @@ This version requires Helm >= 2.12.0. | `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | | `sidecar.dashboards.provider.type` | Provider type | `file` | | `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | | `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | -| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | -| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | | `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | | `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | @@ -140,24 +144,26 @@ This version requires Helm >= 2.12.0. | `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | | `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | | `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.annotations` | ServiceAccount annotations | -| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | | `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | | `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | -| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.create` | Create and use RBAC resources | `true` | | `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | -| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | -| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | -| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | -| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | -| `command` | Define command to be executed by grafana container at startup | `nil` | -| `testFramework.enabled` | Whether to create test-related resources | `true` | -| `testFramework.image` | `test-framework` image repository. | `dduportal/bats` | -| `testFramework.tag` | `test-framework` image tag. | `0.4.0` | -| `testFramework.securityContext` | `test-framework` securityContext | `{}` | -| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | - +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.68.0` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | ### Example of extraVolumeMounts @@ -312,3 +318,4 @@ stringData: editable: false ``` + diff --git a/stable/grafana/templates/_helpers.tpl b/stable/grafana/templates/_helpers.tpl index 8a90064561a3..6b08bd1af43e 100644 --- a/stable/grafana/templates/_helpers.tpl +++ b/stable/grafana/templates/_helpers.tpl @@ -60,3 +60,23 @@ Allow the release namespace to be overridden for multi-namespace deployments in {{- .Release.Namespace -}} {{- end -}} {{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/stable/grafana/templates/clusterrole.yaml b/stable/grafana/templates/clusterrole.yaml index d14128001bd6..b3ef6ab3bf20 100644 --- a/stable/grafana/templates/clusterrole.yaml +++ b/stable/grafana/templates/clusterrole.yaml @@ -3,10 +3,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/clusterrolebinding.yaml b/stable/grafana/templates/clusterrolebinding.yaml index 61e8110ca3d4..8ee08b2aa97e 100644 --- a/stable/grafana/templates/clusterrolebinding.yaml +++ b/stable/grafana/templates/clusterrolebinding.yaml @@ -4,10 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "grafana.fullname" . }}-clusterrolebinding labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/configmap-dashboard-provider.yaml b/stable/grafana/templates/configmap-dashboard-provider.yaml index 356a8bce3872..af5d464b6886 100644 --- a/stable/grafana/templates/configmap-dashboard-provider.yaml +++ b/stable/grafana/templates/configmap-dashboard-provider.yaml @@ -3,10 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/configmap.yaml b/stable/grafana/templates/configmap.yaml index e5dd9179b032..00c69572746a 100644 --- a/stable/grafana/templates/configmap.yaml +++ b/stable/grafana/templates/configmap.yaml @@ -4,10 +4,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} data: {{- if .Values.plugins }} plugins: {{ join "," .Values.plugins }} diff --git a/stable/grafana/templates/dashboards-json-configmap.yaml b/stable/grafana/templates/dashboards-json-configmap.yaml index afc59bfe4215..59e0be64157b 100644 --- a/stable/grafana/templates/dashboards-json-configmap.yaml +++ b/stable/grafana/templates/dashboards-json-configmap.yaml @@ -7,10 +7,7 @@ metadata: name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} namespace: {{ template "grafana.namespace" $ }} labels: - app: {{ template "grafana.name" $ }} - chart: {{ template "grafana.chart" $ }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} + {{- include "grafana.labels" $ | nindent 4 }} dashboard-provider: {{ $provider }} {{- if $dashboards }} data: diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index fcd08f4ac959..27a4b76d4747 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- if .Values.labels }} {{ toYaml .Values.labels | indent 4 }} {{- end }} @@ -20,8 +17,7 @@ spec: replicas: {{ .Values.replicas }} selector: matchLabels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} + {{- include "grafana.selectorLabels" . | nindent 6 }} {{- with .Values.deploymentStrategy }} strategy: {{ toYaml . | trim | indent 4 }} @@ -29,8 +25,7 @@ spec: template: metadata: labels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} + {{- include "grafana.selectorLabels" . | nindent 8 }} {{- with .Values.podLabels }} {{ toYaml . | indent 8 }} {{- end }} diff --git a/stable/grafana/templates/headless-service.yaml b/stable/grafana/templates/headless-service.yaml index 7667b55468f0..9812d6f646b5 100644 --- a/stable/grafana/templates/headless-service.yaml +++ b/stable/grafana/templates/headless-service.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }}-headless namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/ingress.yaml b/stable/grafana/templates/ingress.yaml index 5abfcbfe27b0..fe1695a6d4f4 100644 --- a/stable/grafana/templates/ingress.yaml +++ b/stable/grafana/templates/ingress.yaml @@ -9,10 +9,7 @@ metadata: name: {{ $fullName }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- if .Values.ingress.labels }} {{ toYaml .Values.ingress.labels | indent 4 }} {{- end }} diff --git a/stable/grafana/templates/poddisruptionbudget.yaml b/stable/grafana/templates/poddisruptionbudget.yaml index 05f657d7ef5d..d6f230a8f25d 100644 --- a/stable/grafana/templates/poddisruptionbudget.yaml +++ b/stable/grafana/templates/poddisruptionbudget.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.name" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- if .Values.labels }} {{ toYaml .Values.labels | indent 4 }} {{- end }} @@ -21,6 +18,5 @@ spec: {{- end }} selector: matchLabels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} + {{- include "grafana.selectorLabels" . | nindent 6 }} {{- end }} diff --git a/stable/grafana/templates/podsecuritypolicy.yaml b/stable/grafana/templates/podsecuritypolicy.yaml index 7c99137feebf..c5e6ba05eadd 100644 --- a/stable/grafana/templates/podsecuritypolicy.yaml +++ b/stable/grafana/templates/podsecuritypolicy.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' diff --git a/stable/grafana/templates/pvc.yaml b/stable/grafana/templates/pvc.yaml index f50b2f099086..90d5477d6cd3 100644 --- a/stable/grafana/templates/pvc.yaml +++ b/stable/grafana/templates/pvc.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.persistence.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/role.yaml b/stable/grafana/templates/role.yaml index 65f551f60b55..c95c1d042411 100644 --- a/stable/grafana/templates/role.yaml +++ b/stable/grafana/templates/role.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/rolebinding.yaml b/stable/grafana/templates/rolebinding.yaml index a47795fcb2ed..c42229bf9254 100644 --- a/stable/grafana/templates/rolebinding.yaml +++ b/stable/grafana/templates/rolebinding.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/secret-env.yaml b/stable/grafana/templates/secret-env.yaml index 4c47fdac01dc..5c09313e665d 100644 --- a/stable/grafana/templates/secret-env.yaml +++ b/stable/grafana/templates/secret-env.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }}-env namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} type: Opaque data: {{- range $key, $val := .Values.envRenderSecret }} diff --git a/stable/grafana/templates/secret.yaml b/stable/grafana/templates/secret.yaml index 2b1126cae01c..f7ee9956b3ca 100644 --- a/stable/grafana/templates/secret.yaml +++ b/stable/grafana/templates/secret.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} type: Opaque data: admin-user: {{ .Values.adminUser | b64enc | quote }} diff --git a/stable/grafana/templates/service.yaml b/stable/grafana/templates/service.yaml index 70cc6639e5f4..e06c27df32a6 100644 --- a/stable/grafana/templates/service.yaml +++ b/stable/grafana/templates/service.yaml @@ -4,10 +4,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- if .Values.service.labels }} {{ toYaml .Values.service.labels | indent 4 }} {{- end }} @@ -46,5 +43,4 @@ spec: nodePort: {{.Values.service.nodePort}} {{ end }} selector: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} + {{- include "grafana.selectorLabels" . | nindent 4 }} diff --git a/stable/grafana/templates/serviceaccount.yaml b/stable/grafana/templates/serviceaccount.yaml index ba1d3692edf6..7576eeef064b 100644 --- a/stable/grafana/templates/serviceaccount.yaml +++ b/stable/grafana/templates/serviceaccount.yaml @@ -3,10 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/grafana/templates/statefulset.yaml b/stable/grafana/templates/statefulset.yaml index a24c5f7bccd2..afc26b7c2f54 100644 --- a/stable/grafana/templates/statefulset.yaml +++ b/stable/grafana/templates/statefulset.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }} namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ template "grafana.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "grafana.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{ toYaml . | indent 4 }} @@ -17,14 +14,12 @@ spec: replicas: {{ .Values.replicas }} selector: matchLabels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} + {{- include "grafana.selectorLabels" . | nindent 6 }} serviceName: {{ template "grafana.fullname" . }}-headless template: metadata: labels: - app: {{ template "grafana.name" . }} - release: {{ .Release.Name }} + {{- include "grafana.selectorLabels" . | nindent 8 }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} diff --git a/stable/grafana/templates/tests/test-configmap.yaml b/stable/grafana/templates/tests/test-configmap.yaml index 60a22eb9e65a..ff53aaf1b36d 100644 --- a/stable/grafana/templates/tests/test-configmap.yaml +++ b/stable/grafana/templates/tests/test-configmap.yaml @@ -5,16 +5,13 @@ metadata: name: {{ template "grafana.fullname" . }}-test namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" + {{- include "grafana.labels" . | nindent 4 }} data: run.sh: |- @test "Test Health" { url="http://{{ template "grafana.fullname" . }}/api/health" - code=$(curl -s -o /dev/null -I -w "%{http_code}" $url) + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') [ "$code" == "200" ] } {{- end }} diff --git a/stable/grafana/templates/tests/test-podsecuritypolicy.yaml b/stable/grafana/templates/tests/test-podsecuritypolicy.yaml index 0e12c7046eeb..eb5cbbcd7013 100644 --- a/stable/grafana/templates/tests/test-podsecuritypolicy.yaml +++ b/stable/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }}-test namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} spec: allowPrivilegeEscalation: true privileged: false diff --git a/stable/grafana/templates/tests/test-role.yaml b/stable/grafana/templates/tests/test-role.yaml index 7a443f440266..6b10677ae768 100644 --- a/stable/grafana/templates/tests/test-role.yaml +++ b/stable/grafana/templates/tests/test-role.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }}-test namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} rules: - apiGroups: ['policy'] resources: ['podsecuritypolicies'] diff --git a/stable/grafana/templates/tests/test-rolebinding.yaml b/stable/grafana/templates/tests/test-rolebinding.yaml index fa9906655e32..58fa5e78b569 100644 --- a/stable/grafana/templates/tests/test-rolebinding.yaml +++ b/stable/grafana/templates/tests/test-rolebinding.yaml @@ -5,10 +5,7 @@ metadata: name: {{ template "grafana.fullname" . }}-test namespace: {{ template "grafana.namespace" . }} labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/stable/grafana/templates/tests/test-serviceaccount.yaml b/stable/grafana/templates/tests/test-serviceaccount.yaml index 574f7391e1ab..5c3350733710 100644 --- a/stable/grafana/templates/tests/test-serviceaccount.yaml +++ b/stable/grafana/templates/tests/test-serviceaccount.yaml @@ -3,10 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app: {{ template "grafana.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "grafana.labels" . | nindent 4 }} name: {{ template "grafana.serviceAccountNameTest" . }} namespace: {{ template "grafana.namespace" . }} {{- end }} diff --git a/stable/grafana/templates/tests/test.yaml b/stable/grafana/templates/tests/test.yaml index 997d2f9590e2..7b2475c62c98 100644 --- a/stable/grafana/templates/tests/test.yaml +++ b/stable/grafana/templates/tests/test.yaml @@ -4,10 +4,7 @@ kind: Pod metadata: name: {{ template "grafana.fullname" . }}-test labels: - app: {{ template "grafana.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" + {{- include "grafana.labels" . | nindent 4 }} annotations: "helm.sh/hook": test-success namespace: {{ template "grafana.namespace" . }} @@ -16,19 +13,6 @@ spec: {{- if .Values.testFramework.securityContext }} securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} {{- end }} - initContainers: - - name: test-framework - image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" - command: - - "bash" - - "-c" - - | - set -ex - # copy bats to tools dir - cp -R /usr/local/libexec/ /tools/bats/ - volumeMounts: - - mountPath: /tools - name: tools {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -50,18 +34,14 @@ spec: containers: - name: {{ .Release.Name }}-test image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" - command: ["/tools/bats/bats", "-t", "/tests/run.sh"] + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] volumeMounts: - mountPath: /tests name: tests readOnly: true - - mountPath: /tools - name: tools volumes: - name: tests configMap: name: {{ template "grafana.fullname" . }}-test - - name: tools - emptyDir: {} restartPolicy: Never {{- end }} diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index 809047f531e7..181df0926964 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -50,7 +50,7 @@ livenessProbe: image: repository: grafana/grafana - tag: 6.6.0 + tag: 6.6.1 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -62,8 +62,8 @@ image: testFramework: enabled: true - image: "dduportal/bats" - tag: "0.4.0" + image: "bats/bats" + tag: "v1.1.0" securityContext: {} securityContext: @@ -88,8 +88,8 @@ extraEmptyDirMounts: [] # priorityClassName: downloadDashboardsImage: - repository: appropriate/curl - tag: latest + repository: curlimages/curl + tag: 7.68.0 pullPolicy: IfNotPresent downloadDashboards: @@ -207,7 +207,7 @@ initChownData: ## image: repository: busybox - tag: "1.30" + tag: "1.31.1" pullPolicy: IfNotPresent ## initChownData resource requests and limits @@ -429,7 +429,7 @@ smtp: ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: - image: kiwigrid/k8s-sidecar:0.1.75 + image: kiwigrid/k8s-sidecar:0.1.99 imagePullPolicy: IfNotPresent resources: {} # limits: From 6ad9947c2863fc3f52c08902b279649c48127020 Mon Sep 17 00:00:00 2001 From: Corey Zuares Date: Tue, 18 Feb 2020 16:42:24 -0500 Subject: [PATCH 178/304] Use tpl for labels/annotations (#20644) Signed-off-by: Corey Zuares --- stable/rabbitmq-ha/Chart.yaml | 2 +- stable/rabbitmq-ha/README.md | 4 ++++ stable/rabbitmq-ha/templates/service.yaml | 2 +- stable/rabbitmq-ha/templates/statefulset.yaml | 6 +++--- stable/rabbitmq-ha/values.yaml | 1 + 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/stable/rabbitmq-ha/Chart.yaml b/stable/rabbitmq-ha/Chart.yaml index 4ff6e6d7b251..dc548b334f25 100644 --- a/stable/rabbitmq-ha/Chart.yaml +++ b/stable/rabbitmq-ha/Chart.yaml @@ -1,7 +1,7 @@ name: rabbitmq-ha apiVersion: v1 appVersion: 3.8.0 -version: 1.39.0 +version: 1.40.0 description: Highly available RabbitMQ cluster, the open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). keywords: diff --git a/stable/rabbitmq-ha/README.md b/stable/rabbitmq-ha/README.md index 1b636ff55b35..d486af2d2bf4 100644 --- a/stable/rabbitmq-ha/README.md +++ b/stable/rabbitmq-ha/README.md @@ -94,6 +94,7 @@ and their default values. | `nodeSelector` | Node labels for pod assignment | `{}` | | `persistentVolume.accessMode` | Persistent volume access modes | `[ReadWriteOnce]` | | `persistentVolume.annotations` | Persistent volume annotations | `{}` | +| `persistentVolume.labels` | Persistent volume labels | `{}` | | `persistentVolume.enabled` | If `true`, persistent volume claims are created | `false` | | `persistentVolume.name` | Persistent volume name | `data` | | `persistentVolume.size` | Persistent volume size | `8Gi` | @@ -279,3 +280,6 @@ The `tpl` function allows us to pass values from `values.yaml` through the templ * `extraContainers` * `extraInitContainers` +* `persistentVolume.annotations` +* `persistentVolume.labels` +* `service.annotations` diff --git a/stable/rabbitmq-ha/templates/service.yaml b/stable/rabbitmq-ha/templates/service.yaml index 0db8de4f2b6f..12626285c20d 100644 --- a/stable/rabbitmq-ha/templates/service.yaml +++ b/stable/rabbitmq-ha/templates/service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: {{- if .Values.service.annotations }} annotations: -{{ toYaml .Values.service.annotations | indent 4 }} +{{ tpl (toYaml .Values.service.annotations) . | indent 4 }} {{- end }} name: {{ template "rabbitmq-ha.fullname" . }} namespace: {{ .Release.Namespace }} diff --git a/stable/rabbitmq-ha/templates/statefulset.yaml b/stable/rabbitmq-ha/templates/statefulset.yaml index 478fd398cf54..08f6c8a91b8f 100644 --- a/stable/rabbitmq-ha/templates/statefulset.yaml +++ b/stable/rabbitmq-ha/templates/statefulset.yaml @@ -322,9 +322,9 @@ spec: - metadata: name: {{ .Values.persistentVolume.name }} annotations: - {{- range $key, $value := .Values.persistentVolume.annotations }} - {{ $key }}: {{ $value }} - {{- end }} +{{ tpl (toYaml .Values.persistentVolume.annotations) . | indent 10 }} + labels: +{{ tpl (toYaml .Values.persistentVolume.labels) . | indent 10 }} spec: accessModes: {{- range .Values.persistentVolume.accessModes }} diff --git a/stable/rabbitmq-ha/values.yaml b/stable/rabbitmq-ha/values.yaml index bece51edf1b8..278a44f79e98 100644 --- a/stable/rabbitmq-ha/values.yaml +++ b/stable/rabbitmq-ha/values.yaml @@ -395,6 +395,7 @@ persistentVolume: - ReadWriteOnce size: 8Gi annotations: {} + labels: {} ## Node labels for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector From bfddd23f2fa6c1873a5e20467e443a0bb7ffc3be Mon Sep 17 00:00:00 2001 From: Jeff Wenzbauer Date: Tue, 18 Feb 2020 18:38:24 -0700 Subject: [PATCH 179/304] [stable/redis-ha]: added ability to specify exporter lua script (#20695) * feat: redis-ha: added ability to specify exporter lua script Signed-off-by: jwenz723 * Update stable/redis-ha/README.md Co-Authored-By: Aaron Layfield Signed-off-by: jwenz723 * updated exporter script configuration to create the cm Signed-off-by: jwenz723 Co-authored-by: Aaron Layfield --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/README.md | 1 + .../redis-ha-exporter-script-configmap.yaml | 11 ++++++++ .../templates/redis-ha-statefulset.yaml | 17 +++++++++++++ stable/redis-ha/values.yaml | 25 +++++++++++++++++++ 5 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 stable/redis-ha/templates/redis-ha-exporter-script-configmap.yaml diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index 7b5afe702385..38a10b1f7013 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -6,7 +6,7 @@ keywords: - redis - keyvalue - database -version: 4.3.3 +version: 4.3.4 appVersion: 5.0.6 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/README.md b/stable/redis-ha/README.md index f997b112e03d..04b06c948913 100644 --- a/stable/redis-ha/README.md +++ b/stable/redis-ha/README.md @@ -93,6 +93,7 @@ The following table lists the configurable parameters of the Redis chart and the | `exporter.port` | Exporter port | `9121` | | `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | | `exporter.extraArgs` | Additional args for the exporter | `{}` | +| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | | | `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | | `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` | | `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | diff --git a/stable/redis-ha/templates/redis-ha-exporter-script-configmap.yaml b/stable/redis-ha/templates/redis-ha-exporter-script-configmap.yaml new file mode 100644 index 000000000000..b9dc79c69baf --- /dev/null +++ b/stable/redis-ha/templates/redis-ha-exporter-script-configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.exporter.script }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap + namespace: {{ .Release.Namespace }} + labels: +{{ include "labels.standard" . | indent 4 }} +data: + script: {{ toYaml .Values.exporter.script | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index 5017b91178b9..32638cfdd927 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -237,6 +237,10 @@ spec: {{- end }} key: {{ .Values.authKey }} {{- end }} + {{- if .Values.exporter.script }} + - name: REDIS_EXPORTER_SCRIPT + value: /script/script.lua + {{- end }} livenessProbe: httpGet: path: {{ .Values.exporter.scrapePath }} @@ -249,6 +253,11 @@ spec: ports: - name: exporter-port containerPort: {{ .Values.exporter.port }} + {{- if .Values.exporter.script }} + volumeMounts: + - mountPath: /script + name: script-mount + {{- end }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} @@ -262,6 +271,14 @@ spec: hostPath: path: /sys {{- end }} + {{- if .Values.exporter.script }} + - name: script-mount + configMap: + name: {{ template "redis-ha.fullname" . }}-exporter-script-configmap + items: + - key: script + path: script.lua + {{- end }} {{- if .Values.persistentVolume.enabled }} volumeClaimTemplates: - metadata: diff --git a/stable/redis-ha/values.yaml b/stable/redis-ha/values.yaml index d105f0bfff3b..1672d52aa3a8 100644 --- a/stable/redis-ha/values.yaml +++ b/stable/redis-ha/values.yaml @@ -259,6 +259,31 @@ exporter: # Additional args for redis exporter extraArgs: {} + # Used to mount a LUA-Script via config map and use it for metrics-collection + # script: | + # -- Example script copied from: https://github.com/oliver006/redis_exporter/blob/master/contrib/sample_collect_script.lua + # -- Example collect script for -script option + # -- This returns a Lua table with alternating keys and values. + # -- Both keys and values must be strings, similar to a HGETALL result. + # -- More info about Redis Lua scripting: https://redis.io/commands/eval + # + # local result = {} + # + # -- Add all keys and values from some hash in db 5 + # redis.call("SELECT", 5) + # local r = redis.call("HGETALL", "some-hash-with-stats") + # if r ~= nil then + # for _,v in ipairs(r) do + # table.insert(result, v) -- alternating keys and values + # end + # end + # + # -- Set foo to 42 + # table.insert(result, "foo") + # table.insert(result, "42") -- note the string, use tostring() if needed + # + # return result + serviceMonitor: # When set true then use a ServiceMonitor to configure scraping enabled: false From c1ee20241f3394b785096778053a95589749f0b0 Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Wed, 19 Feb 2020 03:22:25 +0100 Subject: [PATCH 180/304] [hotfix] Add {} after annotations tag to remove annotations warning (#20836) Signed-off-by: Luca Prete --- stable/metabase/Chart.yaml | 2 +- stable/metabase/README.md | 2 +- stable/metabase/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 3b2849e91d51..633bc816aaa8 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.10.3 +version: 0.10.4 appVersion: v0.34.0 maintainers: - name: pmint93 diff --git a/stable/metabase/README.md b/stable/metabase/README.md index 44b580e3ae81..dab13c652fbe 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -90,7 +90,7 @@ The following table lists the configurable parameters of the Metabase chart and | ingress.hosts | Ingress resource hostnames | null | | ingress.path | Ingress path | / | | ingress.labels | Ingress labels configuration | null | -| ingress.annotations | Ingress annotations configuration | null | +| ingress.annotations | Ingress annotations configuration | {} | | ingress.tls | Ingress TLS configuration | null | | log4jProperties | Custom `log4j.properties` file | null | | resources | Server resource requests and limits | {} | diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index 44e7bbca4e3e..a389d2558384 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -78,7 +78,7 @@ service: type: ClusterIP externalPort: 80 internalPort: 3000 - annotations: + annotations: {} # Used to add custom annotations to the Service. # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" ingress: @@ -92,7 +92,7 @@ ingress: # Used to add custom labels to the Ingress # Useful if for example you have multiple Ingress controllers and want your Ingress controllers to bind to specific Ingresses # traffic: internal - annotations: + annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" tls: From e66967b67c5ba3812494b32d7b8b4dcf5e7caf46 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 18 Feb 2020 22:26:25 -0800 Subject: [PATCH 181/304] [stable/anchore-engine] bump enterprise image to v0.6.2 (#20856) * bump enterprise image to v0.6.2 Signed-off-by: Brady Todhunter * bump chart version Signed-off-by: Brady Todhunter --- stable/anchore-engine/Chart.yaml | 2 +- stable/anchore-engine/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml index 853ab67717a6..7d6005adbab9 100644 --- a/stable/anchore-engine/Chart.yaml +++ b/stable/anchore-engine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: anchore-engine -version: 1.4.3 +version: 1.4.4 appVersion: 0.6.1 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml index 7c03da697a1c..a58c8da2cac9 100644 --- a/stable/anchore-engine/values.yaml +++ b/stable/anchore-engine/values.yaml @@ -481,7 +481,7 @@ anchoreEnterpriseGlobal: # Create this secret with the following command - kubectl create secret generic anchore-license --from-file=license.yaml= licenseSecretName: anchore-enterprise-license - image: docker.io/anchore/enterprise:v0.6.1 + image: docker.io/anchore/enterprise:v0.6.2 imagePullPolicy: IfNotPresent # Name of the kubernetes secret containing your dockerhub creds with access to the anchore enterprise images. # Create this secret with the following command - kubectl create secret docker-registry anchore-dockerhub-creds --docker-server=docker.io --docker-username= --docker-password= --docker-email= From ddfac840ab00c8ed5c38e3b7ba1b9b8a2f5949c7 Mon Sep 17 00:00:00 2001 From: Mathew Wicks Date: Wed, 19 Feb 2020 18:24:25 +1100 Subject: [PATCH 182/304] [stable/airflow] improve git-sync.sh (#20335) This fixes a crash as git pull will not always succeed (as in the case of a detached HEAD from forced commit). Additionally, this will remove any files that have been added to the DAG folder, which is a good security practice for Airflow. Signed-off-by: Mathew Wicks --- stable/airflow/Chart.yaml | 2 +- stable/airflow/templates/configmap-git-clone.yaml | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 026cac79e7c8..8aa3e195d78c 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 6.0.1 +version: 6.0.2 appVersion: 1.10.4 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/configmap-git-clone.yaml b/stable/airflow/templates/configmap-git-clone.yaml index fc02b1e19ed1..40ed107a1f22 100644 --- a/stable/airflow/templates/configmap-git-clone.yaml +++ b/stable/airflow/templates/configmap-git-clone.yaml @@ -45,4 +45,10 @@ data: git clone $REPO -b $REF $DIR {{- end }} cd $DIR - while true; do git pull; date; sleep $SYNC_TIME; done + while true; do + git fetch origin $REF; + git reset --hard origin/$REF; + git clean -fd; + date; + sleep $SYNC_TIME; + done From 25e25b311fd6706aa9420074605898fd6a358982 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20=C3=81ngel=20Cabrera=20Mi=C3=B1agorri?= Date: Wed, 19 Feb 2020 09:36:24 +0100 Subject: [PATCH 183/304] [stable/moodle] Fix mariadb accessMode (#20834) Signed-off-by: Miguel A. Cabrera Minagorri --- stable/moodle/Chart.yaml | 2 +- stable/moodle/README.md | 2 +- stable/moodle/values.yaml | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index 6f9c7a7e4196..3f222156d870 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: moodle -version: 7.1.1 +version: 7.2.0 appVersion: 3.8.1 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/README.md b/stable/moodle/README.md index 420e4f78be73..cbe5d3013147 100644 --- a/stable/moodle/README.md +++ b/stable/moodle/README.md @@ -106,7 +106,7 @@ The following table lists the configurable parameters of the Moodle chart and th | `mariadb.rootUser.password` | MariaDB admin password | `nil` | | `mariadb.master.persistence.enabled` | Enable MariaDB persistence using PVC | `true` | | `mariadb.master.persistence.storageClass` | PVC Storage Class for MariaDB volume | `generic` | -| `mariadb.master.persistence.accessMode` | PVC Access Mode for MariaDB volume | `ReadWriteOnce` | +| `mariadb.master.persistence.accessModes` | PVC Access Mode for MariaDB volume | [`ReadWriteOnce`] | | `mariadb.master.persistence.size` | PVC Storage Request for MariaDB volume | `8Gi` | | `mariadb.master.persistence.existingClaim` | If PVC exists&bounded for MariaDB | `nil` (when nil, new one is requested) | | `mariadb.affinity` | Set affinity for the MariaDB pods | `nil` | diff --git a/stable/moodle/values.yaml b/stable/moodle/values.yaml index ab28c2625ce0..9a0472716d29 100644 --- a/stable/moodle/values.yaml +++ b/stable/moodle/values.yaml @@ -128,7 +128,8 @@ mariadb: ## GKE, AWS & OpenStack) ## # storageClass: "-" - accessMode: ReadWriteOnce + accessModes: + - ReadWriteOnce size: 8Gi From fd006eb5ac2d82769a388ff5d897d3c7028aa2ac Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 19 Feb 2020 11:06:25 +0100 Subject: [PATCH 184/304] [stable/phpmyadmin] Allow disabling default annotations (#20869) * [stable/phpmyadmin] Allow disabling default annotations Signed-off-by: juan131 * Fix README.md Signed-off-by: juan131 * Fix annotation Signed-off-by: juan131 --- stable/phpmyadmin/Chart.yaml | 2 +- stable/phpmyadmin/README.md | 3 ++- stable/phpmyadmin/templates/_helpers.tpl | 12 ++++++++++++ stable/phpmyadmin/templates/ingress.yaml | 8 ++++++-- stable/phpmyadmin/values.yaml | 21 ++++++++++++--------- 5 files changed, 33 insertions(+), 13 deletions(-) diff --git a/stable/phpmyadmin/Chart.yaml b/stable/phpmyadmin/Chart.yaml index a24416249ce0..b3fd8d34540e 100644 --- a/stable/phpmyadmin/Chart.yaml +++ b/stable/phpmyadmin/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpmyadmin -version: 4.2.12 +version: 4.3.0 appVersion: 5.0.1 description: phpMyAdmin is an mysql administration frontend keywords: diff --git a/stable/phpmyadmin/README.md b/stable/phpmyadmin/README.md index d31721506d77..93d0d265ee90 100644 --- a/stable/phpmyadmin/README.md +++ b/stable/phpmyadmin/README.md @@ -69,7 +69,8 @@ The following table lists the configurable parameters of the phpMyAdmin chart an | `db.ssl.verify` | Enable SSL certificate validation | `true` | | `ingress.enabled` | Enable ingress controller resource | `false` | | `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.annotations` | Ingress annotations | `{ingress.kubernetes.io/rewrite-target: /, nginx.ingress.kubernetes.io/rewrite-target: /}` | +| `ingress.rewriteTarget` | Add annotations to redirect traffic to `/` | `true` | +| `ingress.annotations` | Ingress annotations | `{}` | | `ingress.hosts[0].name` | Hostname to your PHPMyAdmin installation | `phpmyadmin.local` | | `ingress.hosts[0].path` | Path within the url structure | `/` | | `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | diff --git a/stable/phpmyadmin/templates/_helpers.tpl b/stable/phpmyadmin/templates/_helpers.tpl index ea6e506a3fc8..bd6ded0f56e1 100644 --- a/stable/phpmyadmin/templates/_helpers.tpl +++ b/stable/phpmyadmin/templates/_helpers.tpl @@ -128,6 +128,18 @@ imagePullSecrets: {{- end -}} {{- end -}} +{{/* +Renders a value that contains template. +Usage: +{{ include "phpmyadmin.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "phpmyadmin.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} {{/* Compile all warnings into a single message, and call fail. diff --git a/stable/phpmyadmin/templates/ingress.yaml b/stable/phpmyadmin/templates/ingress.yaml index 2f9e2b7a6ff7..49b36d8fbe63 100644 --- a/stable/phpmyadmin/templates/ingress.yaml +++ b/stable/phpmyadmin/templates/ingress.yaml @@ -12,8 +12,12 @@ metadata: {{- if .Values.ingress.certManager }} kubernetes.io/tls-acme: "true" {{- end }} - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} + {{- if .Values.ingress.rewriteTarget }} + ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "phpmyadmin.tplValue" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} {{- end }} spec: rules: diff --git a/stable/phpmyadmin/values.yaml b/stable/phpmyadmin/values.yaml index d2b01b9328c4..41c68be43633 100644 --- a/stable/phpmyadmin/values.yaml +++ b/stable/phpmyadmin/values.yaml @@ -79,22 +79,25 @@ db: verify: true ingress: - ## Set to true to enable ingress record generation + ## Set this to true to enable ingress record generation ## enabled: false ## Set this to true in order to add the corresponding annotations for cert-manager + ## certManager: false - ## Ingress annotations done as key:value pairs - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Set this to true in order to add the corresponding annotations to redirect traffic to / + ## + rewriteTarget: true + + ## Additional Ingress annotations done as key:value pairs + ## Example: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## kubernetes.io/tls-acme: "true" ## - annotations: - ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/rewrite-target: / - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + # annotations ## The list of hostnames to be covered with this ingress record. ## Most likely this will be just one host, but in the event more hosts are needed, this is an array From 1ffd255944634140bc707392080823ac8e4001e0 Mon Sep 17 00:00:00 2001 From: slimm609 Date: Wed, 19 Feb 2020 05:38:25 -0500 Subject: [PATCH 185/304] [stable/prometheus-operator] Remove Duplicate Annotations from CRDs (#20544) (#20545) * remove duplicate CRDs from annotations on prometheus-operator. Signed-off-by: Brian Davis Signed-off-by: Brian Davis --- stable/prometheus-operator/Chart.yaml | 4 ++-- stable/prometheus-operator/crds/crd-alertmanager.yaml | 3 +-- stable/prometheus-operator/crds/crd-podmonitor.yaml | 3 +-- stable/prometheus-operator/crds/crd-prometheus.yaml | 3 +-- stable/prometheus-operator/crds/crd-prometheusrules.yaml | 3 +-- stable/prometheus-operator/crds/crd-servicemonitor.yaml | 3 +-- 6 files changed, 7 insertions(+), 12 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 01c6835bb49b..7c4436e586eb 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -12,8 +12,8 @@ sources: - https://github.com/coreos/kube-prometheus - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 8.7.0 -appVersion: 0.35.0 +version: 8.8.0 +appVersion: 0.36.0 tillerVersion: ">=2.12.0" home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/crds/crd-alertmanager.yaml b/stable/prometheus-operator/crds/crd-alertmanager.yaml index ca36289d630f..72d22899a128 100644 --- a/stable/prometheus-operator/crds/crd-alertmanager.yaml +++ b/stable/prometheus-operator/crds/crd-alertmanager.yaml @@ -4,10 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 + helm.sh/hook: crd-install creationTimestamp: null name: alertmanagers.monitoring.coreos.com - annotations: - "helm.sh/hook": crd-install spec: group: monitoring.coreos.com names: diff --git a/stable/prometheus-operator/crds/crd-podmonitor.yaml b/stable/prometheus-operator/crds/crd-podmonitor.yaml index 02dcb7fc3e82..6ce239cf2c7d 100644 --- a/stable/prometheus-operator/crds/crd-podmonitor.yaml +++ b/stable/prometheus-operator/crds/crd-podmonitor.yaml @@ -4,10 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 + helm.sh/hook: crd-install creationTimestamp: null name: podmonitors.monitoring.coreos.com - annotations: - "helm.sh/hook": crd-install spec: group: monitoring.coreos.com names: diff --git a/stable/prometheus-operator/crds/crd-prometheus.yaml b/stable/prometheus-operator/crds/crd-prometheus.yaml index 971427739dcd..0c08c659f64c 100644 --- a/stable/prometheus-operator/crds/crd-prometheus.yaml +++ b/stable/prometheus-operator/crds/crd-prometheus.yaml @@ -4,10 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 + helm.sh/hook: crd-install creationTimestamp: null name: prometheuses.monitoring.coreos.com - annotations: - "helm.sh/hook": crd-install spec: group: monitoring.coreos.com names: diff --git a/stable/prometheus-operator/crds/crd-prometheusrules.yaml b/stable/prometheus-operator/crds/crd-prometheusrules.yaml index 1a76f6dd9740..a18e67435a41 100644 --- a/stable/prometheus-operator/crds/crd-prometheusrules.yaml +++ b/stable/prometheus-operator/crds/crd-prometheusrules.yaml @@ -4,10 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 + helm.sh/hook: crd-install creationTimestamp: null name: prometheusrules.monitoring.coreos.com - annotations: - "helm.sh/hook": crd-install spec: group: monitoring.coreos.com names: diff --git a/stable/prometheus-operator/crds/crd-servicemonitor.yaml b/stable/prometheus-operator/crds/crd-servicemonitor.yaml index f31ef405a730..7e614d036b9f 100644 --- a/stable/prometheus-operator/crds/crd-servicemonitor.yaml +++ b/stable/prometheus-operator/crds/crd-servicemonitor.yaml @@ -4,10 +4,9 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.4 + helm.sh/hook: crd-install creationTimestamp: null name: servicemonitors.monitoring.coreos.com - annotations: - "helm.sh/hook": crd-install spec: group: monitoring.coreos.com names: From 2435a2a26b93f4b0760b89c5dcc483165a01262c Mon Sep 17 00:00:00 2001 From: Sergey Monakhov Date: Wed, 19 Feb 2020 14:50:25 +0300 Subject: [PATCH 186/304] [stable/prometheus-operator]Fixed kind for serviceperreplica and portName variable (#20078) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixed kind for serviceperreplica and portName variable Signed-off-by: Sergey Monakhov * bump prometheus-operator chart version Signed-off-by: Sergey Monakhov * bump Signed-off-by: Sergey Monakhov Co-authored-by: Reinhard Nägele --- stable/prometheus-operator/Chart.yaml | 2 +- .../templates/prometheus/serviceperreplica.yaml | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 7c4436e586eb..1e974fa767e3 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -12,7 +12,7 @@ sources: - https://github.com/coreos/kube-prometheus - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 8.8.0 +version: 8.8.1 appVersion: 0.36.0 tillerVersion: ">=2.12.0" home: https://github.com/coreos/prometheus-operator diff --git a/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml b/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml index 6b6fec53f756..b5da0fa697e1 100644 --- a/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml +++ b/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml @@ -1,13 +1,14 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} {{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} {{- $serviceValues := .Values.prometheus.servicePerReplica -}} +{{- $portName := .Values.prometheus.prometheusSpec.portName -}} apiVersion: v1 -kind: ServiceList +kind: List metadata: name: {{ include "prometheus-operator.fullname" $ }}-prometheus-serviceperreplica namespace: {{ $.Release.Namespace }} items: -{{ range $i, $e := until $count }} +{{- range $i, $e := until $count }} - apiVersion: v1 kind: Service metadata: @@ -31,7 +32,7 @@ items: {{- end }} {{- end }} ports: - - name: {{ .Values.prometheus.prometheusSpec.portName }} + - name: {{ $portName }} {{- if eq $serviceValues.type "NodePort" }} nodePort: {{ $serviceValues.nodePort }} {{- end }} From 94f3bd44905014fe42827a9153b03d72069638ad Mon Sep 17 00:00:00 2001 From: Bharath KKB Date: Wed, 19 Feb 2020 07:02:25 -0600 Subject: [PATCH 187/304] [stable/jenkins] Update Readme to work with Helm 3 (#20855) * Update readme and bump chart version Signed-off-by: Bharath Baiju Signed-off-by: bharathkkb * Update Changelog Signed-off-by: Bharath Baiju Signed-off-by: bharathkkb --- stable/jenkins/CHANGELOG.md | 4 ++++ stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 8 ++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/stable/jenkins/CHANGELOG.md b/stable/jenkins/CHANGELOG.md index 4bb1556c1c1f..648862e8c9cb 100644 --- a/stable/jenkins/CHANGELOG.md +++ b/stable/jenkins/CHANGELOG.md @@ -5,6 +5,10 @@ numbering uses [semantic versioning](http://semver.org). NOTE: The change log until version 1.5.7 is auto generated based on git commits. Those include a reference to the git commit to be able to get more details. +## 1.9.19 + +Update docs for Helm 3 + ## 1.9.18 Make `jenkins-home` attachable to Azure Disks without pvc diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 9b59eb49d542..6d682b1f6f21 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: jenkins home: https://jenkins.io/ -version: 1.9.18 +version: 1.9.19 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index aa2702c20703..6b1108d3ee52 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -18,7 +18,7 @@ This chart will do the following: To install the chart with the release name `my-release`: ```bash -$ helm install --name my-release stable/jenkins +$ helm install my-release stable/jenkins ``` ## Upgrading an existing Release to a new major version @@ -220,7 +220,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, ```bash -$ helm install --name my-release -f values.yaml stable/jenkins +$ helm install my-release -f values.yaml stable/jenkins ``` > **Tip**: You can use the default [values.yaml](values.yaml) @@ -320,7 +320,7 @@ It is possible to mount several volumes using `persistence.volumes` and `persist 3. Install the chart ```bash -$ helm install --name my-release --set persistence.existingClaim=PVC_NAME stable/jenkins +$ helm install my-release --set persistence.existingClaim=PVC_NAME stable/jenkins ``` #### Storage Class @@ -328,7 +328,7 @@ $ helm install --name my-release --set persistence.existingClaim=PVC_NAME stable It is possible to define which storage class to use: ```bash -$ helm install --name my-release --set persistence.storageClass=customStorageClass stable/jenkins +$ helm install my-release --set persistence.storageClass=customStorageClass stable/jenkins ``` If set to a dash (`-`, as in `persistence.storageClass=-`), the dynamic provision is disabled. From e589b7c49b3a849607be6c0dff9a9aa593814755 Mon Sep 17 00:00:00 2001 From: Will James Date: Wed, 19 Feb 2020 14:26:24 +0100 Subject: [PATCH 188/304] [stable/instana-agent] Chart version 1.0.23 (#20873) Signed-off-by: Instana CD --- stable/instana-agent/Chart.yaml | 2 +- stable/instana-agent/README.md | 18 ++++++++---------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/stable/instana-agent/Chart.yaml b/stable/instana-agent/Chart.yaml index d2231a70079c..f35d2426c7ab 100644 --- a/stable/instana-agent/Chart.yaml +++ b/stable/instana-agent/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: instana-agent -version: 1.0.22 +version: 1.0.23 appVersion: 1.0 description: Instana Agent for Kubernetes home: https://www.instana.com/ diff --git a/stable/instana-agent/README.md b/stable/instana-agent/README.md index 59ea7bbc067f..395836dd893a 100644 --- a/stable/instana-agent/README.md +++ b/stable/instana-agent/README.md @@ -10,9 +10,7 @@ This chart adds the Instana Agent to all schedulable nodes in your cluster via a Kubernetes 1.9.x - 1.16.x -Working `helm` and `tiller`. - -_Note:_ Tiller may need a service account and role binding if RBAC is enabled in your cluster. +Working `helm` (version 3) with the `stable` repo added to your helm client. ## Installing the Chart @@ -51,22 +49,22 @@ Agent can have APM, INFRASTRUCTURE or AWS mode. Default is APM and if you want t * agent.mode +First, create a namespace for the instana-agent + +```bash +$ kubectl create namespace instana-agent +``` + To install the chart with the release name `instana-agent` and set the values on the command line run: ```bash -$ helm install --name instana-agent --namespace instana-agent \ +$ helm install instana-agent --namespace instana-agent \ --set agent.key=INSTANA_AGENT_KEY \ --set agent.endpointHost=HOST \ --set zone.name=ZONE_NAME \ stable/instana-agent ``` -To install the chart with the release name `instana-agent` after editing the **values.yaml** file, run: - -```bash -$ helm install --name instana-agent --namespace instana-agent stable/instana-agent -``` - ## Uninstalling the Chart To uninstall/delete the `instana-agent` daemon set: From 7ccc9f99d7ab6b9554624985d9c9b9723b7253c0 Mon Sep 17 00:00:00 2001 From: Qingkun Li Date: Wed, 19 Feb 2020 06:12:25 -0800 Subject: [PATCH 189/304] [stable/prometheus-operator] add config to enable or disable rules in kube-apiserver-error.yaml (#20466) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Qingkun Li Co-authored-by: Reinhard Nägele --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + stable/prometheus-operator/hack/sync_prometheus_rules.py | 1 + .../templates/prometheus/rules-1.14/kube-apiserver-error.yaml | 2 +- stable/prometheus-operator/values.yaml | 1 + 5 files changed, 5 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 1e974fa767e3..65f818b842f5 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -12,7 +12,7 @@ sources: - https://github.com/coreos/kube-prometheus - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 8.8.1 +version: 8.9.0 appVersion: 0.36.0 tillerVersion: ">=2.12.0" home: https://github.com/coreos/prometheus-operator diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 399f73e55f9f..e09db7020f27 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -148,6 +148,7 @@ The following tables list the configurable parameters of the prometheus-operator | `defaultRules.rules.general` | Create General default rules| `true` | | `defaultRules.rules.k8s` | Create K8S default rules| `true` | | `defaultRules.rules.kubeApiserver` | Create Api Server default rules| `true` | +| `defaultRules.rules.kubeApiserverError` | Create Api Server Error default rules| `true` | | `defaultRules.rules.kubePrometheusNodeAlerting` | Create Node Alerting default rules| `true` | | `defaultRules.rules.kubePrometheusNodeRecording` | Create Node Recording default rules| `true` | | `defaultRules.rules.kubeScheduler` | Create Kubernetes Scheduler default rules| `true` | diff --git a/stable/prometheus-operator/hack/sync_prometheus_rules.py b/stable/prometheus-operator/hack/sync_prometheus_rules.py index 1a816a7cadb4..8d54c2241cc5 100755 --- a/stable/prometheus-operator/hack/sync_prometheus_rules.py +++ b/stable/prometheus-operator/hack/sync_prometheus_rules.py @@ -54,6 +54,7 @@ def new_representer(dumper, data): 'general.rules': ' .Values.defaultRules.rules.general', 'k8s.rules': ' .Values.defaultRules.rules.k8s', 'kube-apiserver.rules': ' .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver', + 'kube-apiserver-error': ' .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverError', 'kube-prometheus-node-alerting.rules': ' .Values.defaultRules.rules.kubePrometheusNodeAlerting', 'kube-prometheus-node-recording.rules': ' .Values.defaultRules.rules.kubePrometheusNodeRecording', 'kube-scheduler.rules': ' .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeScheduler', diff --git a/stable/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-error.yaml b/stable/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-error.yaml index baa6b79e2f6d..59e35b1ed707 100644 --- a/stable/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-error.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules-1.14/kube-apiserver-error.yaml @@ -2,7 +2,7 @@ # Do not change in-place! In order to change this file first read following link: # https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverError }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 8a5945f2c84d..a8d3059dd393 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -26,6 +26,7 @@ defaultRules: general: true k8s: true kubeApiserver: true + kubeApiserverError: true kubePrometheusNodeAlerting: true kubePrometheusNodeRecording: true kubernetesAbsent: true From e323fcdf449d0b53a6c9623d24ae3959adae34a4 Mon Sep 17 00:00:00 2001 From: Mike Gee Date: Wed, 19 Feb 2020 16:37:46 -0500 Subject: [PATCH 190/304] [stable/prometheus-node-exporter] Add updateStrategy to template (#20858) Signed-off-by: Mike Gee --- stable/prometheus-node-exporter/Chart.yaml | 2 +- stable/prometheus-node-exporter/README.md | 67 ++++++++++--------- .../templates/daemonset.yaml | 6 +- stable/prometheus-node-exporter/values.yaml | 6 ++ 4 files changed, 44 insertions(+), 37 deletions(-) diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index 0cc97a22dda3..b0c3c8f31858 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.18.1 description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 1.8.1 +version: 1.8.2 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/README.md b/stable/prometheus-node-exporter/README.md index dfb2ed1f414e..aaa51097e4ea 100644 --- a/stable/prometheus-node-exporter/README.md +++ b/stable/prometheus-node-exporter/README.md @@ -36,39 +36,40 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Node Exporter chart and their default values. -| Parameter | Description | Default | | -| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | --- | -| `image.repository` | Image repository | `quay.io/prometheus/node-exporter` | | -| `image.tag` | Image tag | `v0.18.1` | | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | | -| `extraArgs` | Additional container arguments | `[]` | | -| `extraHostVolumeMounts` | Additional host volume mounts | `[]` | | -| `podAnnotations` | Annotations to be added to node exporter pods | `{}` | | -| `podLabels` | Additional labels to be added to pods | `{}` | | -| `rbac.create` | If true, create & use RBAC resources | `true` | | -| `rbac.pspEnabled` | Specifies whether a PodSecurityPolicy should be created. | `true` | | -| `resources` | CPU/Memory resource requests/limits | `{}` | | -| `service.type` | Service type | `ClusterIP` | | -| `service.port` | The service port | `9100` | | -| `service.targetPort` | The target port of the container | `9100` | | -| `service.nodePort` | The node port of the service | | | -| `service.annotations` | Kubernetes service annotations | `{prometheus.io/scrape: "true"}` | | -| `serviceAccount.create` | Specifies whether a service account should be created. | `true` | | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | | | -| `serviceAccount.imagePullSecrets` | Specify image pull secrets | `[]` | | -| `securityContext` | SecurityContext | `{"runAsNonRoot": true, "runAsUser": 65534}` | | -| `affinity` | A group of affinity scheduling rules for pod assignment | `{}` | | -| `nodeSelector` | Node labels for pod assignment | `{}` | | -| `tolerations` | List of node taints to tolerate | `- effect: NoSchedule operator: Exists` | | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | | -| `endpoints` | list of addresses that have node exporter deployed outside of the cluster | `[]` | | -| `hostNetwork` | Whether to expose the service to the host network | `true` | | -| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | | -| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | | -| `prometheus.monitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as prometheus node exporter` | | -| `prometheus.monitor.scrapeTimeout` | Timeout after which the scrape is ended | `10s` | | -| `configmaps` | Allow mounting additional configmaps. | `[]` | | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | | +| Parameter | Description | Default | +| ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------ | +| `image.repository` | Image repository | `quay.io/prometheus/node-exporter` | +| `image.tag` | Image tag | `v0.18.1` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `extraArgs` | Additional container arguments | `[]` | +| `extraHostVolumeMounts` | Additional host volume mounts | `[]` | +| `podAnnotations` | Annotations to be added to node exporter pods | `{}` | +| `podLabels` | Additional labels to be added to pods | `{}` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `rbac.pspEnabled` | Specifies whether a PodSecurityPolicy should be created. | `true` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `service.type` | Service type | `ClusterIP` | +| `service.port` | The service port | `9100` | +| `service.targetPort` | The target port of the container | `9100` | +| `service.nodePort` | The node port of the service | | +| `service.annotations` | Kubernetes service annotations | `{prometheus.io/scrape: "true"}` | +| `serviceAccount.create` | Specifies whether a service account should be created. | `true` | +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | | +| `serviceAccount.imagePullSecrets` | Specify image pull secrets | `[]` | +| `securityContext` | SecurityContext | `{"runAsNonRoot": true, "runAsUser": 65534}` | +| `affinity` | A group of affinity scheduling rules for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | List of node taints to tolerate | `- effect: NoSchedule operator: Exists` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `endpoints` | list of addresses that have node exporter deployed outside of the cluster | `[]` | +| `hostNetwork` | Whether to expose the service to the host network | `true` | +| `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `prometheus.monitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as prometheus node exporter` | +| `prometheus.monitor.scrapeTimeout` | Timeout after which the scrape is ended | `10s` | +| `configmaps` | Allow mounting additional configmaps. | `[]` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `updateStrategy` | Configure a custom update strategy for the daemonset | `Rolling update with 1 max unavailable` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/prometheus-node-exporter/templates/daemonset.yaml b/stable/prometheus-node-exporter/templates/daemonset.yaml index 1ef1277ecf02..113d89352c33 100644 --- a/stable/prometheus-node-exporter/templates/daemonset.yaml +++ b/stable/prometheus-node-exporter/templates/daemonset.yaml @@ -9,10 +9,10 @@ spec: matchLabels: app: {{ template "prometheus-node-exporter.name" . }} release: {{ .Release.Name }} + {{- if .Values.updateStrategy }} updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 +{{ toYaml .Values.updateStrategy | indent 4 }} + {{- end }} template: metadata: labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} diff --git a/stable/prometheus-node-exporter/values.yaml b/stable/prometheus-node-exporter/values.yaml index bdac99064538..10746628dfb7 100644 --- a/stable/prometheus-node-exporter/values.yaml +++ b/stable/prometheus-node-exporter/values.yaml @@ -22,6 +22,12 @@ prometheus: scrapeTimeout: 10s +## Customize the updateStrategy if set +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little From 697f7bee3edf0356b7f2a758c3afc8ebedda72d3 Mon Sep 17 00:00:00 2001 From: Matthieu Paret Date: Wed, 19 Feb 2020 23:27:46 +0100 Subject: [PATCH 191/304] fix kubectl version (#20841) Signed-off-by: --replace-all --- stable/kured/Chart.yaml | 2 +- stable/kured/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/kured/Chart.yaml b/stable/kured/Chart.yaml index 21a0d30a11d9..01f97928dc92 100644 --- a/stable/kured/Chart.yaml +++ b/stable/kured/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.2.0" description: A Helm chart for kured name: kured -version: 1.4.2 +version: 1.4.3 home: https://github.com/weaveworks/kured maintainers: - name: plumdog diff --git a/stable/kured/values.yaml b/stable/kured/values.yaml index d7e5d68d7423..7f93be6b72ab 100644 --- a/stable/kured/values.yaml +++ b/stable/kured/values.yaml @@ -20,7 +20,7 @@ autolock: enabled: false image: repository: docker.io/bitnami/kubectl - tag: 1.15.4 + tag: 1.15.3 scheduleUnlock: 0 4 * * * schedulelock: 0 6 * * * From a97558f680bd20754142773fbfc3705eb2042f19 Mon Sep 17 00:00:00 2001 From: Mohamed Hazem Date: Thu, 20 Feb 2020 06:05:02 +0100 Subject: [PATCH 192/304] [stable/graylog] Add support fetching elasticsearch and mongodb hosts from K8s secrets (#20807) * - Add support for elasticsearch and mongodb hosts retrieval from a k8s secret Signed-off-by: Mohamed Hazem * - Version bump to 1.5.8 Signed-off-by: Mohamed Hazem * - Simplify values for enabling URI fetching from k8s secrets Signed-off-by: Mohamed Hazem --- stable/graylog/Chart.yaml | 2 +- stable/graylog/README.md | 4 ++++ stable/graylog/templates/_helpers.tpl | 8 ++++++-- stable/graylog/templates/configmap.yaml | 8 ++++++++ stable/graylog/templates/statefulset.yaml | 14 ++++++++++++++ stable/graylog/values.yaml | 8 ++++++++ 6 files changed, 41 insertions(+), 3 deletions(-) diff --git a/stable/graylog/Chart.yaml b/stable/graylog/Chart.yaml index 4ff4bca83e16..d569c0161f21 100755 --- a/stable/graylog/Chart.yaml +++ b/stable/graylog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: graylog home: https://www.graylog.org -version: 1.5.7 +version: 1.5.8 appVersion: 3.1 description: Graylog is the centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. keywords: diff --git a/stable/graylog/README.md b/stable/graylog/README.md index 660ab695822f..64f9f7fc5586 100644 --- a/stable/graylog/README.md +++ b/stable/graylog/README.md @@ -142,7 +142,11 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.existingRootSecret` | Graylog existing root secret | `` | | `graylog.rootTimezone` | Graylog root timezone. | `UTC` | | `graylog.elasticsearch.hosts` | Graylog Elasticsearch host name. You need to specific where data will be stored. | `` | +| `graylog.elasticsearch.uriSecretName` | K8s secret name where elasticsearch hosts will be set from. | `{{ graylog.fullname }}` | +| `graylog.elasticsearch.uriSecretKey` | K8s secret key name where elasticsearch hosts will be set from. | `` | | `graylog.mongodb.uri` | Graylog MongoDB connection string. You need to specific where data will be stored. | `` | +| `graylog.mongodb.uriSecretName` | K8s secret name where MongoDB URI will be set from. | `{{ graylog.fullname }}` | +| `graylog.mongodb.uriSecretKey` | K8s secret key name where MongoDB URI will be set from. | `` | | `graylog.transportEmail.enabled` | If true, enable transport email settings on Graylog | `false` | | `graylog.config` | Add additional server configuration to `graylog.conf` file. | `` | | `graylog.serverFiles` | Add additional server files on /etc/graylog/server. This is useful for enable TLS on input | `{}` | diff --git a/stable/graylog/templates/_helpers.tpl b/stable/graylog/templates/_helpers.tpl index 6a7c9a32b4cb..fbcf71016460 100644 --- a/stable/graylog/templates/_helpers.tpl +++ b/stable/graylog/templates/_helpers.tpl @@ -77,7 +77,9 @@ Create a default fully qualified elasticsearch name or use the `graylog.elastics Or use chart dependencies with release name */}} {{- define "graylog.elasticsearch.hosts" -}} -{{- if .Values.graylog.elasticsearch.hosts }} +{{- if .Values.graylog.elasticsearch.uriSecretKey }} + {{- printf "${GRAYLOG_ELASTICSEARCH_HOST}" -}} +{{- else if .Values.graylog.elasticsearch.hosts }} {{- .Values.graylog.elasticsearch.hosts -}} {{- else }} {{- printf "http://%s-elasticsearch-client.%s.svc.cluster.local:9200" .Release.Name .Release.Namespace -}} @@ -89,7 +91,9 @@ Create a default fully qualified mongodb name or use the `graylog.mongodb.uri` v Or use chart dependencies with release name */}} {{- define "graylog.mongodb.uri" -}} -{{- if .Values.graylog.mongodb.uri }} +{{- if .Values.graylog.mongodb.uriSecretKey }} + {{- printf "${GRAYLOG_MONGODB_URI}" -}} +{{- else if .Values.graylog.mongodb.uri }} {{- .Values.graylog.mongodb.uri -}} {{- else }} {{- printf "mongodb://%s-mongodb-replicaset.%s.svc.cluster.local:27017/graylog?replicaSet=rs0" .Release.Name .Release.Namespace -}} diff --git a/stable/graylog/templates/configmap.yaml b/stable/graylog/templates/configmap.yaml index 2630b6b137ff..838777d5b1ae 100644 --- a/stable/graylog/templates/configmap.yaml +++ b/stable/graylog/templates/configmap.yaml @@ -186,6 +186,10 @@ data: echo "Starting graylog" # Original docker-entrypoint.sh in Graylog Docker will error while executing since you can't chown readonly files in `config` # exec /docker-entrypoint.sh graylog + {{- if or (.Values.graylog.elasticsearch.uriSecretKey) (.Values.graylog.mongodb.uriSecretKey) }} + # Interpolate + sed 's/"/\\\"/g;s/.*/echo "&"/e' ${GRAYLOG_HOME}/config/graylog.conf > ${GRAYLOG_HOME}/graylog.conf.subst + {{- end }} echo "Graylog Home ${GRAYLOG_HOME}" echo "JVM Options ${GRAYLOG_SERVER_JAVA_OPTS}" "${JAVA_HOME}/bin/java" \ @@ -196,4 +200,8 @@ data: -Dgraylog2.installation_source=docker \ ${GRAYLOG_HOME}/graylog.jar \ server \ + {{- if or (.Values.graylog.elasticsearch.uriSecretKey) (.Values.graylog.mongodb.uriSecretKey) }} + -f ${GRAYLOG_HOME}/graylog.conf.subst + {{- else }} -f ${GRAYLOG_HOME}/config/graylog.conf + {{- end }} diff --git a/stable/graylog/templates/statefulset.yaml b/stable/graylog/templates/statefulset.yaml index c9f7b6972406..8806b6f6bf55 100644 --- a/stable/graylog/templates/statefulset.yaml +++ b/stable/graylog/templates/statefulset.yaml @@ -102,6 +102,20 @@ spec: secretKeyRef: name: {{ .Values.graylog.existingRootSecret | default (include "graylog.fullname" .) }} key: graylog-password-sha2 + {{- if .Values.graylog.elasticsearch.uriSecretKey }} + - name: GRAYLOG_ELASTICSEARCH_HOST + valueFrom: + secretKeyRef: + name: {{ .Values.graylog.elasticsearch.uriSecretName | default (include "graylog.fullname" .) }} + key: {{ .Values.graylog.elasticsearch.uriSecretKey }} + {{- end }} + {{- if .Values.graylog.mongodb.uriSecretKey }} + - name: GRAYLOG_MONGODB_URI + valueFrom: + secretKeyRef: + name: {{ .Values.graylog.mongodb.uriSecretName | default (include "graylog.fullname" .) }} + key: {{ .Values.graylog.mongodb.uriSecretKey }} + {{- end }} {{- range $key, $value := .Values.graylog.env }} - name: {{ $key }} value: {{ $value | quote }} diff --git a/stable/graylog/values.yaml b/stable/graylog/values.yaml index f7763351b0bd..b80e031774f3 100644 --- a/stable/graylog/values.yaml +++ b/stable/graylog/values.yaml @@ -270,12 +270,20 @@ graylog: ## # hosts: http://elasticsearch-client.graylog.svc.cluster.local:9200 hosts: "" + # Allow elasticsearch hosts to be fetched from a k8s secret + # {{ graylog.fullname }} will be used as uriSecretName if left empty + uriSecretName: "" + uriSecretKey: "" mongodb: ## MongoDB connection string ## See https://docs.mongodb.com/manual/reference/connection-string/ for details # uri: mongodb://user:pass@host1:27017,host2:27017,host3:27017/graylog?replicaSet=rs01 uri: "" + # Allow mongodb uri to be fetched from a k8s secret + # {{ graylog.fullname }} will be used as uriSecretName if left empty + uriSecretName: "" + uriSecretKey: "" ## Increase this value according to the maximum connections your MongoDB server can handle from a single client ## if you encounter MongoDB connection problems. From 61f97b7b8f7cea4f6634597d9c948eef92b350eb Mon Sep 17 00:00:00 2001 From: Brandon Wulf Date: Wed, 19 Feb 2020 22:37:02 -0800 Subject: [PATCH 193/304] [incubator/sparkoperator] Change init job to a hook. Only delete secret on uninstall (#20742) * Change init job to a hook. Only delete secret on uninstall Signed-off-by: Brandon Wulf * revert based on suggestion Signed-off-by: Brandon Wulf --- incubator/sparkoperator/Chart.yaml | 2 +- incubator/sparkoperator/templates/webhook-cleanup-job.yaml | 2 +- incubator/sparkoperator/templates/webhook-init-job.yaml | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index f4c5429e3adf..7ac155ae108c 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.6.5 +version: 0.6.6 appVersion: v1beta2-1.1.0-2.4.5 keywords: - spark diff --git a/incubator/sparkoperator/templates/webhook-cleanup-job.yaml b/incubator/sparkoperator/templates/webhook-cleanup-job.yaml index e30dd8dda87c..7ee257ac96a7 100644 --- a/incubator/sparkoperator/templates/webhook-cleanup-job.yaml +++ b/incubator/sparkoperator/templates/webhook-cleanup-job.yaml @@ -20,7 +20,7 @@ spec: imagePullSecrets: {{ toYaml .Values.imagePullSecrets | trim | indent 8 }} containers: - - name: main + - name: clean-secret image: {{ .Values.operatorImageName }}:{{ .Values.operatorVersion }} imagePullPolicy: {{ .Values.imagePullPolicy }} command: diff --git a/incubator/sparkoperator/templates/webhook-init-job.yaml b/incubator/sparkoperator/templates/webhook-init-job.yaml index cf3d741555b1..10c4634140b1 100644 --- a/incubator/sparkoperator/templates/webhook-init-job.yaml +++ b/incubator/sparkoperator/templates/webhook-init-job.yaml @@ -2,8 +2,11 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "sparkoperator.fullname" . }}-init + name: {{ include "sparkoperator.fullname" . }}-webhook-init namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded labels: app.kubernetes.io/name: {{ include "sparkoperator.name" . }} helm.sh/chart: {{ include "sparkoperator.chart" . }} From 82c0f17c071c365d943b4a1ca300502ce317ccb1 Mon Sep 17 00:00:00 2001 From: doug-ba Date: Thu, 20 Feb 2020 01:13:03 -0800 Subject: [PATCH 194/304] [stable/external-dns] Add optional designate variables and functionality (#20746) * [stable/external-dns] Add optional designate variables and functionality Signed-off-by: Doug Baggett * [stable/external-dns] rebasing and removing requested whitespace Signed-off-by: Doug Baggett * [stable/external-dns] Updating minor revision Signed-off-by: Doug Baggett --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/README.md | 7 ++ stable/external-dns/templates/_helpers.tpl | 2 + stable/external-dns/templates/deployment.yaml | 64 +++++++++++++++++-- stable/external-dns/templates/secret.yaml | 8 +++ stable/external-dns/values.yaml | 12 ++++ 6 files changed, 87 insertions(+), 8 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index 48e4f9ace7e3..cb2e9df6b7d7 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: external-dns -version: 2.18.0 +version: 2.19.0 appVersion: 0.6.0 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index 22b3c2f8d096..68aca883cbfd 100755 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -95,10 +95,17 @@ The following table lists the configurable parameters of the external-dns chart | `coredns.etcdTLS.caFilename` | When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` | `"ca.crt"` | | `coredns.etcdTLS.certFilename` | When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` | `"cert.pem"` | | `coredns.etcdTLS.keyFilename` | When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` | `"key.pem"` | +| `designate.authUrl` | When using the Designate provider, specify the OpenStack authentication Url. (optional) | `none` | | `designate.customCA.enabled` | When using the Designate provider, enable a custom CA (optional) | false | | `designate.customCA.content` | When using the Designate provider, set the content of the custom CA | "" | | `designate.customCA.mountPath` | When using the Designate provider, set the mountPath in which to mount the custom CA configuration | "/config/designate" | | `designate.customCA.filename` | When using the Designate provider, set the custom CA configuration filename | "designate-ca.pem" | +| `designate.customCAHostPath` | When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled` | `none` | +| `designate.password` | When using the Designate provider, specify the OpenStack authentication password. (optional) | `none` | +| `designate.projectName | When using the Designate provider, specify the OpenStack project name. (optional) | `none` | +| `designate.regionName | When using the Designate provider, specify the OpenStack region name. (optional) | `none` | +| `designate.userDomainName` | When using the Designate provider, specify the OpenStack user domain name. (optional) | `none` | +| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `none` | | `digitalocean.apiToken` | When using the DigitalOcean provider, `DO_TOKEN` to set (optional) | `""` | | `google.project` | When using the Google provider, specify the Google project (required when provider=google) | `""` | | `google.serviceAccountSecret` | When using the Google provider, specify the existing secret which contains credentials.json (optional) | `""` | diff --git a/stable/external-dns/templates/_helpers.tpl b/stable/external-dns/templates/_helpers.tpl index e2347b8b0cea..9b676a1cbb7d 100644 --- a/stable/external-dns/templates/_helpers.tpl +++ b/stable/external-dns/templates/_helpers.tpl @@ -120,6 +120,8 @@ Return true if a secret object should be created {{- true -}} {{- else if and (eq .Values.provider "cloudflare") (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) (not .Values.cloudflare.secretName) -}} {{- true -}} +{{- else if and (eq .Values.provider "designate") (or .Values.designate.username .Values.designate.password) -}} + {{- true -}} {{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.apiToken (not .Values.digitalocean.secretName) -}} {{- true -}} {{- else if and (eq .Values.provider "google") .Values.google.serviceAccountKey (not .Values.google.serviceAccountSecret) -}} diff --git a/stable/external-dns/templates/deployment.yaml b/stable/external-dns/templates/deployment.yaml index b4f2647b2d93..a365e7ab8958 100755 --- a/stable/external-dns/templates/deployment.yaml +++ b/stable/external-dns/templates/deployment.yaml @@ -221,7 +221,7 @@ spec: value: {{ .Values.aws.credentials.mountPath }}/credentials {{- end }} {{- end }} - # Azure Private DNS variables + # Azure Private DNS variables {{- if eq .Values.provider "azure-private-dns" }} {{- if .Values.azure.tenantId }} - name: AZURE_TENANT_ID @@ -267,6 +267,46 @@ spec: value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.caFilename }} {{- end }} {{- end }} + # Designate environment variables + {{- if eq .Values.provider "designate" }} + {{- if .Values.designate.customCA.enabled }} + - name: OPENSTACK_CA_FILE + value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }} + {{- else if .Values.designate.customCAHostPath }} + - name: OPENSTACK_CA_FILE + value: {{ .Values.designate.customCAHostPath }} + {{- end }} + {{- if .Values.designate.username}} + - name: OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "external-dns.secretName" . }} + key: designate_username + {{- end }} + {{- if .Values.designate.password}} + - name: OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "external-dns.secretName" . }} + key: designate_password + {{- end }} + {{- if .Values.designate.authUrl }} + - name: OS_AUTH_URL + value: {{ .Values.designate.authUrl }} + {{- end }} + {{- if .Values.designate.regionName }} + - name: OS_REGION_NAME + value: {{ .Values.designate.regionName }} + {{- end }} + {{- if .Values.designate.userDomainName }} + - name: OS_USER_DOMAIN_NAME + value: {{ .Values.designate.userDomainName }} + {{- end }} + {{- if .Values.designate.projectName }} + - name: OS_PROJECT_NAME + value: {{ .Values.designate.projectName }} + {{- end }} + {{- end }} # DigitalOcean environment variables {{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }} - name: DO_TOKEN @@ -313,10 +353,6 @@ spec: name: {{ template "external-dns.secretName" . }} key: rfc2136_tsig_secret {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }} - {{- end }} # PowerDNS environment variables {{- if and (eq .Values.provider "pdns") .Values.pdns.apiKey }} - name: PDNS_API_KEY @@ -369,10 +405,18 @@ spec: mountPath: /etc/secrets/service-account/ {{- end }} # Designate mountPath(s) - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} + {{- if eq .Values.provider "designate" }} + {{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }} + {{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true"}} + {{- else if .Values.designate.customCA.enabled }} - name: designate-custom-ca mountPath: {{ .Values.designate.customCA.mountPath }} readOnly: true + {{- else if .Values.designate.customCAHostPath }} + - name: designate-custom-ca-hostpath + mountPath: {{ .Values.designate.customCAHostPath }} + readOnly: true + {{- end }} {{- end }} # TransIP mountPath(s) {{- if (eq .Values.provider "transip") }} @@ -418,13 +462,19 @@ spec: {{- end }} {{- end }} # Designate volume(s) - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} + {{- if eq .Values.provider "designate" }} + {{- if .Values.designate.customCA.enabled }} - name: designate-custom-ca configMap: name: {{ template "external-dns.fullname" . }} items: - key: {{ .Values.designate.customCA.filename }} path: {{ .Values.designate.customCA.filename }} + {{- else if .Values.designate.customCAHostPath }} + - name: designate-custom-ca-hostpath + hostPath: + path: {{ .Values.designate.customCAHostPath }} + {{- end }} {{- end }} # TransIP volume(s) {{- if (eq .Values.provider "transip") }} diff --git a/stable/external-dns/templates/secret.yaml b/stable/external-dns/templates/secret.yaml index 1c2dd19e50d5..a7f93b03d616 100644 --- a/stable/external-dns/templates/secret.yaml +++ b/stable/external-dns/templates/secret.yaml @@ -25,6 +25,14 @@ data: cloudflare_api_key: {{ required "cloudflare.apiKey is required if cloudflare.apiToken is not provided" .Values.cloudflare.apiKey | b64enc | quote }} {{- end }} {{- end }} + {{- if eq .Values.provider "designate" }} + {{- if .Values.designate.username }} + designate_username: {{ .Values.designate.username | b64enc | quote }} + {{- end }} + {{- if .Values.designate.password }} + designate_password: {{ .Values.designate.password | b64enc | quote }} + {{- end }} + {{- end }} {{- if eq .Values.provider "digitalocean" }} digitalocean_api_token: {{ .Values.digitalocean.apiToken | b64enc | quote }} {{- end }} diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 7f32fae2bedd..4f9cac7e4aad 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -210,6 +210,18 @@ designate: ## filename: "designate-ca.pem" + ## Use a host path custom CA (optional) + ## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath + # customCAHostPath: /path/to/cafile + + ## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret. + ## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument. + # username: "someuser" + # password: "p@55w0rd" + # authUrl: "https://mykeystone.example.net:5000/v3/" + # regionName: "dev" + # userDomainName: "development" + # projectName: "myteamname" ## DigitalOcean configuration to be set via arguments/env. variables ## digitalocean: From 75f29fcb767fcc20d166533da3f4f6c9bb32278b Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Thu, 20 Feb 2020 13:41:02 +0200 Subject: [PATCH 195/304] Update statefulset api version to apps/v1 (#20895) Signed-off-by: Ciprian Hacman --- incubator/mysqlha/Chart.yaml | 2 +- incubator/mysqlha/README.md | 2 +- incubator/mysqlha/templates/statefulset.yaml | 7 ++++++- incubator/mysqlha/values.yaml | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/incubator/mysqlha/Chart.yaml b/incubator/mysqlha/Chart.yaml index 788e72b41f82..b7c34b982a7b 100644 --- a/incubator/mysqlha/Chart.yaml +++ b/incubator/mysqlha/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mysqlha -version: 1.0.0 +version: 1.0.1 appVersion: 5.7.13 description: MySQL cluster with a single master and zero or more slave replicas keywords: diff --git a/incubator/mysqlha/README.md b/incubator/mysqlha/README.md index f68065141af1..1836cdbc861f 100644 --- a/incubator/mysqlha/README.md +++ b/incubator/mysqlha/README.md @@ -8,7 +8,7 @@ This chart bootstraps a single master and multiple slave MySQL deployment on a [ ## Prerequisites -- Kubernetes 1.6+ +- Kubernetes 1.10+ with Beta APIs enabled - PV provisioner support in the underlying infrastructure ## Installing the Chart diff --git a/incubator/mysqlha/templates/statefulset.yaml b/incubator/mysqlha/templates/statefulset.yaml index 97012712713c..b15a41f5de89 100644 --- a/incubator/mysqlha/templates/statefulset.yaml +++ b/incubator/mysqlha/templates/statefulset.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "fullname" . }} @@ -8,12 +8,17 @@ metadata: release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" spec: + selector: + matchLabels: + app: {{ template "fullname" . }} + release: {{ .Release.Name }} serviceName: {{ template "fullname" . }} replicas: {{ .Values.mysqlha.replicaCount }} template: metadata: labels: app: {{ template "fullname" . }} + release: {{ .Release.Name }} {{- if .Values.mysqlha.podAnnotations }} annotations: {{ toYaml .Values.mysqlha.podAnnotations | indent 8 }} diff --git a/incubator/mysqlha/values.yaml b/incubator/mysqlha/values.yaml index 706e3a8e1f54..78d2bc9fbb88 100644 --- a/incubator/mysqlha/values.yaml +++ b/incubator/mysqlha/values.yaml @@ -1,7 +1,7 @@ ## mysql image version ## ref: https://hub.docker.com/r/library/mysql/tags/ ## -mysqlImage: mysql:5.7.13 +mysqlImage: mysql:5.7.29 xtraBackupImage: gcr.io/google-samples/xtrabackup:1.0 ## Specify an imagePullPolicy (Required) From eed439a1b1013a270d77b8b5a4830928be5cd62c Mon Sep 17 00:00:00 2001 From: Alex Gaganov <31386536+alexgaganov-fiverr@users.noreply.github.com> Date: Thu, 20 Feb 2020 17:09:04 +0200 Subject: [PATCH 196/304] [stable/kube-state-metrics] Support automatic sharding (#20791) Signed-off-by: Alex Gaganov --- stable/kube-state-metrics/Chart.yaml | 2 +- stable/kube-state-metrics/README.md | 1 + .../templates/deployment.yaml | 23 ++++++++++++++++ .../templates/stsdiscovery-role.yaml | 27 +++++++++++++++++++ .../templates/stsdiscovery-rolebinding.yaml | 20 ++++++++++++++ stable/kube-state-metrics/values.yaml | 7 +++++ 6 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 stable/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 stable/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index 2c3e2a24302b..f68ddfaee4b0 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -6,7 +6,7 @@ keywords: - monitoring - prometheus - kubernetes -version: 2.6.4 +version: 2.7.0 appVersion: 1.9.4 home: https://github.com/kubernetes/kube-state-metrics/ sources: diff --git a/stable/kube-state-metrics/README.md b/stable/kube-state-metrics/README.md index e7fe09728429..44754a3547bf 100644 --- a/stable/kube-state-metrics/README.md +++ b/stable/kube-state-metrics/README.md @@ -18,6 +18,7 @@ $ helm install stable/kube-state-metrics | `image.tag` | The image tag to pull from | `v1.9.4` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicas` | Number of replicas | `1` | +| `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | | `service.port` | The port of the container | `8080` | | `service.annotations` | Annotations to be added to the service | `{}` | | `customLabels` | Custom labels to apply to service, deployment and pods | `{}` | diff --git a/stable/kube-state-metrics/templates/deployment.yaml b/stable/kube-state-metrics/templates/deployment.yaml index 71dedce5d15b..4797c09b8e6b 100644 --- a/stable/kube-state-metrics/templates/deployment.yaml +++ b/stable/kube-state-metrics/templates/deployment.yaml @@ -1,5 +1,9 @@ apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} kind: Deployment +{{- end }} metadata: name: {{ template "kube-state-metrics.fullname" . }} namespace: {{ template "kube-state-metrics.namespace" . }} @@ -16,6 +20,10 @@ spec: matchLabels: app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} template: metadata: labels: @@ -41,6 +49,17 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} args: {{ if .Values.collectors.certificatesigningrequests }} - --collectors=certificatesigningrequests @@ -128,6 +147,10 @@ spec: {{ end }} {{ if .Values.namespace }} - --namespace={{ .Values.namespace }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) {{ end }} imagePullPolicy: {{ .Values.image.pullPolicy }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/stable/kube-state-metrics/templates/stsdiscovery-role.yaml b/stable/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100644 index 000000000000..bf5396072710 --- /dev/null +++ b/stable/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - kube-state-metrics + resources: + - statefulsets + verbs: + - get +{{- end }} diff --git a/stable/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/stable/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 000000000000..6a2e5bfe7b0b --- /dev/null +++ b/stable/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/stable/kube-state-metrics/values.yaml b/stable/kube-state-metrics/values.yaml index 5af53834add6..d8ceef52e6b6 100644 --- a/stable/kube-state-metrics/values.yaml +++ b/stable/kube-state-metrics/values.yaml @@ -5,6 +5,13 @@ image: tag: v1.9.4 pullPolicy: IfNotPresent +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + replicas: 1 service: From 43edde894f4b141319e46e4311ddfa576a6973f6 Mon Sep 17 00:00:00 2001 From: Corey Zuares Date: Thu, 20 Feb 2020 10:49:04 -0500 Subject: [PATCH 197/304] Add missing template rendering (#20876) Signed-off-by: Corey Zuares --- stable/rabbitmq-ha/Chart.yaml | 2 +- stable/rabbitmq-ha/templates/service-discovery.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/rabbitmq-ha/Chart.yaml b/stable/rabbitmq-ha/Chart.yaml index dc548b334f25..2b2eb960b055 100644 --- a/stable/rabbitmq-ha/Chart.yaml +++ b/stable/rabbitmq-ha/Chart.yaml @@ -1,7 +1,7 @@ name: rabbitmq-ha apiVersion: v1 appVersion: 3.8.0 -version: 1.40.0 +version: 1.40.1 description: Highly available RabbitMQ cluster, the open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). keywords: diff --git a/stable/rabbitmq-ha/templates/service-discovery.yaml b/stable/rabbitmq-ha/templates/service-discovery.yaml index eb0d6f4c327a..41a8dafbaeb1 100644 --- a/stable/rabbitmq-ha/templates/service-discovery.yaml +++ b/stable/rabbitmq-ha/templates/service-discovery.yaml @@ -3,7 +3,7 @@ kind: Service metadata: {{- if .Values.service.annotations }} annotations: -{{ toYaml .Values.service.annotations | indent 4 }} +{{ tpl (toYaml .Values.service.annotations) . | indent 4 }} {{- end }} name: {{ printf "%s-discovery" (include "rabbitmq-ha.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ .Release.Namespace }} From 1beb71c3dc7d187bd205674dc8df3fdf57554a1c Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Thu, 20 Feb 2020 18:23:04 +0100 Subject: [PATCH 198/304] [stable/postgresql] Disable initContainer to adapt permissions by default (#20910) Signed-off-by: juan131 --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 4 ++-- .../postgresql/templates/statefulset-slaves.yaml | 11 +++++++---- stable/postgresql/templates/statefulset.yaml | 11 +++++++---- stable/postgresql/values-production.yaml | 15 ++++++++++----- stable/postgresql/values.yaml | 16 ++++++++++------ 6 files changed, 37 insertions(+), 22 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 21cd5ed60287..ab8e9b4baf19 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.3.4 +version: 8.4.0 appVersion: 11.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index aa3391233529..19455577e50d 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -66,6 +66,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `image.debug` | Specify if debug values should be set | `false` | | `nameOverride` | String to partially override postgresql.fullname template with a string (will prepend the release name) | `nil` | | `fullnameOverride` | String to fully override postgresql.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | | `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | @@ -121,7 +122,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | [] | | `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | | `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for master and slave(s) Pod(s) | `true` | -| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (when shmVolume.enabled is also true) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | | `persistence.enabled` | Enable persistence using PVC | `true` | | `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | | `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | @@ -380,7 +381,6 @@ This label will be displayed in the output of a successful install. - The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. - For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,shmVolume.chmod.enabled=false - ### Deploy chart using Docker Official PostgreSQL Image From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index e7bd50db5fa3..66d3ba3f974c 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -66,12 +66,12 @@ spec: {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name}} {{- end }} - {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.shmVolume.enabled }} + {{- if or .Values.slave.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} initContainers: - {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.shmVolume.enabled }} + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - name: init-chmod-data image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} @@ -79,7 +79,7 @@ spec: - /bin/sh - -cx - | - echo "current user id: `id`" + {{ if .Values.persistence.enabled }} mkdir -p {{ .Values.persistence.mountPath }}/data chmod 700 {{ .Values.persistence.mountPath }}/data find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ @@ -88,6 +88,7 @@ spec: {{- else }} xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{- end }} + {{- end }} {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} chmod -R 777 /dev/shm {{- end }} @@ -98,9 +99,11 @@ spec: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} {{- end }} volumeMounts: + {{ if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm mountPath: /dev/shm diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 487a27776aac..51732b9dbc02 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -70,12 +70,12 @@ spec: {{- if .Values.serviceAccount.enabled }} serviceAccountName: {{ default (include "postgresql.fullname" . ) .Values.serviceAccount.name }} {{- end }} - {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.shmVolume.enabled }} + {{- if or .Values.master.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} initContainers: - {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.shmVolume.enabled }} + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled)) }} - name: init-chmod-data image: {{ template "postgresql.volumePermissions.image" . }} - imagePullPolicy: "{{ .Values.volumePermissions.image.pullPolicy }}" + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} @@ -83,7 +83,7 @@ spec: - /bin/sh - -cx - | - echo "current user id: `id`" + {{ if .Values.persistence.enabled }} mkdir -p {{ .Values.persistence.mountPath }}/data chmod 700 {{ .Values.persistence.mountPath }}/data find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ @@ -92,6 +92,7 @@ spec: {{- else }} xargs chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{- end }} + {{- end }} {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} chmod -R 777 /dev/shm {{- end }} @@ -102,9 +103,11 @@ spec: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} {{- end }} volumeMounts: + {{ if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} subPath: {{ .Values.persistence.subPath }} + {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm mountPath: /dev/shm diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 10a78463fe07..4d87f90982ef 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -46,7 +46,7 @@ image: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: - enabled: true + enabled: false image: registry: docker.io repository: bitnami/minideb @@ -69,7 +69,8 @@ volumePermissions: ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false . + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## securityContext: runAsUser: 0 @@ -265,11 +266,15 @@ service: ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the ## [containerd issue](https://github.com/containerd/containerd/issues/3654), ## which could be not enough if PostgreSQL uses parallel workers heavily. -## If this option is present and value is `true`, -## to the target database pod will be mounted a new tmpfs volume to remove -## this limitation. +## shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## chmod: enabled: true diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index d50ab78096c2..36b9ac48325f 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -46,7 +46,7 @@ image: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: - enabled: true + enabled: false image: registry: docker.io repository: bitnami/minideb @@ -69,7 +69,8 @@ volumePermissions: ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with - ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false . + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## securityContext: runAsUser: 0 @@ -265,12 +266,15 @@ service: ## [docker issue](https://github.com/docker-library/postgres/issues/416) and the ## [containerd issue](https://github.com/containerd/containerd/issues/3654), ## which could be not enough if PostgreSQL uses parallel workers heavily. -## If this option is present and value is `true`, -## to the target database pod will be mounted a new tmpfs volume to remove -## this limitation. -## If chmod.enabled is `true`, init container will chmod 777 `/dev/shm`. +## shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ingored if `volumePermissions.enabled` is `false` + ## chmod: enabled: true From 107810a8731b9605ad9dabe39dc607fdeb70ab35 Mon Sep 17 00:00:00 2001 From: Jeffrey Descan Date: Thu, 20 Feb 2020 18:51:04 +0100 Subject: [PATCH 199/304] Set the apiVersions to newest version to support recent k8s clusters (#20505) Signed-off-by: Jeffrey Descan --- stable/newrelic-infrastructure/Chart.yaml | 2 +- stable/newrelic-infrastructure/templates/daemonset.yaml | 2 +- stable/newrelic-infrastructure/templates/podsecuritypolicy.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index 2aae34cc2061..551d263037b0 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.13.23 +version: 0.13.24 appVersion: 1.13.2 home: https://hub.docker.com/r/newrelic/infrastructure-k8s/ source: diff --git a/stable/newrelic-infrastructure/templates/daemonset.yaml b/stable/newrelic-infrastructure/templates/daemonset.yaml index cb6c03132762..3a84aa00316c 100644 --- a/stable/newrelic-infrastructure/templates/daemonset.yaml +++ b/stable/newrelic-infrastructure/templates/daemonset.yaml @@ -1,5 +1,5 @@ {{- if (include "newrelic.areValuesValid" .) }} -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: DaemonSet metadata: labels: {{ include "newrelic.labels" . | indent 4 }} diff --git a/stable/newrelic-infrastructure/templates/podsecuritypolicy.yaml b/stable/newrelic-infrastructure/templates/podsecuritypolicy.yaml index 98d03a6bbbd9..dc882ac8bb01 100644 --- a/stable/newrelic-infrastructure/templates/podsecuritypolicy.yaml +++ b/stable/newrelic-infrastructure/templates/podsecuritypolicy.yaml @@ -1,5 +1,5 @@ {{- if .Values.rbac.pspEnabled }} -apiVersion: extensions/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: privileged-{{ template "newrelic.fullname" . }} From 7461879e1c8aa98148b4fee62961e865b67546ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Thu, 20 Feb 2020 20:51:58 +0100 Subject: [PATCH 200/304] [stable/kube-state-metrics] Version bump to 1.9.5 (#20915) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes also volumeattachments typo found by @mbarrien Signed-off-by: Manuel Rüger --- stable/kube-state-metrics/Chart.yaml | 4 ++-- stable/kube-state-metrics/README.md | 4 ++-- stable/kube-state-metrics/templates/clusterrole.yaml | 2 +- stable/kube-state-metrics/templates/deployment.yaml | 4 ++-- stable/kube-state-metrics/values.yaml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index f68ddfaee4b0..494548d5ffae 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -6,8 +6,8 @@ keywords: - monitoring - prometheus - kubernetes -version: 2.7.0 -appVersion: 1.9.4 +version: 2.7.1 +appVersion: 1.9.5 home: https://github.com/kubernetes/kube-state-metrics/ sources: - https://github.com/kubernetes/kube-state-metrics/ diff --git a/stable/kube-state-metrics/README.md b/stable/kube-state-metrics/README.md index 44754a3547bf..5c6456983b9b 100644 --- a/stable/kube-state-metrics/README.md +++ b/stable/kube-state-metrics/README.md @@ -15,7 +15,7 @@ $ helm install stable/kube-state-metrics | Parameter | Description | Default | |:---------------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| | `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.9.4` | +| `image.tag` | The image tag to pull from | `v1.9.5` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicas` | Number of replicas | `1` | | `autosharding.enabled` | Set to `true` to automatically shard data across `replicas` pods. EXPERIMENTAL | `false` | @@ -65,7 +65,7 @@ $ helm install stable/kube-state-metrics | `collectors.storageclasses` | Enable the storageclasses collector. | `true` | | `collectors.validatingwebhookconfigurations` | Enable the validatingwebhookconfigurations collector. | `false` | | `collectors.verticalpodautoscalers` | Enable the verticalpodautoscalers collector. | `false` | -| `collectors.volumeattachements` | Enable the volumeattachments collector. | `false` | +| `collectors.volumeattachments` | Enable the volumeattachments collector. | `false` | | `prometheus.monitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | | `prometheus.monitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | | `prometheus.monitor.namespace` | Namespace where servicemonitor resource should be created | `the same namespace as kube-state-metrics` | diff --git a/stable/kube-state-metrics/templates/clusterrole.yaml b/stable/kube-state-metrics/templates/clusterrole.yaml index 49e9cf48af31..8728aab61e6b 100644 --- a/stable/kube-state-metrics/templates/clusterrole.yaml +++ b/stable/kube-state-metrics/templates/clusterrole.yaml @@ -165,7 +165,7 @@ rules: - validatingwebhookconfigurations verbs: ["list", "watch"] {{ end -}} -{{ if .Values.collectors.volumeattachements }} +{{ if .Values.collectors.volumeattachments }} - apiGroups: ["storageclasses.k8s.io"] resources: - storageclasses diff --git a/stable/kube-state-metrics/templates/deployment.yaml b/stable/kube-state-metrics/templates/deployment.yaml index 4797c09b8e6b..b6affcc202e6 100644 --- a/stable/kube-state-metrics/templates/deployment.yaml +++ b/stable/kube-state-metrics/templates/deployment.yaml @@ -142,8 +142,8 @@ spec: {{ if .Values.collectors.verticalpodautoscalers }} - --collectors=verticalpodautoscalers {{ end }} -{{ if .Values.collectors.volumeattachements }} - - --collectors=volumeattachements +{{ if .Values.collectors.volumeattachments }} + - --collectors=volumeattachments {{ end }} {{ if .Values.namespace }} - --namespace={{ .Values.namespace }} diff --git a/stable/kube-state-metrics/values.yaml b/stable/kube-state-metrics/values.yaml index d8ceef52e6b6..57c92553f2b1 100644 --- a/stable/kube-state-metrics/values.yaml +++ b/stable/kube-state-metrics/values.yaml @@ -2,7 +2,7 @@ prometheusScrape: true image: repository: quay.io/coreos/kube-state-metrics - tag: v1.9.4 + tag: v1.9.5 pullPolicy: IfNotPresent # If set to true, this will deploy kube-state-metrics as a StatefulSet and the data @@ -116,7 +116,7 @@ collectors: storageclasses: true validatingwebhookconfigurations: false verticalpodautoscalers: false - volumeattachements: false + volumeattachments: false # Namespace to be enabled for collecting resources. By default all namespaces are collected. # namespace: "" From 669738ddc95ac06137d2e39d03024f488419c976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Est=C3=A9vez=20Mart=C3=ADnez?= Date: Fri, 21 Feb 2020 01:42:03 +0100 Subject: [PATCH 201/304] [stable/redis-ha] Adds imagePullSecrets (#20708) * [stable/redis-ha] Adds imagePullSecrets to serviceAccounts Signed-off-by: Marcos Estevez * ImagePullSecrets into deployment/statefulset Signed-off-by: Marcos Estevez * Updating docs Signed-off-by: Marcos Estevez * Adds imagePullSecrets for test Pods too Signed-off-by: Marcos Estevez * Removing global imagePullSecrets, fix indents Signed-off-by: Marcos Estevez --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/README.md | 4 +++- .../redis-ha/templates/redis-ha-statefulset.yaml | 3 +++ .../templates/redis-haproxy-deployment.yaml | 3 +++ .../templates/tests/test-redis-ha-configmap.yaml | 5 ++++- .../templates/tests/test-redis-ha-pod.yaml | 3 +++ stable/redis-ha/values.yaml | 15 +++++++++++++++ 7 files changed, 32 insertions(+), 3 deletions(-) diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index 38a10b1f7013..973927122b49 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -6,7 +6,7 @@ keywords: - redis - keyvalue - database -version: 4.3.4 +version: 4.4.0 appVersion: 5.0.6 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/README.md b/stable/redis-ha/README.md index 04b06c948913..b127ad8f7604 100644 --- a/stable/redis-ha/README.md +++ b/stable/redis-ha/README.md @@ -58,6 +58,7 @@ The following table lists the configurable parameters of the Redis chart and the | Parameter | Description | Default | |:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| | `image` | Redis image | `redis` | +| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] | | `tag` | Redis tag | `5.0.6-alpine` | | `replicas` | Number of redis master/slave pods | `3` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | @@ -86,7 +87,7 @@ The following table lists the configurable parameters of the Redis chart and the | `affinity` | Override all other affinity settings with a string. | `""` | | `persistentVolume.size` | Size for the volume | 10Gi | | `persistentVolume.annotations` | Annotations for the volume | `{}` | -| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` | +| `persistentVolume.reclaimPolicy` | Method used to reclaim an obsoleted volume. `Delete` or `Retain` | `""` | | `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | | `exporter.image` | Exporter image | `oliver006/redis_exporter` | | `exporter.tag` | Exporter tag | `v0.31.0` | @@ -105,6 +106,7 @@ The following table lists the configurable parameters of the Redis chart and the | `haproxy.image.repository`| HAProxy Image Repository | `haproxy` | | `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` | | `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` | +| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] | | `haproxy.annotations` | HAProxy template annotations | `{}` | | `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | `` | | `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | `` | diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index 32638cfdd927..0f2a2ba4116d 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -84,6 +84,9 @@ spec: {{ template "redis-ha.fullname" . }}: replica topologyKey: failure-domain.beta.kubernetes.io/zone {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- end }} securityContext: {{ toYaml .Values.securityContext | indent 8 }} serviceAccountName: {{ template "redis-ha.serviceAccountName" . }} diff --git a/stable/redis-ha/templates/redis-haproxy-deployment.yaml b/stable/redis-ha/templates/redis-haproxy-deployment.yaml index d116691e9851..05c137109c47 100644 --- a/stable/redis-ha/templates/redis-haproxy-deployment.yaml +++ b/stable/redis-ha/templates/redis-haproxy-deployment.yaml @@ -102,6 +102,9 @@ spec: readOnly: true - name: data mountPath: /data + {{- if .Values.haproxy.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.haproxy.imagePullSecrets | nindent 8 }} + {{- end }} securityContext: {{ toYaml .Values.haproxy.securityContext | indent 8 }} containers: diff --git a/stable/redis-ha/templates/tests/test-redis-ha-configmap.yaml b/stable/redis-ha/templates/tests/test-redis-ha-configmap.yaml index e782af94732b..837d1fb2f15e 100644 --- a/stable/redis-ha/templates/tests/test-redis-ha-configmap.yaml +++ b/stable/redis-ha/templates/tests/test-redis-ha-configmap.yaml @@ -17,8 +17,11 @@ spec: - name: config mountPath: /readonly-config readOnly: true + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} + {{- end }} + restartPolicy: Never volumes: - name: config configMap: name: {{ template "redis-ha.fullname" . }}-configmap - restartPolicy: Never diff --git a/stable/redis-ha/templates/tests/test-redis-ha-pod.yaml b/stable/redis-ha/templates/tests/test-redis-ha-pod.yaml index d22058bd2946..588a7d2b12ff 100644 --- a/stable/redis-ha/templates/tests/test-redis-ha-pod.yaml +++ b/stable/redis-ha/templates/tests/test-redis-ha-pod.yaml @@ -14,4 +14,7 @@ spec: - sh - -c - redis-cli -h {{ template "redis-ha.fullname" . }} -p {{ .Values.redis.port }} info server + {{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 4 }} + {{- end }} restartPolicy: Never diff --git a/stable/redis-ha/values.yaml b/stable/redis-ha/values.yaml index 1672d52aa3a8..e4d0ee021841 100644 --- a/stable/redis-ha/values.yaml +++ b/stable/redis-ha/values.yaml @@ -5,6 +5,14 @@ image: repository: redis tag: 5.0.6-alpine pullPolicy: IfNotPresent + +## Reference to one or more secrets to be used when pulling images +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## This imagePullSecrets is only for redis images +## +imagePullSecrets: [] +# - name: "image-pull-secret" + ## replicas number for each component replicas: 3 @@ -38,6 +46,13 @@ haproxy: repository: haproxy tag: 2.0.4 pullPolicy: IfNotPresent + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + annotations: {} resources: {} ## Enable sticky sessions to Redis nodes via HAProxy From 6481a6f766a0fb07e29b1bef8ad8efeae83c6f20 Mon Sep 17 00:00:00 2001 From: Parth Laxmikant Kolekar Date: Fri, 21 Feb 2020 06:24:01 +0530 Subject: [PATCH 202/304] [stable/kafka-manager] Fix some minor typos in README.md (#20778) * Fix some minor typos in README.md Signed-off-by: Parth Kolekar * Bump version of kafka-manager chart Signed-off-by: Parth Kolekar --- stable/kafka-manager/Chart.yaml | 2 +- stable/kafka-manager/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kafka-manager/Chart.yaml b/stable/kafka-manager/Chart.yaml index 0ba946ec4d00..4f7bf8a63c6c 100644 --- a/stable/kafka-manager/Chart.yaml +++ b/stable/kafka-manager/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: kafka-manager -version: 2.2.0 +version: 2.2.1 appVersion: 1.3.3.22 kubeVersion: "^1.8.0-0" description: A tool for managing Apache Kafka. diff --git a/stable/kafka-manager/README.md b/stable/kafka-manager/README.md index 20c27a9a88bb..05cd1e0f2996 100644 --- a/stable/kafka-manager/README.md +++ b/stable/kafka-manager/README.md @@ -50,9 +50,9 @@ Parameter | Description | Default `zkHosts` | Zookeeper hosts required by the kafka-manager | `localhost:2181` `clusters` | Configuration of the clusters to manage | `{}` `applicationSecret` | Kafka-manager application secret | `""` -`basicAuth.enabled` | If ture, enable basic authentication | `false` +`basicAuth.enabled` | If true, enable basic authentication | `false` `basicAuth.username` | Username for basic auth | `admin` -`basicAuth.password` | Paswword for basic auth | `""` +`basicAuth.password` | Password for basic auth | `""` `javaOptions` | Java runtime options | `""` `service.type` | Kafka-manager service type | `ClusterIP` `service.port` | Kafka-manager service port | `9000` @@ -67,7 +67,7 @@ Parameter | Description | Default `tolerations` | Tolerations for pod assignment | `[]` `affinity` | Affinity for pod assignment | `{}` `zookeeper.enabled` | If true, deploy Zookeeper | `false` -`zookeeper.env` | Enviromental variables for Zookeeper | `ZK_HEAP_SIZE: "1G"` +`zookeeper.env` | Environmental variables for Zookeeper | `ZK_HEAP_SIZE: "1G"` `zookeeper.persistence` | If true, enable persistence for Zookeeper | `false` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, From cc4eae99d178e808be7a55d9f98f3707f1de2110 Mon Sep 17 00:00:00 2001 From: Igor Belikov Date: Fri, 21 Feb 2020 06:02:32 +0100 Subject: [PATCH 203/304] Fix deployment strategy location (#20898) strategy field should be a part of deployment spec, not pod template spec. Signed-off-by: Igor Belikov --- stable/cluster-autoscaler/Chart.yaml | 2 +- stable/cluster-autoscaler/templates/deployment.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index fbe468757eea..af42a09d4961 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 6.5.0 +version: 6.6.0 appVersion: 1.14.6 home: https://github.com/kubernetes/autoscaler sources: diff --git a/stable/cluster-autoscaler/templates/deployment.yaml b/stable/cluster-autoscaler/templates/deployment.yaml index 8a92000983a7..89dc70666608 100644 --- a/stable/cluster-autoscaler/templates/deployment.yaml +++ b/stable/cluster-autoscaler/templates/deployment.yaml @@ -14,6 +14,10 @@ spec: {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 6 }} {{- end }} +{{- if .Values.updateStrategy }} + strategy: + {{ toYaml .Values.updateStrategy | nindent 4 | trim }} +{{- end }} template: metadata: {{- if .Values.podAnnotations }} @@ -194,10 +198,6 @@ spec: securityContext: {{ toYaml .Values.securityContext | nindent 8 | trim }} {{- end }} - {{- if .Values.updateStrategy }} - strategy: - {{ toYaml .Values.updateStrategy | nindent 8 | trim }} - {{- end }} {{- if eq .Values.cloudProvider "gce" }} volumes: - name: cloudconfig From b72be881e6378d1675b1e7a544c0093c32ff45b5 Mon Sep 17 00:00:00 2001 From: Jean Baptiste Favre Date: Fri, 21 Feb 2020 09:18:31 +0100 Subject: [PATCH 204/304] [stable/prometheus-operator] keep consistency for grafana.service.portName (#20600) Grafana serviceMonitor provided by prometheus-operator doesn't allow custom portName. `service` is hardcoded in service template. This breaks monitoring if you define a custom `grafana.service.portName` in your helm release Signed-off-by: Jean Baptiste Favre --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + .../templates/grafana/servicemonitor.yaml | 2 +- stable/prometheus-operator/values.yaml | 5 +++++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 65f818b842f5..4485001dfdb8 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -12,7 +12,7 @@ sources: - https://github.com/coreos/kube-prometheus - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 8.9.0 +version: 8.9.1 appVersion: 0.36.0 tillerVersion: ">=2.12.0" home: https://github.com/coreos/prometheus-operator diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index e09db7020f27..6bf2c8ab3e3f 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -424,6 +424,7 @@ For a full list of configurable values please refer to the [Grafana chart](https | `grafana.ingress.labels` | Custom labels for Grafana Ingress | `{}` | | `grafana.ingress.tls` | Ingress TLS configuration for Grafana | `[]` | | `grafana.rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires rbac.pspEnabled) | `true` | +| `grafana.service.portName` | Allow to customize Grafana service portname. Will be used by servicemonitor as well | `service` | | `grafana.serviceMonitor.metricRelabelings` | The `metric_relabel_configs` for scraping the grafana instance. | `` | | `grafana.serviceMonitor.relabelings` | The `relabel_configs` for scraping the grafana instance. | `` | | `grafana.serviceMonitor.selfMonitor` | Create a `serviceMonitor` to automatically monitor the grafana instance | `true` | diff --git a/stable/prometheus-operator/templates/grafana/servicemonitor.yaml b/stable/prometheus-operator/templates/grafana/servicemonitor.yaml index 8024252b1f25..ee4ae9472ba6 100644 --- a/stable/prometheus-operator/templates/grafana/servicemonitor.yaml +++ b/stable/prometheus-operator/templates/grafana/servicemonitor.yaml @@ -16,7 +16,7 @@ spec: matchNames: - {{ $.Release.Namespace | quote }} endpoints: - - port: service + - port: {{ .Values.grafana.service.portName }} {{- if .Values.grafana.serviceMonitor.interval }} interval: {{ .Values.grafana.serviceMonitor.interval }} {{- end }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index a8d3059dd393..2b28c7f336f2 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -476,6 +476,11 @@ grafana: # url: https://prometheus.svc:9090 # version: 1 + ## Passed to grafana subchart and used by servicemonitor below + ## + service: + portName: service + ## If true, create a serviceMonitor for grafana ## serviceMonitor: From f8137a5f273cc563aa2554600bacea50a163e5bd Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 09:36:32 +0100 Subject: [PATCH 205/304] [stable/testlink] Release 7.1.2 (#20911) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/testlink] Release 7.1.2 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/testlink/Chart.yaml | 4 ++-- stable/testlink/requirements.lock | 4 ++-- stable/testlink/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/testlink/Chart.yaml b/stable/testlink/Chart.yaml index bd560e187303..d15aaf044302 100644 --- a/stable/testlink/Chart.yaml +++ b/stable/testlink/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: testlink -version: 7.1.1 -appVersion: 1.9.19 +version: 7.1.2 +appVersion: 1.9.20 description: Web-based test management system that facilitates software quality assurance. icon: https://bitnami.com/assets/stacks/testlink/img/testlink-stack-220x234.png keywords: diff --git a/stable/testlink/requirements.lock b/stable/testlink/requirements.lock index 35efb41e7b07..8ac637f74d08 100644 --- a/stable/testlink/requirements.lock +++ b/stable/testlink/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.3 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-14T20:59:22.425819807Z +generated: "2020-02-21T08:30:47.077742074Z" diff --git a/stable/testlink/values.yaml b/stable/testlink/values.yaml index f1bd96676cb2..79900948bffa 100644 --- a/stable/testlink/values.yaml +++ b/stable/testlink/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/testlink - tag: 1.9.19-debian-9-r290 + tag: 1.9.20-debian-10-r16 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -268,7 +268,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-9-r163 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 72af044f02711aa9cf3f72b4d1100855dab0796d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 09:54:32 +0100 Subject: [PATCH 206/304] [stable/owncloud] Release 8.1.3 (#20865) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/owncloud] Release 8.1.3 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/owncloud/Chart.yaml | 2 +- stable/owncloud/requirements.lock | 4 ++-- stable/owncloud/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/owncloud/Chart.yaml b/stable/owncloud/Chart.yaml index 6238d067e057..9814aa1869b6 100644 --- a/stable/owncloud/Chart.yaml +++ b/stable/owncloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: owncloud -version: 8.1.2 +version: 8.1.3 appVersion: 10.3.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/stable/owncloud/requirements.lock b/stable/owncloud/requirements.lock index 143950537c39..11373888efb5 100644 --- a/stable/owncloud/requirements.lock +++ b/stable/owncloud/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.5 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T01:36:13.783490197Z +generated: "2020-02-21T08:34:45.455900244Z" diff --git a/stable/owncloud/values.yaml b/stable/owncloud/values.yaml index 8c1983154142..0d9e9ea9949b 100644 --- a/stable/owncloud/values.yaml +++ b/stable/owncloud/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/owncloud - tag: 10.3.2-debian-10-r0 + tag: 10.3.2-debian-10-r18 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -254,7 +254,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r16 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 69b9129d61a013cd1fb534596e2f444e8475a747 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 09:54:44 +0100 Subject: [PATCH 207/304] [stable/prestashop] Release 9.1.6 (#20866) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/prestashop] Release 9.1.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/prestashop/Chart.yaml | 2 +- stable/prestashop/requirements.lock | 4 ++-- stable/prestashop/values.yaml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index e1c1eec1aef6..0ad3431624de 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prestashop -version: 9.1.5 +version: 9.1.6 appVersion: 1.7.6-3 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: diff --git a/stable/prestashop/requirements.lock b/stable/prestashop/requirements.lock index 1c77ac17231a..574929cc50f9 100644 --- a/stable/prestashop/requirements.lock +++ b/stable/prestashop/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.5 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-21T14:38:58.693606253Z +generated: "2020-02-21T08:33:57.152705242Z" diff --git a/stable/prestashop/values.yaml b/stable/prestashop/values.yaml index cebf62aaef29..427f2c2a671b 100644 --- a/stable/prestashop/values.yaml +++ b/stable/prestashop/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/prestashop - tag: 1.7.6-3-debian-10-r0 + tag: 1.7.6-3-debian-10-r12 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -126,7 +126,7 @@ mariadb: image: registry: docker.io repository: bitnami/mariadb - tag: 10.1.43-debian-10-r0 + tag: 10.1.44-debian-10-r15 ## Disable MariaDB replication replication: enabled: false @@ -303,7 +303,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r19 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From f83f3e51cb443e4bf694b6c9f1f2bceb405b63ea Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:26:33 +0100 Subject: [PATCH 208/304] [stable/ghost] Release 9.1.8 (#20782) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/ghost] Release 9.1.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/requirements.lock | 4 ++-- stable/ghost/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 1818a15d3fd6..8e71311dbcce 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: ghost -version: 9.1.7 -appVersion: 3.5.0 +version: 9.1.8 +appVersion: 3.6.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/requirements.lock b/stable/ghost/requirements.lock index b65ee5cbeb0d..ce90f645ec3a 100644 --- a/stable/ghost/requirements.lock +++ b/stable/ghost/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.7 + version: 7.3.10 digest: sha256:27bef733eb099a7377055cfe2c48e013bd4d55650ff18b50138c80488c812b0b -generated: 2020-02-07T14:06:13.501419131Z +generated: "2020-02-21T08:45:10.746374415Z" diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index c552db2b2339..c03fcbb7d3c1 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 3.5.0-debian-10-r0 + tag: 3.6.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 6732902b01e264e376deb4421c005c843ba05cb4 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:26:45 +0100 Subject: [PATCH 209/304] [stable/joomla] Release 7.1.7 (#20844) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/joomla] Release 7.1.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/joomla/Chart.yaml | 2 +- stable/joomla/requirements.lock | 4 ++-- stable/joomla/values.yaml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/joomla/Chart.yaml b/stable/joomla/Chart.yaml index 40288d3cc59a..f672549c7eba 100644 --- a/stable/joomla/Chart.yaml +++ b/stable/joomla/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: joomla -version: 7.1.6 +version: 7.1.7 appVersion: 3.9.15 description: PHP content management system (CMS) for publishing web content keywords: diff --git a/stable/joomla/requirements.lock b/stable/joomla/requirements.lock index f0d5d158a504..74fce72ae830 100644 --- a/stable/joomla/requirements.lock +++ b/stable/joomla/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T11:19:01.682658286Z +generated: "2020-02-21T08:44:30.283602666Z" diff --git a/stable/joomla/values.yaml b/stable/joomla/values.yaml index 0d76d3c6bd23..f251d14c3d36 100644 --- a/stable/joomla/values.yaml +++ b/stable/joomla/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/joomla - tag: 3.9.15-debian-10-r0 + tag: 3.9.15-debian-10-r8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -97,7 +97,7 @@ mariadb: image: registry: docker.io repository: bitnami/mariadb - tag: 10.1.43-debian-10-r4 + tag: 10.1.44-debian-10-r16 ## Disable MariaDB replication replication: enabled: false @@ -286,7 +286,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r4 + tag: 0.7.0-debian-10-r19 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From ce0aacad022d37d43ef8ec09d5e3cfd03b6c4e2b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:26:54 +0100 Subject: [PATCH 210/304] [stable/moodle] Release 7.1.2 (#20846) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/moodle] Release 7.1.2 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/moodle/Chart.yaml | 2 +- stable/moodle/requirements.lock | 4 ++-- stable/moodle/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index 3f222156d870..b5387f2014b0 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: moodle -version: 7.2.0 +version: 7.2.1 appVersion: 3.8.1 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/requirements.lock b/stable/moodle/requirements.lock index 146d1617d686..0b86f5111323 100644 --- a/stable/moodle/requirements.lock +++ b/stable/moodle/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T16:15:19.559635658Z +generated: "2020-02-21T08:43:36.556487031Z" diff --git a/stable/moodle/values.yaml b/stable/moodle/values.yaml index 9a0472716d29..ea91f99428d6 100644 --- a/stable/moodle/values.yaml +++ b/stable/moodle/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/moodle - tag: 3.8.1-debian-10-r0 + tag: 3.8.1-debian-10-r16 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -301,7 +301,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r19 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 6671126abc38dd97596b47ac2f0a0268503c4da3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:02 +0100 Subject: [PATCH 211/304] [stable/drupal] Release 6.2.6 (#20849) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/drupal] Release 6.2.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/drupal/Chart.yaml | 2 +- stable/drupal/requirements.lock | 4 ++-- stable/drupal/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index 72d6bdc1d465..35830ade3eb0 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: drupal -version: 6.2.5 +version: 6.2.6 appVersion: 8.8.2 description: One of the most versatile open source content management systems. keywords: diff --git a/stable/drupal/requirements.lock b/stable/drupal/requirements.lock index fdb57ed2fa0d..32889b350fe5 100644 --- a/stable/drupal/requirements.lock +++ b/stable/drupal/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.7 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-02-01T22:35:17.768855946Z +generated: "2020-02-21T08:43:12.902917481Z" diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index 96159288113e..8c6495a65554 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.8.2-debian-10-r0 + tag: 8.8.2-debian-10-r16 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -287,7 +287,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r7 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 961b8697247bf7c1e1b7643b51de768a09516328 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:10 +0100 Subject: [PATCH 212/304] [stable/jasperreports] Release 7.0.6 (#20850) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/jasperreports] Release 7.0.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/jasperreports/Chart.yaml | 2 +- stable/jasperreports/requirements.lock | 4 ++-- stable/jasperreports/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/jasperreports/Chart.yaml b/stable/jasperreports/Chart.yaml index f43100530852..f8818aa47984 100644 --- a/stable/jasperreports/Chart.yaml +++ b/stable/jasperreports/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: jasperreports -version: 7.0.5 +version: 7.0.6 appVersion: 7.2.0 description: The JasperReports server can be used as a stand-alone or embedded reporting and BI server that offers web-based reporting, analytic tools and visualization, diff --git a/stable/jasperreports/requirements.lock b/stable/jasperreports/requirements.lock index bd5ab22d53c6..262a8cfe90af 100644 --- a/stable/jasperreports/requirements.lock +++ b/stable/jasperreports/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T16:12:31.554779714Z +generated: "2020-02-21T08:41:00.783000841Z" diff --git a/stable/jasperreports/values.yaml b/stable/jasperreports/values.yaml index 671aaa09ca56..38a8e8a9a9d2 100644 --- a/stable/jasperreports/values.yaml +++ b/stable/jasperreports/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/jasperreports - tag: 7.2.0-debian-10-r0 + tag: 7.2.0-debian-10-r18 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From efa757ac203e8624ade98d12a641683f0b4e1324 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:18 +0100 Subject: [PATCH 213/304] [stable/mediawiki] Release 9.1.5 (#20851) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/mediawiki] Release 9.1.5 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/mediawiki/Chart.yaml | 2 +- stable/mediawiki/requirements.lock | 4 ++-- stable/mediawiki/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mediawiki/Chart.yaml b/stable/mediawiki/Chart.yaml index 5f52e1fb4a98..5d3e3f896d01 100644 --- a/stable/mediawiki/Chart.yaml +++ b/stable/mediawiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mediawiki -version: 9.1.4 +version: 9.1.5 appVersion: 1.34.0 description: Extremely powerful, scalable software and a feature-rich wiki implementation that uses PHP to process and display data stored in a database. home: http://www.mediawiki.org/ diff --git a/stable/mediawiki/requirements.lock b/stable/mediawiki/requirements.lock index 1c9257c89d20..2ce25995cad5 100644 --- a/stable/mediawiki/requirements.lock +++ b/stable/mediawiki/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:d45d6c79af1488743975c530c9bacc4321ef538392cc1603d08214a02e3cac49 -generated: 2020-01-24T11:24:50.626752195Z +generated: "2020-02-21T08:42:17.927460337Z" diff --git a/stable/mediawiki/values.yaml b/stable/mediawiki/values.yaml index 7d55ddd1450d..72369c7693bb 100644 --- a/stable/mediawiki/values.yaml +++ b/stable/mediawiki/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/mediawiki - tag: 1.34.0-debian-10-r0 + tag: 1.34.0-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -280,7 +280,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From d4d48df4700f40200916520a16a47481ffda0250 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:26 +0100 Subject: [PATCH 214/304] [stable/wordpress] Release 8.1.4 (#20853) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/wordpress] Release 8.1.4 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 3 version Signed-off-by: Carlos Rodriguez Hernandez * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/requirements.lock | 4 ++-- stable/wordpress/values-production.yaml | 4 ++-- stable/wordpress/values.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 396f82f19879..83206c45d776 100755 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: wordpress -version: 8.1.3 +version: 8.1.4 appVersion: 5.3.2 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/requirements.lock b/stable/wordpress/requirements.lock index 8fd973a0989f..d9c431c160c0 100644 --- a/stable/wordpress/requirements.lock +++ b/stable/wordpress/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:0a5be71f27bb4258b63df284f5006ab452666b4c3125a1c15b8753e71ec8c118 -generated: 2020-01-24T17:55:25.479439041Z +generated: "2020-02-21T08:41:48.341760785Z" diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index 1522fb5155e0..c813ab979977 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.3.2-debian-10-r0 + tag: 5.3.2-debian-10-r21 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -382,7 +382,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index 3d19d7d25629..f58efb6dba70 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.3.2-debian-10-r0 + tag: 5.3.2-debian-10-r21 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -377,7 +377,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From b6ac59749316924bee8ddf5fa5e4719ff568d2ef Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:34 +0100 Subject: [PATCH 215/304] [stable/orangehrm] Release 7.0.6 (#20860) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/orangehrm] Release 7.0.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/orangehrm/Chart.yaml | 2 +- stable/orangehrm/requirements.lock | 4 ++-- stable/orangehrm/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/orangehrm/Chart.yaml b/stable/orangehrm/Chart.yaml index c3fe300bef3a..af006c966143 100644 --- a/stable/orangehrm/Chart.yaml +++ b/stable/orangehrm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: orangehrm -version: 7.0.5 +version: 7.0.6 appVersion: 4.3.4-0 description: OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business. diff --git a/stable/orangehrm/requirements.lock b/stable/orangehrm/requirements.lock index 1ea1b1f485bd..c5688dc1eb85 100644 --- a/stable/orangehrm/requirements.lock +++ b/stable/orangehrm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.5 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T01:27:01.591709268Z +generated: "2020-02-21T08:40:11.060124841Z" diff --git a/stable/orangehrm/values.yaml b/stable/orangehrm/values.yaml index 5759d8692e29..b59fac517a85 100644 --- a/stable/orangehrm/values.yaml +++ b/stable/orangehrm/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/orangehrm - tag: 4.3.4-0-debian-10-r0 + tag: 4.3.4-0-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -239,7 +239,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r21 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 89e00a27de40c603b9a8a9195dbd7a3d568eb1d2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:42 +0100 Subject: [PATCH 216/304] [stable/phpbb] Release 7.0.6 (#20861) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phpbb] Release 7.0.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phpbb/Chart.yaml | 2 +- stable/phpbb/requirements.lock | 4 ++-- stable/phpbb/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/phpbb/Chart.yaml b/stable/phpbb/Chart.yaml index a2d816b01bee..a926f895afe2 100644 --- a/stable/phpbb/Chart.yaml +++ b/stable/phpbb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpbb -version: 7.0.5 +version: 7.0.6 appVersion: 3.3.0 description: Community forum that supports the notion of users and groups, file attachments, full-text search, notifications and more. keywords: diff --git a/stable/phpbb/requirements.lock b/stable/phpbb/requirements.lock index d7877e66faa5..db2ebda3e13a 100644 --- a/stable/phpbb/requirements.lock +++ b/stable/phpbb/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.5 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T01:03:48.847895458Z +generated: "2020-02-21T08:39:53.904157678Z" diff --git a/stable/phpbb/values.yaml b/stable/phpbb/values.yaml index 89ae20f948d8..64b98a22bcc9 100644 --- a/stable/phpbb/values.yaml +++ b/stable/phpbb/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/phpbb - tag: 3.3.0-debian-10-r0 + tag: 3.3.0-debian-10-r20 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -246,7 +246,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 6a8bdc03a1ec328e6ccca0af52041d4e496e1a16 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:50 +0100 Subject: [PATCH 217/304] [stable/osclass] Release 7.0.6 (#20862) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/osclass] Release 7.0.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/osclass/Chart.yaml | 2 +- stable/osclass/requirements.lock | 4 ++-- stable/osclass/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/osclass/Chart.yaml b/stable/osclass/Chart.yaml index 6d38ec697ab8..49e81f5928d5 100644 --- a/stable/osclass/Chart.yaml +++ b/stable/osclass/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: osclass -version: 7.0.5 +version: 7.0.6 appVersion: 3.7.4 description: Osclass is a php script that allows you to quickly create and manage your own free classifieds site. diff --git a/stable/osclass/requirements.lock b/stable/osclass/requirements.lock index 07b52487cfba..7720c6d14e5e 100644 --- a/stable/osclass/requirements.lock +++ b/stable/osclass/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T20:04:18.081206467Z +generated: "2020-02-21T08:39:31.254191304Z" diff --git a/stable/osclass/values.yaml b/stable/osclass/values.yaml index a0e3db56628e..83083fd59a26 100644 --- a/stable/osclass/values.yaml +++ b/stable/osclass/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/osclass - tag: 3.7.4-debian-10-r0 + tag: 3.7.4-debian-10-r20 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -265,7 +265,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r20 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 082be2d34c0e50f77a9e7f8710cafff5c8fe123a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:27:58 +0100 Subject: [PATCH 218/304] [stable/parse] Release 10.3.6 (#20863) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/parse] Release 10.3.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/parse/Chart.yaml | 2 +- stable/parse/requirements.lock | 4 ++-- stable/parse/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index 9772b4c3a063..beb455fc2c84 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: parse -version: 10.3.5 +version: 10.3.6 appVersion: 3.10.0 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: diff --git a/stable/parse/requirements.lock b/stable/parse/requirements.lock index ea2652adda59..d7822360d947 100644 --- a/stable/parse/requirements.lock +++ b/stable/parse/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mongodb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.8.0 + version: 7.8.4 digest: sha256:380fe3c8514cc2d19b28e5b1a79d83961fa9f9d7f438eba85425dbf8c0b89bbd -generated: 2020-01-24T01:00:20.325676678Z +generated: "2020-02-21T08:38:47.269390893Z" diff --git a/stable/parse/values.yaml b/stable/parse/values.yaml index 050018769fd7..bb5a4c2f8f96 100644 --- a/stable/parse/values.yaml +++ b/stable/parse/values.yaml @@ -63,7 +63,7 @@ server: image: registry: docker.io repository: bitnami/parse - tag: 3.10.0-debian-10-r0 + tag: 3.10.0-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -186,7 +186,7 @@ dashboard: image: registry: docker.io repository: bitnami/parse-dashboard - tag: 2.0.5-debian-10-r0 + tag: 2.0.5-debian-10-r21 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 9977a782e401b84e486d32742c54f942a111964f Mon Sep 17 00:00:00 2001 From: Vojtech Vitek Date: Fri, 21 Feb 2020 10:32:32 +0100 Subject: [PATCH 219/304] [stable/drone] Downgrade drone-agent to the latest published image tag (#20889) Fix regression from c89126cc9189e8eb5b02c157092853e26fe3fe6b. The latest published drone/agent image tag as of today is 1.6.2, see https://hub.docker.com/r/drone/agent/tags. Signed-off-by: Vojtech Vitek --- stable/drone/Chart.yaml | 2 +- stable/drone/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index be9fca74c274..5cedee04301f 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.7.0 +version: 2.7.1 appVersion: 1.6.5 description: Drone is a Continuous Delivery system built on container technology keywords: diff --git a/stable/drone/values.yaml b/stable/drone/values.yaml index 9abc802b91e7..2e497f9e341a 100644 --- a/stable/drone/values.yaml +++ b/stable/drone/values.yaml @@ -12,7 +12,7 @@ images: ## agent: repository: "docker.io/drone/agent" - tag: 1.6.5 + tag: 1.6.2 pullPolicy: IfNotPresent ## The official docker (dind) image, change tag to use a different version. From 716d30d22755840ec48575c32c2c84d0e2040394 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 21 Feb 2020 10:54:31 +0100 Subject: [PATCH 220/304] [stable/phpmyadmin] Release 4.2.13 (#20864) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phpmyadmin] Release 4.2.13 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez * Rebase Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phpmyadmin/Chart.yaml | 2 +- stable/phpmyadmin/requirements.lock | 2 +- stable/phpmyadmin/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/phpmyadmin/Chart.yaml b/stable/phpmyadmin/Chart.yaml index b3fd8d34540e..776c49249675 100644 --- a/stable/phpmyadmin/Chart.yaml +++ b/stable/phpmyadmin/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpmyadmin -version: 4.3.0 +version: 4.3.1 appVersion: 5.0.1 description: phpMyAdmin is an mysql administration frontend keywords: diff --git a/stable/phpmyadmin/requirements.lock b/stable/phpmyadmin/requirements.lock index 863b9172b62e..590ba2c9a7c8 100644 --- a/stable/phpmyadmin/requirements.lock +++ b/stable/phpmyadmin/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 6.13.0 digest: sha256:a5bab50185c0373da803c6b86abc0e27ed0be1053fe1b560bc8de5a8054e8101 -generated: 2019-11-06T08:55:02.361736016Z +generated: "2020-02-21T08:35:10.805427221Z" diff --git a/stable/phpmyadmin/values.yaml b/stable/phpmyadmin/values.yaml index 41c68be43633..b4dd6ae2a7ac 100644 --- a/stable/phpmyadmin/values.yaml +++ b/stable/phpmyadmin/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/phpmyadmin - tag: 5.0.1-debian-10-r0 + tag: 5.0.1-debian-10-r23 ## Specify a imagePullPolicy pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -162,7 +162,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r21 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From f009d7dee97c5c79e248ce7cec1af79f685e0316 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=ABl=20Bardelot?= Date: Fri, 21 Feb 2020 14:08:32 +0100 Subject: [PATCH 221/304] Adding extraConfigmapMounts to Flower (#20640) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A use-case is when you want to add a public certificate used for connection to a remote TLS endpoint. Signed-off-by: Noël Bardelot --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 1 + stable/airflow/templates/deployments-flower.yaml | 4 ++++ stable/airflow/values.yaml | 7 +++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 8aa3e195d78c..439c4706bd17 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 6.0.2 +version: 6.1.0 appVersion: 1.10.4 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 45501ef65503..7b0617211a97 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -391,6 +391,7 @@ The following table lists the configurable parameters of the Airflow chart and t | `airflow.extraVolumes` | additional volumes for the scheduler, worker & web pods | `[]` | | `airflow.initdb` | run `airflow initdb` when starting the scheduler | `true` | | `flower.enabled` | enable flow | `true` | +| `flower.extraConfigmapMounts` | Additional configMap volume mounts on the flower pod. | `[]` | | `flower.urlPrefix` | path of the flower ui | "" | | `flower.resources` | custom resource configuration for flower pod | `{}` | | `flower.labels` | labels for the flower deployment | `{}` | diff --git a/stable/airflow/templates/deployments-flower.yaml b/stable/airflow/templates/deployments-flower.yaml index eb3f3c1a12ef..73af76f3bf55 100644 --- a/stable/airflow/templates/deployments-flower.yaml +++ b/stable/airflow/templates/deployments-flower.yaml @@ -68,6 +68,10 @@ spec: - name: flower containerPort: 5555 protocol: TCP + {{- if .Values.flower.extraConfigmapMounts }} + volumeMounts: +{{ toYaml .Values.flower.extraConfigmapMounts | indent 12 }} + {{- end }} args: ["flower"] livenessProbe: httpGet: diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index cbed5350e5a6..9df4daa7dcba 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -231,6 +231,13 @@ flower: nodeSelector: {} affinity: {} tolerations: [] + extraConfigmapMounts: [] + # Use-case example: adding a public certificate used for connection to a remote TLS endpoint + # - name: extra-cert + # mountPath: /etc/ssl/certs/extra-cert.pem + # configMap: extra-certificates + # readOnly: true + # subPath: extra-cert.pem web: ## From 7ac3412dd57c690c47d9f32515805517fd4c5776 Mon Sep 17 00:00:00 2001 From: jmvizcainoio <44993815+jmvizcainoio@users.noreply.github.com> Date: Fri, 21 Feb 2020 14:58:32 +0100 Subject: [PATCH 222/304] [stable/stolon]Add support to create a shm volume to increase the size of this (#20416) * Add support to create a shm volume to increase the size of this Signed-off-by: Juan Manuel Vizcaino * Add support to create a shm volume to increase the size of this Signed-off-by: Juan Manuel Vizcaino * Signed-off-by: Juan Manuel Vizcaino Fix Readme, by default is disabled. --- stable/stolon/Chart.yaml | 2 +- stable/stolon/README.md | 1 + stable/stolon/templates/keeper-statefulset.yaml | 12 ++++++++++++ stable/stolon/values.yaml | 4 ++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/stable/stolon/Chart.yaml b/stable/stolon/Chart.yaml index 1a256b2eb226..b0012e0f197d 100644 --- a/stable/stolon/Chart.yaml +++ b/stable/stolon/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: stolon -version: 1.5.6 +version: 1.5.7 appVersion: 0.13.0 description: Stolon - PostgreSQL cloud native High Availability. home: https://github.com/sorintlab/stolon diff --git a/stable/stolon/README.md b/stable/stolon/README.md index ac4ed42bf826..adc80ad946af 100644 --- a/stable/stolon/README.md +++ b/stable/stolon/README.md @@ -34,6 +34,7 @@ Kubernetes is the default store backend. `consul`, `etcdv2` or `etcdv3` can also | `etcdImage.tag` | `etcd` image tag | `2.3.7` | | `etcdImage.pullPolicy` | `etcd` image pull policy | `IfNotPresent` | | `debug` | Debug mode | `false` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm on keepers pods | `false` | | `persistence.enabled` | Use a PVC to persist data | `true` | | `persistence.storageClassName` | Storage class name of backing PVC | `""` | | `persistence.accessModes` | Persistent volumes access modes | `["ReadWriteOnce"]` | diff --git a/stable/stolon/templates/keeper-statefulset.yaml b/stable/stolon/templates/keeper-statefulset.yaml index 8972cf5614b9..c7086b09c04b 100644 --- a/stable/stolon/templates/keeper-statefulset.yaml +++ b/stable/stolon/templates/keeper-statefulset.yaml @@ -55,6 +55,9 @@ spec: export STKEEPER_PG_LISTEN_ADDRESS=$POD_IP export STOLON_DATA=/stolon-data chown stolon:stolon $STOLON_DATA + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} exec gosu stolon stolon-keeper --data-dir $STOLON_DATA env: - name: POD_NAME @@ -117,6 +120,10 @@ spec: resources: {{ toYaml .Values.keeper.resources | indent 12 }} volumeMounts: +{{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm +{{- end }} - name: data mountPath: /stolon-data {{- if .Values.tls.enabled }} @@ -173,6 +180,11 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: +{{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory +{{- end }} {{- if .Values.tls.enabled }} - name: certs secret: diff --git a/stable/stolon/values.yaml b/stable/stolon/values.yaml index 0b24c9cdcff4..621546a5c433 100644 --- a/stable/stolon/values.yaml +++ b/stable/stolon/values.yaml @@ -15,6 +15,10 @@ etcdImage: debug: false +# Enable the creation of a shm volume +shmVolume: + enabled: false + persistence: enabled: true ## If defined, storageClassName: From b7afaf9d8875f6aa1cfed4c0422cb28e51d823a3 Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Fri, 21 Feb 2020 12:44:32 -0300 Subject: [PATCH 223/304] [stable/prometheus-adapter]: do not create apiservice when not needed (#20883) Signed-off-by: Carlos Alexandro Becker --- stable/prometheus-adapter/Chart.yaml | 2 +- .../prometheus-adapter/templates/custom-metrics-apiservice.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-adapter/Chart.yaml b/stable/prometheus-adapter/Chart.yaml index 8fbfac790c54..8647b9a6c1fd 100644 --- a/stable/prometheus-adapter/Chart.yaml +++ b/stable/prometheus-adapter/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prometheus-adapter -version: 2.1.1 +version: 2.1.2 appVersion: v0.6.0 description: A Helm chart for k8s prometheus adapter home: https://github.com/DirectXMan12/k8s-prometheus-adapter diff --git a/stable/prometheus-adapter/templates/custom-metrics-apiservice.yaml b/stable/prometheus-adapter/templates/custom-metrics-apiservice.yaml index 676402143caa..1eb380d70f99 100644 --- a/stable/prometheus-adapter/templates/custom-metrics-apiservice.yaml +++ b/stable/prometheus-adapter/templates/custom-metrics-apiservice.yaml @@ -1,3 +1,4 @@ +{{- if or .Values.rules.default .Values.rules.custom }} apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: @@ -19,3 +20,4 @@ spec: insecureSkipTLSVerify: {{ if .Values.tls.enable }}false{{ else }}true{{ end }} groupPriorityMinimum: 100 versionPriority: 100 +{{- end }} From 880fa53e2db7af76c01c50569f5061a0ffd0dd53 Mon Sep 17 00:00:00 2001 From: Sergio Borges <58406644+sc2borges@users.noreply.github.com> Date: Sun, 23 Feb 2020 02:14:47 +1100 Subject: [PATCH 224/304] [stable/prometheus-operator]Moving out PrometheusSpec.portName from range loop to Global Scope. (#20495) * Update Prometheus-operator for accept prometheusSpec.portName to Global Scope and Chart Version Signed-off-by: Sergio Borges * Changing the variable field to use the global $ scope context Signed-off-by: Sergio Borges * Update the Chart Version Signed-off-by: Sergio Borges * Bumps the Chart version to 8.9.1 Signed-off-by: Sergio Borges * Bump the Chart Version Signed-off-by: Sergio Borges --- stable/prometheus-operator/Chart.yaml | 2 +- .../templates/prometheus/serviceperreplica.yaml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 4485001dfdb8..a6df8ea49846 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -12,7 +12,7 @@ sources: - https://github.com/coreos/kube-prometheus - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 8.9.1 +version: 8.9.2 appVersion: 0.36.0 tillerVersion: ">=2.12.0" home: https://github.com/coreos/prometheus-operator diff --git a/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml b/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml index b5da0fa697e1..a57c0b2db37f 100644 --- a/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml +++ b/stable/prometheus-operator/templates/prometheus/serviceperreplica.yaml @@ -1,7 +1,6 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} {{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} -{{- $serviceValues := .Values.prometheus.servicePerReplica -}} -{{- $portName := .Values.prometheus.prometheusSpec.portName -}} +{{- $serviceValues := .Values.prometheus.servicePerReplica -}} apiVersion: v1 kind: List metadata: @@ -32,7 +31,7 @@ items: {{- end }} {{- end }} ports: - - name: {{ $portName }} + - name: {{ $.Values.prometheus.prometheusSpec.portName }} {{- if eq $serviceValues.type "NodePort" }} nodePort: {{ $serviceValues.nodePort }} {{- end }} From 65f1f381e293974b25e0903a45f395892f7bda7f Mon Sep 17 00:00:00 2001 From: Sergey Monakhov Date: Sat, 22 Feb 2020 18:20:47 +0300 Subject: [PATCH 225/304] [stable/prometheus-node-exporter] node-exporter add sidecar (#20952) * added sidecar containers to node-exporter Signed-off-by: Sergey Monakhov * update daemonset Signed-off-by: Sergey Monakhov --- stable/prometheus-node-exporter/Chart.yaml | 2 +- stable/prometheus-node-exporter/README.md | 2 ++ .../templates/daemonset.yaml | 25 +++++++++++++++++++ stable/prometheus-node-exporter/values.yaml | 14 +++++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index b0c3c8f31858..cb473eacfb2c 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.18.1 description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 1.8.2 +version: 1.9.0 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/README.md b/stable/prometheus-node-exporter/README.md index aaa51097e4ea..0c0c43e07e35 100644 --- a/stable/prometheus-node-exporter/README.md +++ b/stable/prometheus-node-exporter/README.md @@ -70,6 +70,8 @@ The following table lists the configurable parameters of the Node Exporter chart | `configmaps` | Allow mounting additional configmaps. | `[]` | | `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | | `updateStrategy` | Configure a custom update strategy for the daemonset | `Rolling update with 1 max unavailable` | +| `sidecars` | Additional containers for export metrics to text file | `[]` | | +| `sidecarVolumeMount` | Volume for sidecar containers | `[]` | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/prometheus-node-exporter/templates/daemonset.yaml b/stable/prometheus-node-exporter/templates/daemonset.yaml index 113d89352c33..473a2678978c 100644 --- a/stable/prometheus-node-exporter/templates/daemonset.yaml +++ b/stable/prometheus-node-exporter/templates/daemonset.yaml @@ -73,12 +73,30 @@ spec: {{- end }} {{- end }} {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: true + {{- end }} + {{- end }} {{- if .Values.configmaps }} {{- range $_, $mount := .Values.configmaps }} - name: {{ $mount.name }} mountPath: {{ $mount.mountPath }} {{- end }} {{- end }} +{{- if .Values.sidecars }} +{{ toYaml .Values.sidecars | indent 8 }} + {{- if .Values.sidecarVolumeMount }} + volumeMounts: + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- end }} + {{- end }} +{{- end }} hostNetwork: {{ .Values.hostNetwork }} hostPID: true {{- if .Values.affinity }} @@ -107,6 +125,13 @@ spec: path: {{ $mount.hostPath }} {{- end }} {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + emptyDir: + medium: Memory + {{- end }} + {{- end }} {{- if .Values.configmaps }} {{- range $_, $mount := .Values.configmaps }} - name: {{ $mount.name }} diff --git a/stable/prometheus-node-exporter/values.yaml b/stable/prometheus-node-exporter/values.yaml index 10746628dfb7..1567c8726df6 100644 --- a/stable/prometheus-node-exporter/values.yaml +++ b/stable/prometheus-node-exporter/values.yaml @@ -102,6 +102,7 @@ tolerations: ## extraArgs: [] # - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$ +# - --collector.textfile.directory=/run/prometheus ## Additional mounts from the host ## @@ -121,3 +122,16 @@ configmaps: [] ## Override the deployment namespace ## namespaceOverride: "" + +## Additional containers for export metrics to text file +## +sidecars: [] +## - name: nvidia-dcgm-exporter +## image: nvidia/dcgm-exporter:1.4.3 + +## Volume for sidecar containers +## +sidecarVolumeMount: [] +## - name: collector-textfiles +## mountPath: /run/prometheus +## readOnly: false From ab9695f3b9a492a52d66b71c9dc4e4524a51365d Mon Sep 17 00:00:00 2001 From: Simon Hardy Date: Sun, 23 Feb 2020 05:48:47 +0100 Subject: [PATCH 226/304] [incubator/cassandra] Fix affinity for backup cronjob (#20941) Signed-off-by: Simon Hardy --- incubator/cassandra/Chart.yaml | 2 +- .../cassandra/templates/backup/cronjob.yaml | 38 ++++++++++--------- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index 5a6f03498c75..96130b297c22 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: cassandra -version: 0.14.1 +version: 0.14.2 appVersion: 3.11.5 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/templates/backup/cronjob.yaml b/incubator/cassandra/templates/backup/cronjob.yaml index 28d7b1419136..3ee32108d4a9 100644 --- a/incubator/cassandra/templates/backup/cronjob.yaml +++ b/incubator/cassandra/templates/backup/cronjob.yaml @@ -66,23 +66,25 @@ spec: secret: secretName: {{ $backup.google.serviceAccountSecret | quote }} {{- end }} - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - {{ template "cassandra.fullname" $ }} - - key: release - operator: In - values: - - {{ $release.Name }} - topologyKey: "kubernetes.io/hostname" - {{- with $values.tolerations }} - tolerations: -{{ toYaml . | indent 10 }} - {{- end }} + affinity: + podAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ template "cassandra.fullname" $ }} + - key: release + operator: In + values: + - {{ $release.Name }} + topologyKey: "kubernetes.io/hostname" + {{- with $values.tolerations }} + tolerations: +{{ toYaml . | indent 12 }} + {{- end }} {{- end }} {{- end }} From 83fa6578f516ad0909592a43960affafec299441 Mon Sep 17 00:00:00 2001 From: Thiago Fortunato Date: Sun, 23 Feb 2020 12:32:47 -0300 Subject: [PATCH 227/304] [stable/bookstack] Fix default value in values.yaml based on README.md: (#20339) * Fix default value to `master.persistence.enable` Signed-off-by: thiagolsfortunato * Bump version Chart.yaml Signed-off-by: thiagolsfortunato * Fix default value persistence.uploads|storage.accessMode Signed-off-by: thiagolsfortunato * following suggestion and update only README.md Signed-off-by: thiagolsfortunato * set chart version to 1.2.1 Signed-off-by: thiagolsfortunato --- stable/bookstack/Chart.yaml | 2 +- stable/bookstack/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/bookstack/Chart.yaml b/stable/bookstack/Chart.yaml index 46a6f8d37d96..0df67c93dd0f 100644 --- a/stable/bookstack/Chart.yaml +++ b/stable/bookstack/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.27.5 description: BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information. name: bookstack -version: 1.2.0 +version: 1.2.1 home: https://www.bookstackapp.com/ icon: https://github.com/BookStackApp/website/blob/master/static/images/logo.png sources: diff --git a/stable/bookstack/README.md b/stable/bookstack/README.md index 5d027c2dbec8..110269b956fc 100644 --- a/stable/bookstack/README.md +++ b/stable/bookstack/README.md @@ -62,7 +62,7 @@ The following table lists the configurable parameters of the Redmine chart and t | `mariadb.db.user` | Database user to create | `bookstack` | | `mariadb.db.password` | Password for the database | `nil` | | `mariadb.rootUser.password` | MariaDB admin password | `nil` | -| `mariadb.master.persistence.enabled` | Enable MariaDB persistence using PVC | `true` | +| `mariadb.master.persistence.enabled` | Enable MariaDB persistence using PVC | `false` | | `mariadb.master.persistence.storageClass` | PVC Storage Class for MariaDB volume | `nil` (uses alpha storage class annotation) | | `mariadb.master.persistence.accessMode` | PVC Access Mode for MariaDB volume | `ReadWriteOnce` | | `mariadb.master.persistence.size` | PVC Storage Request for MariaDB volume | `8Gi` | @@ -74,12 +74,12 @@ The following table lists the configurable parameters of the Redmine chart and t | `serviceAccount.name` | Name of the ServiceAccount to use | `null` | | `persistence.uploads.enabled` | Enable persistence using PVC for uploads | `true` | | `persistence.uploads.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | -| `persistence.uploads.accessMode` | PVC Access Mode | `ReadWriteMany` | +| `persistence.uploads.accessMode` | PVC Access Mode | `ReadWriteOnce` | | `persistence.uploads.size` | PVC Storage Request | `8Gi` | | `persistence.uploads.existingClaim` | If PVC exists & bounded for uploads | `nil` (when nil, new one is requested) | | `persistence.storage.enabled` | Enable persistence using PVC for uploads | `true` | | `persistence.storage.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | -| `persistence.storage.accessMode` | PVC Access Mode | `ReadWriteMany` | +| `persistence.storage.accessMode` | PVC Access Mode | `ReadWriteOnce` | | `persistence.storage.size` | PVC Storage Request | `8Gi` | | `persistence.storage.existingClaim` | If PVC exists & bounded for storage | `nil` (when nil, new one is requested) | | `ingress.enabled` | Enable or disable the ingress | `false` | From 031c2593c68cfd641ba78510711f2b27897220de Mon Sep 17 00:00:00 2001 From: Irtiza Ali Date: Sun, 23 Feb 2020 21:22:46 +0500 Subject: [PATCH 228/304] [stable/influxdb] (#19302) * [stable/postgresql]: Adjust PGDATA to master value (#13470) * Adjust PGDATA to master value Signed-off-by: Marcin Klimus * bump-up version Signed-off-by: Marcin Klimus * correct variable name Signed-off-by: Marcin Klimus Signed-off-by: irti * update README.md file Signed-off-by: Irtiza Ali Signed-off-by: irti * bumped chart version Signed-off-by: Irtiza Ali Signed-off-by: irti * [add-config-params-table] update infuxdb README.md by adding parameters Signed-off-by: aliartiza75 * [add-config-params-table] fix conflicts Signed-off-by: aliartiza75 * [add-config-params-table] update manifest Signed-off-by: aliartiza75 * [add-config-params-table] update README.md file Signed-off-by: aliartiza75 --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/README.md | 54 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index e546af98d231..b33b0c9ca680 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 4.2.3 +version: 4.2.4 appVersion: 1.7.9 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/README.md b/stable/influxdb/README.md index b76df3f10dc4..4b6a9b172bb4 100644 --- a/stable/influxdb/README.md +++ b/stable/influxdb/README.md @@ -45,6 +45,60 @@ The command removes all the Kubernetes components associated with the chart and The default configuration values for this chart are listed in `values.yaml`. +#### General + +| Parameter | Description | Default | +|---|---|---| +| image.repository | Image repository url | influxdb | +| image.tag | Image tag | 1.7.6-alpine | +| image.pullPolicy | Image pull policy | IfNotPresent | +| image.pullSecrets | It will store the repository's credentials to pull image | nil | +| serviceAccount.create | It will create service account | true | +| serviceAccount.name | Service account name | "" | +| serviceAccount.annotations | Service account annotations | {} | +| livenessProbe | Health check for pod | {} | +| readinessProbe | Health check for pod | {} | +| startupProbe | Health check for pod | {} | +| service.type | Kubernetes service type | ClusterIP | +| persistence.enabled | Boolean to enable and disable persistance | true | +| persistence.storageClass | If set to "-", storageClassName: "", which disables dynamic provisioning. If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack | | +| persistence.annotations | Annotations for volumeClaimTemplates | nil | +| persistence.accessMode | Access mode for the volume | ReadWriteOnce | +| persistence.size | Storage size | 8Gi | +| podAnnotations | Annotations for pod | {} | +| ingress.enabled | Boolean flag to enable or disable ingress | false | +| ingress.tls | Boolean to enable or disable tls for ingress. If enabled provide a secret in `ingress.secretName` containing TLS private key and certificate. | false | +| ingress.secretName | Kubernetes secret containing TLS private key and certificate. It is `only` required if `ingress.tls` is enabled. | nil | +| ingress.hostname | Hostname for the ingress | influxdb.foobar.com | +| annotations | ingress annotations | nil | +| schedulerName | Use an [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/), e.g. "stork". | nil | +| nodeSelector | Node labels for pod assignment | {} | +| affinity | [Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) for pod assignment | {| +| tolerations | [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) for pod assignment | [] | +| env | environment variables for influxdb container | {} | +| config.reporting_disabled | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#reporting-disabled-false) | false | +| config.rpc | RPC address for backup and storage | {} | +| config.meta | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#meta) | {} | +| config.data | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#data) | {} | +| config.coordinator | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#coordinator) | {} | +| config.retention | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#retention) | {} | +| config.shard_precreation | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#shard-precreation) | {} | +| config.monitor | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#monitor) | {} | +| config.http | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#http) | {} | +| config.logging | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#logging) | {} | +| config.subscriber | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#subscriber) | {} | +| config.graphite | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#graphite) | {} | +| config.collectd | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#collectd) | {} | +| config.opentsdb | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#opentsdb) | {} | +| config.udp | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#udp) | {} | +| config.continous_queries | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#continuous-queries) | {} | +| config.tls | [Details](https://docs.influxdata.com/influxdb/v1.7/administration/config/#tls) | {} | +| initScripts.enabled | Boolean flag to enable and disable initscripts. If the container finds any files with the extensions .sh or .iql inside of the /docker-entrypoint-initdb.d folder, it will execute them. The order they are executed in is determined by the shell. This is usually alphabetical order. | false | +| initScripts.scripts | Init scripts | {} | +| backup.enabled | Boolean flag to enable and disable backups. Currently, it backups the data on `azure` and `gcs`. | false | +| backup.schedule | Cron time | `0 0 * * *`. It means create a backup everyday at `00:00`. | +| backup.annotations | Annotations for backup | {} | + The [full image documentation](https://hub.docker.com/_/influxdb/) contains more information about running InfluxDB in docker. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, From acaacc631acd82ddfec20accd81976a598983ba6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 08:30:48 +0100 Subject: [PATCH 229/304] [stable/rabbitmq] Release 6.17.3 updating components versions (#20925) Signed-off-by: Bitnami Containers --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/values-production.yaml | 4 ++-- stable/rabbitmq/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index a42922205f8c..6068f6e6372b 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.17.2 +version: 6.17.3 appVersion: 3.8.2 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index f8ea16c32e37..e2501267254d 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.8.2-debian-10-r0 + tag: 3.8.2-debian-10-r25 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb @@ -403,7 +403,7 @@ metrics: image: registry: docker.io repository: bitnami/rabbitmq-exporter - tag: 0.29.0-debian-10-r0 + tag: 0.29.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index 86ce969e2e9a..9bd3e46de6af 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.8.2-debian-10-r0 + tag: 3.8.2-debian-10-r25 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb @@ -380,7 +380,7 @@ metrics: image: registry: docker.io repository: bitnami/rabbitmq-exporter - tag: 0.29.0-debian-10-r0 + tag: 0.29.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From bec54e314973516f69abff0419b9e8c331c688cd Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 08:38:47 +0100 Subject: [PATCH 230/304] [stable/ghost] Release 9.1.9 (#20964) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/ghost] Release 9.1.9 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/requirements.lock | 2 +- stable/ghost/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 8e71311dbcce..5a335b44df09 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: ghost -version: 9.1.8 -appVersion: 3.6.0 +version: 9.1.9 +appVersion: 3.7.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/requirements.lock b/stable/ghost/requirements.lock index ce90f645ec3a..6fefd6b99395 100644 --- a/stable/ghost/requirements.lock +++ b/stable/ghost/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:27bef733eb099a7377055cfe2c48e013bd4d55650ff18b50138c80488c812b0b -generated: "2020-02-21T08:45:10.746374415Z" +generated: "2020-02-24T07:33:22.813494828Z" diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index c03fcbb7d3c1..6d8465c358a7 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 3.6.0-debian-10-r0 + tag: 3.7.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 53e42325976e6ebd536d114d6eac32d0e3b3c97a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 09:04:48 +0100 Subject: [PATCH 231/304] [stable/redis] Release 10.5.4 updating components versions (#20926) Signed-off-by: Bitnami Containers --- stable/redis/Chart.yaml | 2 +- stable/redis/values-production.yaml | 6 +++--- stable/redis/values.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index fd2088a71cf4..be9437bb50e6 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.5.3 +version: 10.5.4 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index cb5a785178ff..64640f5c3d89 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -18,7 +18,7 @@ image: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r0 + tag: 5.0.7-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -60,7 +60,7 @@ sentinel: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r0 + tag: 5.0.7-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -480,7 +480,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.3.5-debian-10-r0 + tag: 1.3.5-debian-10-r22 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index 67d37ce73ba1..b5f188e49049 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -18,7 +18,7 @@ image: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r0 + tag: 5.0.7-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -60,7 +60,7 @@ sentinel: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r0 + tag: 5.0.7-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -480,7 +480,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.3.5-debian-10-r0 + tag: 1.3.5-debian-10-r22 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 9e0122dae96102eae1fad1d76208f9077ffaf565 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 09:05:00 +0100 Subject: [PATCH 232/304] [stable/jasperreports] Release 7.0.7 (#20962) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/jasperreports] Release 7.0.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/jasperreports/Chart.yaml | 2 +- stable/jasperreports/requirements.lock | 2 +- stable/jasperreports/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/jasperreports/Chart.yaml b/stable/jasperreports/Chart.yaml index f8818aa47984..91d6a29a1605 100644 --- a/stable/jasperreports/Chart.yaml +++ b/stable/jasperreports/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: jasperreports -version: 7.0.6 +version: 7.0.7 appVersion: 7.2.0 description: The JasperReports server can be used as a stand-alone or embedded reporting and BI server that offers web-based reporting, analytic tools and visualization, diff --git a/stable/jasperreports/requirements.lock b/stable/jasperreports/requirements.lock index 262a8cfe90af..cba1ce47086e 100644 --- a/stable/jasperreports/requirements.lock +++ b/stable/jasperreports/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:41:00.783000841Z" +generated: "2020-02-24T07:34:49.318559617Z" diff --git a/stable/jasperreports/values.yaml b/stable/jasperreports/values.yaml index 38a8e8a9a9d2..c2be872dac7d 100644 --- a/stable/jasperreports/values.yaml +++ b/stable/jasperreports/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/jasperreports - tag: 7.2.0-debian-10-r18 + tag: 7.2.0-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 25815d6b742f1748839266a5b854a382f6dc9c94 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 09:32:48 +0100 Subject: [PATCH 233/304] [stable/drupal] Release 6.2.7 (#20924) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/drupal] Release 6.2.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/drupal/Chart.yaml | 2 +- stable/drupal/requirements.lock | 2 +- stable/drupal/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index 35830ade3eb0..d68411694e24 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: drupal -version: 6.2.6 +version: 6.2.7 appVersion: 8.8.2 description: One of the most versatile open source content management systems. keywords: diff --git a/stable/drupal/requirements.lock b/stable/drupal/requirements.lock index 32889b350fe5..2b28abcd36c7 100644 --- a/stable/drupal/requirements.lock +++ b/stable/drupal/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:43:12.902917481Z" +generated: "2020-02-24T07:39:53.777551264Z" diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index 8c6495a65554..145fbf1af8a7 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.8.2-debian-10-r16 + tag: 8.8.2-debian-10-r18 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -287,7 +287,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 26ffee4ba77191df8bf93a617f03d4582d674096 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 09:58:47 +0100 Subject: [PATCH 234/304] [stable/redmine] Release 14.1.8 (#20927) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/redmine] Release 14.1.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/redmine/Chart.yaml | 2 +- stable/redmine/requirements.lock | 6 +++--- stable/redmine/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index cb2b45d11d15..70ccfd8b89d8 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redmine -version: 14.1.7 +version: 14.1.8 appVersion: 4.1.0 description: A flexible project management web application. keywords: diff --git a/stable/redmine/requirements.lock b/stable/redmine/requirements.lock index f5f546cf2244..07473c856614 100644 --- a/stable/redmine/requirements.lock +++ b/stable/redmine/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com/ - version: 8.1.5 + version: 8.4.0 digest: sha256:35e88b466a4a45bf4e8c4a69a2738788dbc73168a37218e524c7fe3a18650e9e -generated: 2020-01-24T12:27:57.893600474Z +generated: "2020-02-24T07:39:39.541140606Z" diff --git a/stable/redmine/values.yaml b/stable/redmine/values.yaml index 565128202a9c..cb1f4e6c6444 100644 --- a/stable/redmine/values.yaml +++ b/stable/redmine/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/redmine - tag: 4.1.0-debian-10-r0 + tag: 4.1.0-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 3a971257621043921a65abc8db2f3be9f3d302b3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:20:49 +0100 Subject: [PATCH 235/304] [stable/parse] Release 10.3.7 (#20928) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/parse] Release 10.3.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/parse/Chart.yaml | 2 +- stable/parse/requirements.lock | 2 +- stable/parse/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index beb455fc2c84..8c5c47090f69 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: parse -version: 10.3.6 +version: 10.3.7 appVersion: 3.10.0 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: diff --git a/stable/parse/requirements.lock b/stable/parse/requirements.lock index d7822360d947..0960dedf95b5 100644 --- a/stable/parse/requirements.lock +++ b/stable/parse/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.8.4 digest: sha256:380fe3c8514cc2d19b28e5b1a79d83961fa9f9d7f438eba85425dbf8c0b89bbd -generated: "2020-02-21T08:38:47.269390893Z" +generated: "2020-02-24T07:39:19.975678921Z" diff --git a/stable/parse/values.yaml b/stable/parse/values.yaml index bb5a4c2f8f96..954f72773a4c 100644 --- a/stable/parse/values.yaml +++ b/stable/parse/values.yaml @@ -63,7 +63,7 @@ server: image: registry: docker.io repository: bitnami/parse - tag: 3.10.0-debian-10-r23 + tag: 3.10.0-debian-10-r26 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -186,7 +186,7 @@ dashboard: image: registry: docker.io repository: bitnami/parse-dashboard - tag: 2.0.5-debian-10-r21 + tag: 2.0.5-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 13e4d1f6b053ffd20c1ab5b514a6c390896956a9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:01 +0100 Subject: [PATCH 236/304] [stable/wordpress] Release 8.1.5 (#20929) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/wordpress] Release 8.1.5 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/requirements.lock | 2 +- stable/wordpress/values-production.yaml | 4 ++-- stable/wordpress/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 83206c45d776..79fe977e306e 100755 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: wordpress -version: 8.1.4 +version: 8.1.5 appVersion: 5.3.2 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/requirements.lock b/stable/wordpress/requirements.lock index d9c431c160c0..5c8aa239d098 100644 --- a/stable/wordpress/requirements.lock +++ b/stable/wordpress/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:0a5be71f27bb4258b63df284f5006ab452666b4c3125a1c15b8753e71ec8c118 -generated: "2020-02-21T08:41:48.341760785Z" +generated: "2020-02-24T07:39:02.834458068Z" diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index c813ab979977..d33a02d76d98 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.3.2-debian-10-r21 + tag: 5.3.2-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -382,7 +382,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index f58efb6dba70..faeb43d143a8 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.3.2-debian-10-r21 + tag: 5.3.2-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -377,7 +377,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 142ec0c36798c1a4b4a9955e2a8ffe020be442b0 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:10 +0100 Subject: [PATCH 237/304] [stable/mediawiki] Release 9.1.6 (#20930) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/mediawiki] Release 9.1.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/mediawiki/Chart.yaml | 2 +- stable/mediawiki/requirements.lock | 2 +- stable/mediawiki/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mediawiki/Chart.yaml b/stable/mediawiki/Chart.yaml index 5d3e3f896d01..6f1d776d9962 100644 --- a/stable/mediawiki/Chart.yaml +++ b/stable/mediawiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mediawiki -version: 9.1.5 +version: 9.1.6 appVersion: 1.34.0 description: Extremely powerful, scalable software and a feature-rich wiki implementation that uses PHP to process and display data stored in a database. home: http://www.mediawiki.org/ diff --git a/stable/mediawiki/requirements.lock b/stable/mediawiki/requirements.lock index 2ce25995cad5..8a24c7faf815 100644 --- a/stable/mediawiki/requirements.lock +++ b/stable/mediawiki/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:d45d6c79af1488743975c530c9bacc4321ef538392cc1603d08214a02e3cac49 -generated: "2020-02-21T08:42:17.927460337Z" +generated: "2020-02-24T07:38:45.948570846Z" diff --git a/stable/mediawiki/values.yaml b/stable/mediawiki/values.yaml index 72369c7693bb..14c95c5a4e0a 100644 --- a/stable/mediawiki/values.yaml +++ b/stable/mediawiki/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/mediawiki - tag: 1.34.0-debian-10-r22 + tag: 1.34.0-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -280,7 +280,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From d8fbe7e3d60dccd1b4e0bd18868e6d61dbbbd35a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:18 +0100 Subject: [PATCH 238/304] [stable/phpmyadmin] Release 4.3.2 (#20931) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phpmyadmin] Release 4.3.2 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phpmyadmin/Chart.yaml | 2 +- stable/phpmyadmin/requirements.lock | 2 +- stable/phpmyadmin/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/phpmyadmin/Chart.yaml b/stable/phpmyadmin/Chart.yaml index 776c49249675..3d428a75053e 100644 --- a/stable/phpmyadmin/Chart.yaml +++ b/stable/phpmyadmin/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpmyadmin -version: 4.3.1 +version: 4.3.2 appVersion: 5.0.1 description: phpMyAdmin is an mysql administration frontend keywords: diff --git a/stable/phpmyadmin/requirements.lock b/stable/phpmyadmin/requirements.lock index 590ba2c9a7c8..08c8a2c36410 100644 --- a/stable/phpmyadmin/requirements.lock +++ b/stable/phpmyadmin/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 6.13.0 digest: sha256:a5bab50185c0373da803c6b86abc0e27ed0be1053fe1b560bc8de5a8054e8101 -generated: "2020-02-21T08:35:10.805427221Z" +generated: "2020-02-24T07:38:28.611000558Z" diff --git a/stable/phpmyadmin/values.yaml b/stable/phpmyadmin/values.yaml index b4dd6ae2a7ac..6871988900fb 100644 --- a/stable/phpmyadmin/values.yaml +++ b/stable/phpmyadmin/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/phpmyadmin - tag: 5.0.1-debian-10-r23 + tag: 5.0.1-debian-10-r26 ## Specify a imagePullPolicy pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -162,7 +162,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r21 + tag: 0.7.0-debian-10-r23 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 4f827d82f9f68203a912b243506cfb928a57a556 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:26 +0100 Subject: [PATCH 239/304] [stable/owncloud] Release 8.1.4 (#20950) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/owncloud] Release 8.1.4 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/owncloud/Chart.yaml | 2 +- stable/owncloud/requirements.lock | 2 +- stable/owncloud/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/owncloud/Chart.yaml b/stable/owncloud/Chart.yaml index 9814aa1869b6..f4d61fbd3d1d 100644 --- a/stable/owncloud/Chart.yaml +++ b/stable/owncloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: owncloud -version: 8.1.3 +version: 8.1.4 appVersion: 10.3.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/stable/owncloud/requirements.lock b/stable/owncloud/requirements.lock index 11373888efb5..edd212b066b3 100644 --- a/stable/owncloud/requirements.lock +++ b/stable/owncloud/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:34:45.455900244Z" +generated: "2020-02-24T07:38:08.622373413Z" diff --git a/stable/owncloud/values.yaml b/stable/owncloud/values.yaml index 0d9e9ea9949b..234ef7c349a0 100644 --- a/stable/owncloud/values.yaml +++ b/stable/owncloud/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/owncloud - tag: 10.3.2-debian-10-r18 + tag: 10.3.2-debian-10-r20 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -254,7 +254,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r16 + tag: 0.7.0-debian-10-r24 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From a05cebd91a2b0bcbfe6541139924d1d781fc433c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:34 +0100 Subject: [PATCH 240/304] [stable/phpbb] Release 7.0.7 (#20951) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phpbb] Release 7.0.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phpbb/Chart.yaml | 2 +- stable/phpbb/requirements.lock | 2 +- stable/phpbb/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/phpbb/Chart.yaml b/stable/phpbb/Chart.yaml index a926f895afe2..25144350a897 100644 --- a/stable/phpbb/Chart.yaml +++ b/stable/phpbb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpbb -version: 7.0.6 +version: 7.0.7 appVersion: 3.3.0 description: Community forum that supports the notion of users and groups, file attachments, full-text search, notifications and more. keywords: diff --git a/stable/phpbb/requirements.lock b/stable/phpbb/requirements.lock index db2ebda3e13a..b9ea8136c6f8 100644 --- a/stable/phpbb/requirements.lock +++ b/stable/phpbb/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:39:53.904157678Z" +generated: "2020-02-24T07:37:47.116535546Z" diff --git a/stable/phpbb/values.yaml b/stable/phpbb/values.yaml index 64b98a22bcc9..5266883fe628 100644 --- a/stable/phpbb/values.yaml +++ b/stable/phpbb/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/phpbb - tag: 3.3.0-debian-10-r20 + tag: 3.3.0-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -246,7 +246,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r24 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From a878ffa7fcf630a435e4427522363b8d5915bb0c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:42 +0100 Subject: [PATCH 241/304] [stable/testlink] Release 7.1.3 (#20953) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/testlink] Release 7.1.3 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/testlink/Chart.yaml | 2 +- stable/testlink/requirements.lock | 2 +- stable/testlink/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/testlink/Chart.yaml b/stable/testlink/Chart.yaml index d15aaf044302..6789435c8eec 100644 --- a/stable/testlink/Chart.yaml +++ b/stable/testlink/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: testlink -version: 7.1.2 +version: 7.1.3 appVersion: 1.9.20 description: Web-based test management system that facilitates software quality assurance. icon: https://bitnami.com/assets/stacks/testlink/img/testlink-stack-220x234.png diff --git a/stable/testlink/requirements.lock b/stable/testlink/requirements.lock index 8ac637f74d08..b60e2185b13e 100644 --- a/stable/testlink/requirements.lock +++ b/stable/testlink/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:30:47.077742074Z" +generated: "2020-02-24T07:37:32.157352786Z" diff --git a/stable/testlink/values.yaml b/stable/testlink/values.yaml index 79900948bffa..ac20f300e9ba 100644 --- a/stable/testlink/values.yaml +++ b/stable/testlink/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/testlink - tag: 1.9.20-debian-10-r16 + tag: 1.9.20-debian-10-r17 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -268,7 +268,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r24 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From b7d4c5b2c8131f93b8feedc15a17211d9958a5c2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:50 +0100 Subject: [PATCH 242/304] [stable/moodle] Release 7.2.2 (#20959) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/moodle] Release 7.2.2 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/moodle/Chart.yaml | 2 +- stable/moodle/requirements.lock | 2 +- stable/moodle/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index b5387f2014b0..2c94662aaf67 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: moodle -version: 7.2.1 +version: 7.2.2 appVersion: 3.8.1 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/requirements.lock b/stable/moodle/requirements.lock index 0b86f5111323..258d97c5a4f3 100644 --- a/stable/moodle/requirements.lock +++ b/stable/moodle/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:43:36.556487031Z" +generated: "2020-02-24T07:37:15.823870369Z" diff --git a/stable/moodle/values.yaml b/stable/moodle/values.yaml index ea91f99428d6..a5b44b668300 100644 --- a/stable/moodle/values.yaml +++ b/stable/moodle/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/moodle - tag: 3.8.1-debian-10-r16 + tag: 3.8.1-debian-10-r17 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -301,7 +301,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r19 + tag: 0.7.0-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 57491f93cdc6b97c41d6e4ec77c6742346b7f1b9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 24 Feb 2020 10:21:58 +0100 Subject: [PATCH 243/304] [stable/opencart] Release 7.0.6 (#20960) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/opencart] Release 7.0.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/opencart/Chart.yaml | 2 +- stable/opencart/requirements.lock | 4 ++-- stable/opencart/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/opencart/Chart.yaml b/stable/opencart/Chart.yaml index 78fd00e94f43..5b858d47dc88 100644 --- a/stable/opencart/Chart.yaml +++ b/stable/opencart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: opencart -version: 7.0.5 +version: 7.0.6 appVersion: 3.0.3-2 description: A free and open source e-commerce platform for online merchants. It provides a professional and reliable foundation for a successful online store. keywords: diff --git a/stable/opencart/requirements.lock b/stable/opencart/requirements.lock index 18d6aecc9ad1..ce6bc77722d9 100644 --- a/stable/opencart/requirements.lock +++ b/stable/opencart/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.6 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: 2020-01-24T11:18:43.995991919Z +generated: "2020-02-24T07:37:00.741649992Z" diff --git a/stable/opencart/values.yaml b/stable/opencart/values.yaml index a9e3902f295b..e41ac0637dba 100644 --- a/stable/opencart/values.yaml +++ b/stable/opencart/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/opencart - tag: 3.0.3-2-debian-10-r0 + tag: 3.0.3-2-debian-10-r16 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -250,7 +250,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r0 + tag: 0.7.0-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 6e6ca86e2058dbaf4a0a967ced39ecdb0cf72535 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Mon, 24 Feb 2020 10:58:48 +0100 Subject: [PATCH 244/304] [stable/rabbitmq] Add 'extraConfiguration' to values.schema (#20426) Signed-off-by: juan131 --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/values.schema.json | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 6068f6e6372b..9eab0deac9d6 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.17.3 +version: 6.17.4 appVersion: 3.8.2 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/values.schema.json b/stable/rabbitmq/values.schema.json index 263ac0974335..038f57799475 100644 --- a/stable/rabbitmq/values.schema.json +++ b/stable/rabbitmq/values.schema.json @@ -15,6 +15,13 @@ "title": "RabbitMQ password", "form": true, "description": "Defaults to a random 10-character alphanumeric string if not set" + }, + "extraConfiguration": { + "type": "string", + "title": "Extra RabbitMQ Configuration", + "form": true, + "render": "textArea", + "description": "Extra configuration to be appended to RabbitMQ Configuration" } } }, From 5fe981ebac1af41bc12631536dfa0c96a305b60d Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Mon, 24 Feb 2020 12:18:47 +0200 Subject: [PATCH 245/304] Limit permissions required for Logagent only setups (#20971) Signed-off-by: Ciprian Hacman --- stable/sematext-agent/Chart.yaml | 2 +- stable/sematext-agent/templates/clusterrole.yaml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/stable/sematext-agent/Chart.yaml b/stable/sematext-agent/Chart.yaml index 3f3b4de30a29..8f7befe18514 100644 --- a/stable/sematext-agent/Chart.yaml +++ b/stable/sematext-agent/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 appVersion: "1.0" -version: 1.0.21 +version: 1.0.22 description: Helm chart for deploying Sematext Agent to Kubernetes keywords: - sematext diff --git a/stable/sematext-agent/templates/clusterrole.yaml b/stable/sematext-agent/templates/clusterrole.yaml index be26e9a9d3c9..b73685e5d9ca 100644 --- a/stable/sematext-agent/templates/clusterrole.yaml +++ b/stable/sematext-agent/templates/clusterrole.yaml @@ -14,6 +14,14 @@ rules: resources: - events - pods + verbs: + - list + - get + - watch +{{- if or (.Values.containerToken) (.Values.infraToken) }} +- apiGroups: + - "" + resources: - configmaps - nodes - secrets @@ -53,3 +61,4 @@ rules: - watch - list {{- end }} +{{- end }} From 6914e76c33683ea2d7a2e793c180b6a0d09345f8 Mon Sep 17 00:00:00 2001 From: Parth Laxmikant Kolekar Date: Mon, 24 Feb 2020 18:02:48 +0530 Subject: [PATCH 246/304] [stable/kafka-manager] Add LDAP authentication configurable features (#20777) * Add LDAP authentication configurable features Signed-off-by: Parth Kolekar * Minor version bump as per review Signed-off-by: Parth Kolekar * Fix spelling of password Signed-off-by: Parth Kolekar --- stable/kafka-manager/Chart.yaml | 2 +- stable/kafka-manager/README.md | 9 +++++++ .../kafka-manager/templates/deployment.yaml | 24 +++++++++++++++++++ stable/kafka-manager/templates/secrets.yaml | 6 +++++ stable/kafka-manager/values.yaml | 13 ++++++++++ 5 files changed, 53 insertions(+), 1 deletion(-) diff --git a/stable/kafka-manager/Chart.yaml b/stable/kafka-manager/Chart.yaml index 4f7bf8a63c6c..9b3061968fcb 100644 --- a/stable/kafka-manager/Chart.yaml +++ b/stable/kafka-manager/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: kafka-manager -version: 2.2.1 +version: 2.3.0 appVersion: 1.3.3.22 kubeVersion: "^1.8.0-0" description: A tool for managing Apache Kafka. diff --git a/stable/kafka-manager/README.md b/stable/kafka-manager/README.md index 05cd1e0f2996..12f7cb4827c2 100644 --- a/stable/kafka-manager/README.md +++ b/stable/kafka-manager/README.md @@ -53,6 +53,15 @@ Parameter | Description | Default `basicAuth.enabled` | If true, enable basic authentication | `false` `basicAuth.username` | Username for basic auth | `admin` `basicAuth.password` | Password for basic auth | `""` +`basicAuth.ldap.enabled` | If true, enable LDAP authentication | `false` +`basicAuth.ldap.server` | FQDN of the LDAP server | `""` +`basicAuth.ldap.port` | Port used for LDAP | `""` +`basicAuth.ldap.username` | Optional LDAP DN to bind for query | `""` +`basicAuth.ldap.pasword` | Optional LDAP password for the DN | `""` +`basicAuth.ldap.searchBaseDn` | LDAP search base | `""` +`basicAuth.ldap.searchFilter` | LDAP search filter for a valid account | `""` +`basicAuth.ldap.connectionPoolSize` | LDAP connection pool size | `10` +`basicAuth.ldap.ssl` | Enable LDAPS (not StartTLS) | `false` `javaOptions` | Java runtime options | `""` `service.type` | Kafka-manager service type | `ClusterIP` `service.port` | Kafka-manager service port | `9000` diff --git a/stable/kafka-manager/templates/deployment.yaml b/stable/kafka-manager/templates/deployment.yaml index 698f43118f50..d99668b344b5 100644 --- a/stable/kafka-manager/templates/deployment.yaml +++ b/stable/kafka-manager/templates/deployment.yaml @@ -51,6 +51,30 @@ spec: secretKeyRef: name: {{ template "kafka-manager.fullname" . }} key: basicAuthPassword + - name: KAFKA_MANAGER_LDAP_ENABLED + value: {{ .Values.basicAuth.ldap.enabled | quote }} + - name: KAFKA_MANAGER_LDAP_SERVER + value: {{ .Values.basicAuth.ldap.server | quote }} + - name: KAFKA_MANAGER_LDAP_PORT + value: {{ .Values.basicAuth.ldap.port | quote }} + - name: KAFKA_MANAGER_LDAP_USERNAME + valueFrom: + secretKeyRef: + name: {{ template "kafka-manager.fullname" . }} + key: basicAuthLDAPUsername + - name: KAFKA_MANAGER_LDAP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "kafka-manager.fullname" . }} + key: basicAuthLDAPPassword + - name: KAFKA_MANAGER_LDAP_SEARCH_BASE_DN + value: {{ .Values.basicAuth.ldap.searchBaseDn | quote }} + - name: KAFKA_MANAGER_LDAP_SEARCH_FILTER + value: {{ .Values.basicAuth.ldap.searchFilter | quote }} + - name: KAFKA_MANAGER_LDAP_CONNECTION_POOL_SIZE + value: {{ .Values.basicAuth.ldap.connectionPoolSize | quote }} + - name: KAFKA_MANAGER_LDAP_SSL + value: {{ .Values.basicAuth.ldap.ssl | quote }} livenessProbe: {{ toYaml .Values.livenessProbe | indent 12 }} readinessProbe: diff --git a/stable/kafka-manager/templates/secrets.yaml b/stable/kafka-manager/templates/secrets.yaml index 25eca37a1668..a968ea2aa845 100644 --- a/stable/kafka-manager/templates/secrets.yaml +++ b/stable/kafka-manager/templates/secrets.yaml @@ -21,3 +21,9 @@ data: {{ else }} basicAuthPassword: {{ randAlphaNum 10 | b64enc | quote }} {{ end }} + basicAuthLDAPUsername: {{ .Values.basicAuth.ldap.username | b64enc | quote }} + {{ if .Values.basicAuth.ldap.password }} + basicAuthLDAPPassword: {{ .Values.basicAuth.ldap.password | b64enc | quote }} + {{ else }} + basicAuthLDAPPassword: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} \ No newline at end of file diff --git a/stable/kafka-manager/values.yaml b/stable/kafka-manager/values.yaml index 2f301d2a12b4..ae9d6f49a8b2 100644 --- a/stable/kafka-manager/values.yaml +++ b/stable/kafka-manager/values.yaml @@ -99,6 +99,19 @@ basicAuth: ## Defaults to a random 10-character alphanumeric string if not set ## password: "" + ## LDAP Authentication + ## Ref : https://github.com/yahoo/CMAK#authenticating-a-user-with-ldap + ## + ldap: + enabled: false + server: "" + port: 389 + username: "" + password: "" + searchBaseDn: "" + searchFilter: "(uid=$capturedLogin$)" + connectionPoolSize: 10 + ssl: false ## Java runtime options. Passed through the JAVA_OPTS environmental variable ## From acc066230e1587db511a28a92148be7e7b1f98e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 24 Feb 2020 15:54:47 +0100 Subject: [PATCH 247/304] [bitnami/nats] Remove invalid debian-9 references (#20975) Signed-off-by: Carlos Rodriguez Hernandez --- stable/nats/Chart.yaml | 2 +- stable/nats/templates/deployment.yaml | 2 +- stable/nats/templates/statefulset.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index 1412ae0076da..601a953d72b8 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nats -version: 4.3.2 +version: 4.3.3 appVersion: 2.1.4 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/templates/deployment.yaml b/stable/nats/templates/deployment.yaml index 42ee4ff02a67..5aaed0ed15b2 100644 --- a/stable/nats/templates/deployment.yaml +++ b/stable/nats/templates/deployment.yaml @@ -91,7 +91,7 @@ spec: # to ensure nats could run with non-root user, we put the configuration # file under `/opt/bitnami/nats/{{ .Values.natsFilename }}.conf`, please check the link below # for the implementation inside Dockerfile: - # - https://github.com/bitnami/bitnami-docker-nats/blob/master/1/debian-9/Dockerfile#L12 + # - https://github.com/bitnami/bitnami-docker-nats#configuration {{- if .Values.extraArgs }} {{ toYaml .Values.extraArgs | indent 8 }} {{- end }} diff --git a/stable/nats/templates/statefulset.yaml b/stable/nats/templates/statefulset.yaml index f148ff1265e7..4134f073fada 100644 --- a/stable/nats/templates/statefulset.yaml +++ b/stable/nats/templates/statefulset.yaml @@ -97,7 +97,7 @@ spec: # to ensure nats could run with non-root user, we put the configuration # file under `/opt/bitnami/nats/{{ .Values.natsFilename }}.conf`, please check the link below # for the implementation inside Dockerfile: - # - https://github.com/bitnami/bitnami-docker-nats/blob/master/1/debian-9/Dockerfile#L12 + # - https://github.com/bitnami/bitnami-docker-nats#configuration {{- if .Values.extraArgs }} {{ toYaml .Values.extraArgs | indent 8 }} {{- end }} From 2af2b3cb7908a3bd92d356c95bea9a975ff822c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 24 Feb 2020 16:02:48 +0100 Subject: [PATCH 248/304] [bitnami/postgresql] Remove invalid debian-9 references (#20976) Signed-off-by: Carlos Rodriguez Hernandez --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index ab8e9b4baf19..c9ef89ab16d0 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.4.0 +version: 8.4.1 appVersion: 11.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 19455577e50d..26dfb666232f 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -274,7 +274,7 @@ To horizontally scale this chart, you can use the `--replicas` flag to modify th ### Change PostgreSQL version -To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0-debian-9-r0` +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=12.0.0` ### postgresql.conf / pg_hba.conf files as configMap From cb9d1e5935b15ebe17b3d3405996b0290c466210 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Mon, 24 Feb 2020 16:10:48 +0100 Subject: [PATCH 249/304] [bitnami/redmine] Remove invalid debian-9 references (#20977) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redmine/Chart.yaml | 2 +- stable/redmine/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index 70ccfd8b89d8..8e5d6dc9522a 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redmine -version: 14.1.8 +version: 14.1.9 appVersion: 4.1.0 description: A flexible project management web application. keywords: diff --git a/stable/redmine/README.md b/stable/redmine/README.md index c83c02221373..b2c37b880753 100644 --- a/stable/redmine/README.md +++ b/stable/redmine/README.md @@ -144,7 +144,7 @@ The following table lists the configurable parameters of the Redmine chart and t | `mailReceiver.suspend` | Whether to create suspended CronJob | `true` | | `mailReceiver.image.registry` | Mail to Task image registry | `docker.io` | | `mailReceiver.image.repository` | Mail to Task image repository | `bitnami/redmine` | -| `mailReceiver.image.tag` | Mail to Task image tag | `4.0.5-debian-9-r28` | +| `mailReceiver.image.tag` | Mail to Task image tag | `{TAG_NAME}` | | `mailReceiver.image.pullPolicy` | Mail to Task image pull policy | `IfNotPresent` | | `mailReceiver.mailProtocol` | Mail protocol to use for reading emails: `IMAP` or `POP3` | `IMAP` | | `mailReceiver.host` | Server to receive emails from | `""` | From 631eb8413f6728962439488f48d7d6fbb954a6db Mon Sep 17 00:00:00 2001 From: Mikhail Zholobov Date: Mon, 24 Feb 2020 17:06:48 +0100 Subject: [PATCH 250/304] [stable/nginx-ingress] Update nginx-ingress image version to 0.30.0 (#20978) * [stable/nginx-ingress] Bump nginx-ingress image version to 0.30.0 Signed-off-by: Mikhail Zholobov * [stable/nginx-ingress] Bump chart version Signed-off-by: Mikhail Zholobov --- stable/nginx-ingress/Chart.yaml | 4 ++-- stable/nginx-ingress/README.md | 2 +- stable/nginx-ingress/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index b24bed09866b..89caa18ad2d4 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: nginx-ingress -version: 1.31.0 -appVersion: 0.29.0 +version: 1.32.0 +appVersion: 0.30.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index 42b5875e3e91..9adba4e14631 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -48,7 +48,7 @@ Parameter | Description | Default --- | --- | --- `controller.name` | name of the controller component | `controller` `controller.image.repository` | controller container image repository | `quay.io/kubernetes-ingress-controller/nginx-ingress-controller` -`controller.image.tag` | controller container image tag | `0.29.0` +`controller.image.tag` | controller container image tag | `0.30.0` `controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` `controller.image.runAsUser` | User ID of the controller process. Value depends on the Linux distribution used inside of the container image. | `101` `controller.containerPort.http` | The port that the controller container listens on for http connections. | `80` diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 270a1d3b1679..164658e87aba 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -5,7 +5,7 @@ controller: name: controller image: repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller - tag: "0.29.0" + tag: "0.30.0" pullPolicy: IfNotPresent # www-data -> uid 101 runAsUser: 101 From e6954ce4782216c6fdf0725bb68395737b853f65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rk=20S=C3=A1gi-Kaz=C3=A1r?= Date: Mon, 24 Feb 2020 17:12:47 +0100 Subject: [PATCH 251/304] [stable/dex] Update dex example URLs (#20955) * Update dex example URLs Signed-off-by: Mark Sagi-Kazar * Update description Signed-off-by: Mark Sagi-Kazar --- stable/dex/Chart.yaml | 4 ++-- stable/dex/values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/dex/Chart.yaml b/stable/dex/Chart.yaml index dcd52abbf38a..d0bf27f55965 100644 --- a/stable/dex/Chart.yaml +++ b/stable/dex/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: dex -version: 2.8.0 +version: 2.8.1 appVersion: 2.21.0 -description: CoreOS Dex +description: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors keywords: - dex - oidc diff --git a/stable/dex/values.yaml b/stable/dex/values.yaml index c824c1bfffe4..eac30ea15b9e 100644 --- a/stable/dex/values.yaml +++ b/stable/dex/values.yaml @@ -108,7 +108,7 @@ certs: caDays: 10000 certDays: 10000 altNames: - - dex.io + - dex.example.com altIPs: {} secret: tlsName: dex-web-server-tls @@ -120,7 +120,7 @@ certs: create: true activeDeadlineSeconds: 300 altNames: - - dex.io + - dex.example.com altIPs: {} secret: serverTlsName: dex-grpc-server-tls @@ -162,7 +162,7 @@ podDisruptionBudget: {} # maxUnavailable: 1 config: - issuer: http://dex.io:8080 + issuer: http://dex.example.com:8080 storage: type: kubernetes config: From d7b292fbb9d94d136427006cf409cfa78186fa12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Mon, 24 Feb 2020 17:22:48 +0100 Subject: [PATCH 252/304] [stable/falco] Upload to Falco 0.20.0 (#20983) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Néstor Salceda --- stable/falco/CHANGELOG.md | 7 +++++++ stable/falco/Chart.yaml | 4 ++-- stable/falco/README.md | 2 +- stable/falco/rules/falco_rules.yaml | 24 +++++++++++++++++++++--- stable/falco/values.yaml | 2 +- 5 files changed, 32 insertions(+), 7 deletions(-) diff --git a/stable/falco/CHANGELOG.md b/stable/falco/CHANGELOG.md index 489dfb89019f..48914405ee6b 100644 --- a/stable/falco/CHANGELOG.md +++ b/stable/falco/CHANGELOG.md @@ -3,6 +3,13 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.1.2 + +### Minor Changes + +* Upgrade to Falco 0.20.0 +* Upgrade rules to Falco 0.20.0 + ## v1.1.1 ### Minor Changes diff --git a/stable/falco/Chart.yaml b/stable/falco/Chart.yaml index 316fd626ab66..467af685e00b 100644 --- a/stable/falco/Chart.yaml +++ b/stable/falco/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: falco -version: 1.1.1 -appVersion: 0.19.0 +version: 1.1.2 +appVersion: 0.20.0 description: Falco keywords: - monitoring diff --git a/stable/falco/README.md b/stable/falco/README.md index b856683b9a7b..9114ed86f5e0 100644 --- a/stable/falco/README.md +++ b/stable/falco/README.md @@ -47,7 +47,7 @@ The following table lists the configurable parameters of the Falco chart and the | --- | --- | --- | | `image.registry` | The image registry to pull from | `docker.io` | | `image.repository` | The image repository to pull from | `falcosecurity/falco` | -| `image.tag` | The image tag to pull | `0.19.0` | +| `image.tag` | The image tag to pull | `0.20.0` | | `image.pullPolicy` | The image pull policy | `IfNotPresent` | | `containerd.enabled` | Enable ContainerD support | `true` | | `containerd.socket` | The path of the ContainerD socket | `/run/containerd/containerd.sock` | diff --git a/stable/falco/rules/falco_rules.yaml b/stable/falco/rules/falco_rules.yaml index 75a33f154a6d..04ac475d9589 100644 --- a/stable/falco/rules/falco_rules.yaml +++ b/stable/falco/rules/falco_rules.yaml @@ -744,7 +744,7 @@ - macro: ms_oms_writing_conf condition: > - ((proc.name in (omiagent,omsagent,in_heartbeat_r*,omsadmin.sh,PerformInventor) + ((proc.name in (omiagent,omsagent,in_heartbeat_r*,omsadmin.sh,PerformInventor,dsc_host) or proc.pname in (ms_oms_binaries) or proc.aname[2] in (ms_oms_binaries)) and (fd.name startswith /etc/opt/omi or fd.name startswith /etc/opt/microsoft/omsagent)) @@ -1156,6 +1156,16 @@ - macro: automount_using_mtab condition: (proc.pname = automount and fd.name startswith /etc/mtab) +- macro: mcafee_writing_cma_d + condition: (proc.name=macompatsvc and fd.directory=/etc/cma.d) + +- macro: avinetworks_supervisor_writing_ssh + condition: > + (proc.cmdline="se_supervisor.p /opt/avi/scripts/se_supervisor.py -d" and + (fd.name startswith /etc/ssh/known_host_ or + fd.name startswith /etc/ssh/ssh_monitor_config_ or + fd.name startswith /etc/ssh/ssh_config_)) + # Add conditions to this macro (probably in a separate file, # overwriting this macro) to allow for specific combinations of # programs writing below specific directories below @@ -1190,6 +1200,7 @@ qualys-cloud-ag, locales.postins, nomachine_binaries, adclient, certutil, crlutil, pam-auth-update, parallels_insta, openshift-launc, update-rc.d, puppet) + and not (container and proc.cmdline in ("cp /run/secrets/kubernetes.io/serviceaccount/ca.crt /etc/pki/ca-trust/source/anchors/openshift-ca.crt")) and not proc.pname in (sysdigcloud_binaries, mail_config_binaries, hddtemp.postins, sshkit_script_binaries, locales.postins, deb_binaries, dhcp_binaries) and not fd.name pmatch (safe_etc_dirs) and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json, /etc/motd, /etc/motd.svc) @@ -1273,6 +1284,8 @@ and not etcd_manager_updating_dns and not user_known_write_below_etc_activities and not automount_using_mtab + and not mcafee_writing_cma_d + and not avinetworks_supervisor_writing_ssh - rule: Write below etc desc: an attempt to write to any file below /etc @@ -1340,6 +1353,9 @@ - macro: user_known_write_below_root_activities condition: (never_true) +- macro: runc_writing_exec_fifo + condition: (proc.cmdline="runc:[1:CHILD] init" and fd.name=/exec.fifo) + - rule: Write below root desc: an attempt to write to any file directly below / or /root condition: > @@ -1359,6 +1375,7 @@ and not galley_writing_state and not calico_writing_state and not rancher_writing_root + and not runc_writing_exec_fifo and not known_root_conditions and not user_known_write_root_conditions and not user_known_write_below_root_activities @@ -1529,7 +1546,7 @@ condition: > evt.type = setns and not proc.name in (docker_binaries, k8s_binaries, lxd_binaries, sysdigcloud_binaries, - sysdig, nsenter, calico, oci-umount, network_plugin_binaries) + sysdig, nsenter, calico, oci-umount, cilium-cni, network_plugin_binaries) and not proc.name in (user_known_change_thread_namespace_binaries) and not proc.name startswith "runc" and not proc.cmdline startswith "containerd" @@ -1668,7 +1685,8 @@ mesos_shell_binaries, erl_child_setup, exechealthz, PM2, PassengerWatchd, c_rehash, svlogd, logrotate, hhvm, serf, - lb-controller, nvidia-installe, runsv, statsite, erlexec) + lb-controller, nvidia-installe, runsv, statsite, erlexec, calico-node, + "puma reactor") and not proc.cmdline in (known_shell_spawn_cmdlines) and not proc.aname in (unicorn_launche) and not consul_running_net_scripts diff --git a/stable/falco/values.yaml b/stable/falco/values.yaml index ee6857fa240e..a08d9a62db6a 100644 --- a/stable/falco/values.yaml +++ b/stable/falco/values.yaml @@ -3,7 +3,7 @@ image: registry: docker.io repository: falcosecurity/falco - tag: 0.19.0 + tag: 0.20.0 pullPolicy: IfNotPresent docker: From ba51b01f1609105cdd743afeaed29fb09d6c6f35 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Mon, 24 Feb 2020 19:28:48 +0100 Subject: [PATCH 253/304] [stable/cluster-autoscaler]: fix psp volumes (#20891) Use a more sensible default, pods fails because it needs projected volumes Signed-off-by: Kevin Lefevre --- stable/cluster-autoscaler/Chart.yaml | 2 +- stable/cluster-autoscaler/templates/podsecuritypolicy.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index af42a09d4961..769cbb28a9be 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 6.6.0 +version: 6.6.1 appVersion: 1.14.6 home: https://github.com/kubernetes/autoscaler sources: diff --git a/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml b/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml index 9b4480fb304e..28369bf923ca 100644 --- a/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml +++ b/stable/cluster-autoscaler/templates/podsecuritypolicy.yaml @@ -16,6 +16,9 @@ spec: - 'configMap' - 'secret' - 'hostPath' + - 'emptyDir' + - 'projected' + - 'downwardAPI' {{- if eq .Values.cloudProvider "gce" }} allowedHostPaths: - pathPrefix: {{ .Values.cloudConfigPath }} From dc64cb2a9e2daf7bb5528f51525a39cd250fa214 Mon Sep 17 00:00:00 2001 From: jstudler Date: Mon, 24 Feb 2020 21:35:35 +0100 Subject: [PATCH 254/304] stable/mongodb and stable/redis Template kubectl run in NOTES.txt to take registry/repo overrides into account and fix Ports in NOTES.txt (#20972) * Template kubectl run in NOTES.txt to take registry/repo overrides into account Signed-off-by: Joel Studler * stable/mongodb Fixing wrong service port with service type LoadBalancer Signed-off-by: Joel Studler * stable/redis Fixing wrong service port with service type LoadBalancer Signed-off-by: Joel Studler --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/templates/NOTES.txt | 4 ++-- stable/redis/Chart.yaml | 2 +- stable/redis/templates/NOTES.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 18b03cdf730c..569df1816a7e 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mongodb -version: 7.8.4 +version: 7.8.5 appVersion: 4.2.3 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/templates/NOTES.txt b/stable/mongodb/templates/NOTES.txt index 2de5d48b9f49..294828b6d6e8 100644 --- a/stable/mongodb/templates/NOTES.txt +++ b/stable/mongodb/templates/NOTES.txt @@ -40,7 +40,7 @@ To get the password for "{{ .Values.mongodbUsername }}" run: To connect to your database run the following command: - kubectl run --namespace {{ .Release.Namespace }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --image bitnami/mongodb --command -- mongo admin --host {{ template "mongodb.serviceName" . }} {{- if .Values.usePassword }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} + kubectl run --namespace {{ .Release.Namespace }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mongodb.image" . }} --command -- mongo admin --host {{ template "mongodb.serviceName" . }} {{- if .Values.usePassword }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} To connect to your database from outside the cluster execute the following commands: @@ -56,7 +56,7 @@ To connect to your database from outside the cluster execute the following comma Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mongodb.serviceName" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mongodb.serviceName" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - mongo --host $SERVICE_IP --port {{ .Values.service.nodePort }} {{- if .Values.usePassword }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} + mongo --host $SERVICE_IP --port {{ .Values.service.port }} {{- if .Values.usePassword }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} {{- else if contains "ClusterIP" .Values.service.type }} diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index be9437bb50e6..d731bd97ca17 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.5.4 +version: 10.5.5 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/NOTES.txt b/stable/redis/templates/NOTES.txt index 4298d7037944..5b1089e8bec6 100644 --- a/stable/redis/templates/NOTES.txt +++ b/stable/redis/templates/NOTES.txt @@ -91,7 +91,7 @@ To connect to your database from outside the cluster execute the following comma Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "redis.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "redis.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - redis-cli -h $SERVICE_IP -p {{ .Values.master.service.nodePort }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }} + redis-cli -h $SERVICE_IP -p {{ .Values.master.service.port }} {{- if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }} {{- else if contains "ClusterIP" .Values.master.service.type }} From d37b5025ffc8be49699898369fbb59661e2a8ffb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christoph=20H=C3=B6sler?= Date: Mon, 24 Feb 2020 22:41:36 +0100 Subject: [PATCH 255/304] [stable/nginx-ingress] feature: add switch to disable clusterrole (-binding) (#20984) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feature: add switch to disable clusterrole (-binding) Signed-off-by: Christoph Hösler * bump version to 1.33.0 Signed-off-by: Christoph Hösler * update README.md Signed-off-by: Christoph Hösler --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/README.md | 1 + stable/nginx-ingress/templates/clusterrole.yaml | 2 +- stable/nginx-ingress/templates/clusterrolebinding.yaml | 2 +- stable/nginx-ingress/templates/controller-deployment.yaml | 3 +++ stable/nginx-ingress/values.yaml | 1 + 6 files changed, 8 insertions(+), 3 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 89caa18ad2d4..fb42838724cd 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.32.0 +version: 1.33.0 appVersion: 0.30.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index 9adba4e14631..84ab59669ff5 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -216,6 +216,7 @@ Parameter | Description | Default `defaultBackend.serviceAccount.name` | The name of the backend service account to use. If not set and `create` is `true`, a name is generated using the fullname template. Only useful if you need a pod security policy to run the backend. | `` `imagePullSecrets` | name of Secret resource containing private registry credentials | `nil` `rbac.create` | if `true`, create & use RBAC resources | `true` +`rbac.scope` | if `true`, do not create & use clusterrole and -binding. Set to `true` in combination with `controller.scope.enabled=true` to disable load-balancer status updates and scope the ingress entirely. | `false` `podSecurityPolicy.enabled` | if `true`, create & use Pod Security Policy resources | `false` `serviceAccount.create` | if `true`, create a service account for the controller | `true` `serviceAccount.name` | The name of the controller service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | `` diff --git a/stable/nginx-ingress/templates/clusterrole.yaml b/stable/nginx-ingress/templates/clusterrole.yaml index 2b77de2f5fb9..507260301816 100644 --- a/stable/nginx-ingress/templates/clusterrole.yaml +++ b/stable/nginx-ingress/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rbac.create -}} +{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/stable/nginx-ingress/templates/clusterrolebinding.yaml b/stable/nginx-ingress/templates/clusterrolebinding.yaml index 3679143c5d94..1f6976a0418f 100644 --- a/stable/nginx-ingress/templates/clusterrolebinding.yaml +++ b/stable/nginx-ingress/templates/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rbac.create -}} +{{- if and (.Values.rbac.create) (not .Values.rbac.scope) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/stable/nginx-ingress/templates/controller-deployment.yaml b/stable/nginx-ingress/templates/controller-deployment.yaml index 1a00a4b8e9e2..1abcb26e4840 100644 --- a/stable/nginx-ingress/templates/controller-deployment.yaml +++ b/stable/nginx-ingress/templates/controller-deployment.yaml @@ -97,6 +97,9 @@ spec: {{- if .Values.controller.scope.enabled }} - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} {{- end }} + {{- if and (.Values.controller.scope.enabled) (.Values.rbac.scope) }} + - --update-status=false + {{- end }} {{- if and (.Values.controller.reportNodeInternalIp) (.Values.controller.hostNetwork) }} - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} {{- end }} diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 164658e87aba..b17bfef42609 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -527,6 +527,7 @@ defaultBackend: ## Enable RBAC as per https://github.com/kubernetes/ingress/tree/master/examples/rbac/nginx and https://github.com/kubernetes/ingress/issues/266 rbac: create: true + scope: false # If true, create & use Pod Security Policy resources # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ From 7e5d171bb35f6de581df4f799a3ad8c7efa8fa11 Mon Sep 17 00:00:00 2001 From: GD <9uill4ume@gmail.com> Date: Mon, 24 Feb 2020 23:29:35 +0100 Subject: [PATCH 256/304] Add annotations to the service (#19777) Signed-off-by: 9uill4ume <9uill4ume@gmail.com> --- stable/gangway/Chart.yaml | 2 +- stable/gangway/templates/service.yaml | 4 ++++ stable/gangway/values.yaml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/gangway/Chart.yaml b/stable/gangway/Chart.yaml index 2aa8bf42b1ae..293653a5405f 100644 --- a/stable/gangway/Chart.yaml +++ b/stable/gangway/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. name: gangway -version: 0.4.0 +version: 0.4.1 appVersion: 3.3.0 home: https://github.com/heptiolabs/gangway sources: diff --git a/stable/gangway/templates/service.yaml b/stable/gangway/templates/service.yaml index 2fa366fd8aba..26001de98709 100644 --- a/stable/gangway/templates/service.yaml +++ b/stable/gangway/templates/service.yaml @@ -11,6 +11,10 @@ metadata: helm.sh/chart: {{ include "gangway.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} spec: type: {{ .Values.service.type }} ports: diff --git a/stable/gangway/values.yaml b/stable/gangway/values.yaml index 4c5c69fa07c6..094443587579 100644 --- a/stable/gangway/values.yaml +++ b/stable/gangway/values.yaml @@ -142,6 +142,7 @@ service: port: 80 # Specifies a loadBalancerIP when using LoadBalancer service type # loadBalancerIP: 192.168.0.51 + annotations: {} ingress: enabled: false From a63e6819b8acc4617cd480acd0d5094e482de2b5 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 25 Feb 2020 06:16:48 +0100 Subject: [PATCH 257/304] [stable/grafana] spec is immutable with auto provisioning claims (#17806) * spec is immutable with auto provisioning Signed-off-by: Daniel Leinfelder * bump version Signed-off-by: Daniel Leinfelder Signed-off-by: Daniel Leinfelder * bump version Signed-off-by: Daniel Leinfelder * fix merge conflict Signed-off-by: Daniel Leinfelder * spec is immutable with auto provisioning Signed-off-by: Daniel Leinfelder --- stable/grafana/Chart.yaml | 2 +- stable/grafana/templates/pvc.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 7c31b8889c3d..c97f039e4117 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 5.0.0 +version: 5.0.1 appVersion: 6.6.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/templates/pvc.yaml b/stable/grafana/templates/pvc.yaml index 90d5477d6cd3..4727d0aa14c1 100644 --- a/stable/grafana/templates/pvc.yaml +++ b/stable/grafana/templates/pvc.yaml @@ -22,5 +22,7 @@ spec: resources: requests: storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} {{- end -}} From 3944b1421eb039725816c905c00608193226b001 Mon Sep 17 00:00:00 2001 From: Steve Hipwell Date: Tue, 25 Feb 2020 13:26:48 +0000 Subject: [PATCH 258/304] [stable/sonarqube] Sonar certs (#20767) * Support custom certs Signed-off-by: Steve Hipwell * Fix lint errors Signed-off-by: Steve Hipwell --- stable/sonarqube/Chart.yaml | 2 +- stable/sonarqube/README.md | 157 ++++++++++----------- stable/sonarqube/templates/deployment.yaml | 98 +++++++------ stable/sonarqube/values.yaml | 25 ++-- 4 files changed, 154 insertions(+), 128 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 30de94217f34..6f64ea8da129 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 3.4.1 +version: 4.0.0 appVersion: 7.9.2 keywords: - coverage diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index dbaf43069a51..d6aa07466e2d 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -37,76 +37,77 @@ $ helm delete kindly-newt The following table lists the configurable parameters of the Sonarqube chart and their default values. -| Parameter | Description | Default | -| ------------------------------------------ | ---------------------------------------- | -------------------------------------------| -| `replicaCount` | Number of replicas deployed | `1` | -| `deploymentStrategy` | Deployment strategy | `{}` | -| `image.repository` | image repository | `sonarqube` | -| `image.tag` | `sonarqube` image tag. | `7.9.2-community` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecret` | imagePullSecret to use for private repository | | -| `command` | command to run in the container | `nil` (need to be set prior to 6.7.6, and 7.4) | -| `elasticsearch.configureNode` | Modify k8s worker to conform to system requirements | `true` | -| `elasticsearch.bootstrapChecks` | Enables/disables Elasticsearch bootstrap checks | `true` | -| `securityContext.fsGroup` | Group applied to mounted directories/files| `999` | -| `ingress.enabled` | Flag for enabling ingress | false | -| `ingress.labels` | Ingress additional labels | `{}` | -| `ingress.hosts[0].name` | Hostname to your SonarQube installation | `sonar.organization.com` | -| `ingress.hosts[0].path` | Path within the URL structure | / | -| `ingress.tls` | Ingress secrets for TLS certificates | `[]` | -| `livenessProbe.sonarWebContext` | SonarQube web context for livenessProbe | / | -| `readinessProbe.sonarWebContext` | SonarQube web context for readinessProbe | / | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.externalPort` | Kubernetes service port | `9000` | -| `service.internalPort` | Kubernetes container port | `9000` | -| `service.labels` | Kubernetes service labels | None | -| `service.annotations` | Kubernetes service annotations | None | -| `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | None | -| `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | None | -| `persistence.enabled` | Flag for enabling persistent storage | false | -| `persistence.annotations` | Kubernetes pvc annotations | `{}` | -| `persistence.existingClaim` | Do not create a new PVC but use this one | None | -| `persistence.storageClass` | Storage class to be used | "" | -| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | -| `persistence.size` | Size of the volume | 10Gi | -| `persistence.volumes` | Specify extra volumes. Refer to ".spec.volumes" specification | [] | -| `persistence.mounts` | Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification | [] | -| `sonarProperties` | Custom `sonar.properties` file | None | -| `sonarSecretProperties` | Additional `sonar.properties` file to load from a secret | None | -| `customCerts.enabled` | Use `customCerts.secretName` | false | -| `customCerts.secretName` | Name of the secret which conatins your `cacerts` | false | -| `sonarSecretKey` | Name of existing secret used for settings encryption | None | -| `sonarProperties` | Custom `sonar.properties` file | `{}` | -| `database.type` | Set to "mysql" to use mysql database | `postgresql`| -| `postgresql.enabled` | Set to `false` to use external server / mysql database | `true` | -| `postgresql.postgresqlServer` | Hostname of the external Postgresql server| `null` | -| `postgresql.postgresqlPasswordSecret` | Secret containing the password of the external Postgresql server | `null` | -| `postgresql.postgresqlUsername` | Postgresql database user | `sonarUser` | -| `postgresql.postgresqlPassword` | Postgresql database password | `sonarPass` | -| `postgresql.postgresqlDatabase` | Postgresql database name | `sonarDB` | -| `postgresql.service.port` | Postgresql port | `5432` | -| `mysql.enabled` | Set to `false` to use external server / postgresql database | `false` | -| `mysql.mysqlServer` | Hostname of the external Mysql server | `null` | -| `mysql.mysqlPasswordSecret` | Secret containing the password of the external Mysql server | `null` | -| `mysql.mysqlUser` | Mysql database user | `sonarUser` | -| `mysql.mysqlPassword` | Mysql database password | `sonarPass` | -| `mysql.mysqlDatabase` | Mysql database name | `sonarDB` | -| `mysql.mysqlParams` | Mysql parameters for JDBC connection string | `{}` | -| `mysql.service.port` | Mysql port | `3306` | -| `annotations` | Sonarqube Pod annotations | `{}` | -| `resources` | Sonarqube Pod resource requests & limits | `{}` | -| `affinity` | Node / Pod affinities | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `hostAliases` | Aliases for IPs in /etc/hosts | `[]` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `plugins.install` | List of plugins to install | `[]` | -| `plugins.lib` | List of plugins to install to `lib/common`| `[]` | -| `plugins.resources` | Plugin Pod resource requests & limits | `{}` | -| `plugins.initContainerImage` | Change init container image | `alpine:3.10.3` | -| `plugins.initSysctlContainerImage` | Change init sysctl container image | `busybox:1.31` | -| `plugins.deleteDefaultPlugins` | Remove default plugins and use plugins.install list | `[]` | -| `podLabels` | Map of labels to add to the pods | `{}` | -| `sonarqubeFolder` | Directory name of Sonarqube | `/opt/sonarqube` | +| Parameter | Description | Default | +| ------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------- | +| `replicaCount` | Number of replicas deployed | `1` | +| `deploymentStrategy` | Deployment strategy | `{}` | +| `image.repository` | image repository | `sonarqube` | +| `image.tag` | `sonarqube` image tag. | `7.9.2-community` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecret` | imagePullSecret to use for private repository | | +| `command` | command to run in the container | `nil` (need to be set prior to 6.7.6, and 7.4) | +| `elasticsearch.configureNode` | Modify k8s worker to conform to system requirements | `true` | +| `elasticsearch.bootstrapChecks` | Enables/disables Elasticsearch bootstrap checks | `true` | +| `securityContext.fsGroup` | Group applied to mounted directories/files | `999` | +| `ingress.enabled` | Flag for enabling ingress | false | +| `ingress.labels` | Ingress additional labels | `{}` | +| `ingress.hosts[0].name` | Hostname to your SonarQube installation | `sonar.organization.com` | +| `ingress.hosts[0].path` | Path within the URL structure | / | +| `ingress.tls` | Ingress secrets for TLS certificates | `[]` | +| `livenessProbe.sonarWebContext` | SonarQube web context for livenessProbe | / | +| `readinessProbe.sonarWebContext` | SonarQube web context for readinessProbe | / | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.externalPort` | Kubernetes service port | `9000` | +| `service.internalPort` | Kubernetes container port | `9000` | +| `service.labels` | Kubernetes service labels | None | +| `service.annotations` | Kubernetes service annotations | None | +| `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | None | +| `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | None | +| `persistence.enabled` | Flag for enabling persistent storage | false | +| `persistence.annotations` | Kubernetes pvc annotations | `{}` | +| `persistence.existingClaim` | Do not create a new PVC but use this one | None | +| `persistence.storageClass` | Storage class to be used | "" | +| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | +| `persistence.size` | Size of the volume | 10Gi | +| `persistence.volumes` | Specify extra volumes. Refer to ".spec.volumes" specification | [] | +| `persistence.mounts` | Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification | [] | +| `sonarProperties` | Custom `sonar.properties` file | None | +| `sonarSecretProperties` | Additional `sonar.properties` file to load from a secret | None | +| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` | +| `jvmOpts` | Values to add to SONARQUBE_WEB_JVM_OPTS | `""` | +| `env` | Environment variables to attach to the pods | `nil` | +| `sonarSecretKey` | Name of existing secret used for settings encryption | None | +| `sonarProperties` | Custom `sonar.properties` file | `{}` | +| `database.type` | Set to "mysql" to use mysql database | `postgresql` | +| `postgresql.enabled` | Set to `false` to use external server / mysql database | `true` | +| `postgresql.postgresqlServer` | Hostname of the external Postgresql server | `null` | +| `postgresql.postgresqlPasswordSecret` | Secret containing the password of the external Postgresql server | `null` | +| `postgresql.postgresqlUsername` | Postgresql database user | `sonarUser` | +| `postgresql.postgresqlPassword` | Postgresql database password | `sonarPass` | +| `postgresql.postgresqlDatabase` | Postgresql database name | `sonarDB` | +| `postgresql.service.port` | Postgresql port | `5432` | +| `mysql.enabled` | Set to `false` to use external server / postgresql database | `false` | +| `mysql.mysqlServer` | Hostname of the external Mysql server | `null` | +| `mysql.mysqlPasswordSecret` | Secret containing the password of the external Mysql server | `null` | +| `mysql.mysqlUser` | Mysql database user | `sonarUser` | +| `mysql.mysqlPassword` | Mysql database password | `sonarPass` | +| `mysql.mysqlDatabase` | Mysql database name | `sonarDB` | +| `mysql.mysqlParams` | Mysql parameters for JDBC connection string | `{}` | +| `mysql.service.port` | Mysql port | `3306` | +| `annotations` | Sonarqube Pod annotations | `{}` | +| `resources` | Sonarqube Pod resource requests & limits | `{}` | +| `affinity` | Node / Pod affinities | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `hostAliases` | Aliases for IPs in /etc/hosts | `[]` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `plugins.install` | List of plugins to install | `[]` | +| `plugins.lib` | List of plugins to install to `lib/common` | `[]` | +| `plugins.resources` | Plugin Pod resource requests & limits | `{}` | +| `plugins.initContainerImage` | Change init container image | `alpine:3.10.3` | +| `plugins.initSysctlContainerImage` | Change init sysctl container image | `busybox:1.31` | +| `plugins.deleteDefaultPlugins` | Remove default plugins and use plugins.install list | `[]` | +| `podLabels` | Map of labels to add to the pods | `{}` | +| `sonarqubeFolder` | Directory name of Sonarqube | `/opt/sonarqube` | You can also configure values for the PostgreSQL / MySQL database via the Postgresql [README.md](https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md) / MySQL [README.md](https://github.com/kubernetes/charts/blob/master/stable/mysql/README.md) @@ -116,7 +117,7 @@ For overriding variables see: [Customizing the chart](https://docs.helm.sh/using In environments with air-gapped setup, especially with internal tooling (repos) and self-signed certificates it is required to provide an adequate `cacerts` which overrides the default one: -1. Create a yaml file `cacerts.yaml` with a secret that contanins the `cacerts` +1. Create a yaml file `cacerts.yaml` with a secret that contains one or more keys to represent the certificates that you want including ```yaml apiVersion: v1 @@ -124,11 +125,11 @@ In environments with air-gapped setup, especially with internal tooling (repos) metadata: name: my-cacerts data: - cacerts: | + cert-1.crt: | xxxxxxxxxxxxxxxxxxxxxxx ``` -2. Upload your `cacerts.yaml` to a secret with the key you specify in `secretName` in the cluster you are installing Sonarqube to. +2. Upload your `cacerts.yaml` to a secret in the cluster you are installing Sonarqube to. ```shell $ kubectl apply -f cacerts.yaml @@ -137,20 +138,18 @@ In environments with air-gapped setup, especially with internal tooling (repos) 3. Set the following values of the chart: ```yaml - customCerts: - ## Enable to override the default cacerts with your own one - enabled: false - secretName: my-cacerts + caCerts: + secret: my-cacerts ``` ### Elasticsearch Settings Since SonarQube comes bundled with an Elasticsearch instance, some [bootstrap checks](https://www.elastic.co/guide/en/elasticsearch/reference/master/bootstrap-checks.html) of the host settings are done at start. -This chart offers the option to use an initContainer in privilaged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide. +This chart offers the option to use an initContainer in privilaged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide. To enable auto-configuration of the kube worker node, set `elasticsearch.configureNode` to `true`. This is the default behavior, so you do not need to explicitly set this. -This will run `sysctl -w vm.max_map_count=262144` on the worker where the sonarqube pod(s) get scheduled. This needs to be set to `262144` but normally defaults to `65530`. Other kernel settings are recommended by the [docker image](https://hub.docker.com/_/sonarqube/#requirements), but the defaults work fine in most cases. +This will run `sysctl -w vm.max_map_count=262144` on the worker where the sonarqube pod(s) get scheduled. This needs to be set to `262144` but normally defaults to `65530`. Other kernel settings are recommended by the [docker image](https://hub.docker.com/_/sonarqube/#requirements), but the defaults work fine in most cases. To disable worker node configuration, set `elasticsearch.configureNode` to `false`. Note that if node configuration is not enabled, then you will likely need to also disable the Elasticsearch bootstrap checks. These can be explicitly disabled by setting `elasticsearch.bootstrapChecks` to `false`. diff --git a/stable/sonarqube/templates/deployment.yaml b/stable/sonarqube/templates/deployment.yaml index e20fa4a93eb5..d74805aa361e 100644 --- a/stable/sonarqube/templates/deployment.yaml +++ b/stable/sonarqube/templates/deployment.yaml @@ -34,15 +34,18 @@ spec: spec: securityContext: {{ toYaml .Values.securityContext | indent 8 }} + {{- if .Values.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.image.pullSecret }} + {{- end }} initContainers: - name: chmod-volume-mounts + image: busybox:1.31 command: - "sh" - "-c" - - 'mkdir -p $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins) && - chown 999:999 -R $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins)' - image: busybox:1.31 - imagePullPolicy: IfNotPresent + - 'mkdir -p $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs) && + chown 999:999 -R $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)' volumeMounts: - mountPath: /opt/sonarqube/temp name: sonarqube @@ -62,40 +65,60 @@ spec: - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: plugins + {{- with .Values.env }} + env: + {{- . | toYaml | trim | nindent 12 }} + {{- end }} + {{- if .Values.caCerts }} + - name: ca-certs + image: adoptopenjdk/openjdk11:alpine + command: ["sh"] + args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done;"] + volumeMounts: + - mountPath: /tmp/certs + name: sonarqube + subPath: certs + - mountPath: /tmp/secrets/ca-certs + name: ca-certs + {{- with .Values.env }} + env: + {{- . | toYaml | trim | nindent 12 }} + {{- end }} + {{- end }} {{- if .Values.elasticsearch.configureNode }} - name: init-sysctl image: {{ default "busybox:1.31" .Values.plugins.initSysctlContainerImage }} + securityContext: + privileged: true command: - sysctl - -w - vm.max_map_count=262144 - imagePullPolicy: IfNotPresent - securityContext: - privileged: true + {{- with .Values.env }} + env: + {{- . | toYaml | trim | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.plugins.install }} - name: install-plugins image: {{ default "alpine:3.10.3" .Values.plugins.initContainerImage }} - env: - {{- range $key, $value := .Values.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} command: ["sh", "-c", "mkdir -p {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp && rm -f {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/* && cp /tmp/scripts/install_plugins.sh {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/install_plugins.sh && chmod 0775 {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/install_plugins.sh && - {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/install_plugins.sh && pwd && ls -lah - " - ] + {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/install_plugins.sh && pwd && ls -lah"] volumeMounts: - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp name: sonarqube subPath: tmp - name: install-plugins mountPath: /tmp/scripts/ + {{- with .Values.env }} + env: + {{- . | toYaml | trim | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.plugins.resources | indent 12 }} {{- if .Values.nodeSelector }} @@ -118,16 +141,9 @@ spec: {{- if and .Values.sonarProperties .Values.sonarSecretProperties }} - name: concat-properties image: {{ default "alpine:3.10.3" .Values.plugins.initContainerImage }} - env: - {{- range $key, $value := .Values.extraEnv }} - - name: {{ $key }} - value: {{ $value }} - {{- end }} command: ["sh", "-c", - "awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties - " - ] + "awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties"] volumeMounts: - mountPath: /tmp/props/sonar.properties name: config @@ -137,10 +153,10 @@ spec: subPath: secret.properties - mountPath: /tmp/result name: concat-dir - {{- end }} - {{- if .Values.image.pullSecret }} - imagePullSecrets: - - name: {{ .Values.image.pullSecret }} + {{- with .Values.env }} + env: + {{- . | toYaml | trim | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ .Chart.Name }} @@ -155,10 +171,15 @@ spec: - /tmp/scripts/copy_plugins.sh {{- end }} env: - {{- range $key, $value := .Values.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + {{- with .Values.env }} + {{- . | toYaml | trim | nindent 12 }} {{- end }} + - name: SONARQUBE_WEB_JVM_OPTS + {{- if .Values.caCerts }} + value: {{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder .Values.jvmOpts | trim | quote }} + {{- else }} + value: "{{ .Values.jvmOpts }}" + {{- end }} - name: SONARQUBE_JDBC_USERNAME {{- if eq .Values.database.type "postgresql" }} value: {{ .Values.postgresql.postgresqlUsername | quote }} @@ -209,10 +230,10 @@ spec: - mountPath: {{ .Values.sonarqubeFolder }}/secret/ name: secret {{- end }} - {{- if .Values.customCerts.enabled }} - - mountPath: /etc/ssl/certs/java/cacerts - subPath: cacerts - name: cacerts + {{- if .Values.caCerts }} + - mountPath: {{ .Values.sonarqubeFolder }}/certs + name: sonarqube + subPath: certs {{- end }} - mountPath: {{ .Values.sonarqubeFolder }}/data name: sonarqube @@ -278,13 +299,10 @@ spec: - key: sonar-secret.txt path: sonar-secret.txt {{- end }} - {{- if .Values.customCerts.enabled }} - - name: cacerts + {{- if .Values.caCerts }} + - name: ca-certs secret: - secretName: {{ .Values.customCerts.secretName }} - items: - - key: cacerts - path: cacerts + secretName: {{ .Values.caCerts.secret }} {{- end }} - name: install-plugins configMap: diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml index 4948fbeba048..2f48786d7c19 100644 --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -91,12 +91,26 @@ livenessProbe: # A trailing "/" must be included sonarWebContext: / # sonarWebContext: /sonarqube/ - -# Set extra env variables. Like proxy settings. -extraEnv: {} # If an ingress *path* is defined, it should be reflected here # sonar.web.context: /sonarqube +## Provide a secret containing one or more certificate files in the keys that will be added to cacerts +## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS +## +# caCerts: +# secret: my-secret + +## Values to add to SONARQUBE_WEB_JVM_OPTS +## +# jvmOpts: "-Djava.net.preferIPv4Stack=true" +jvmOpts: "" + +## Environment variables to attach to the pods +## +# env: +# - name: VARIABLE +# value: my-value + # Set annotations for pods annotations: {} @@ -166,11 +180,6 @@ plugins: # The 'sonar.secretKeyPath' property will be set automatically. # sonarSecretKey: "settings-encryption-secret" -customCerts: - ## Enable to override the default cacerts with your own one - enabled: false - secretName: my-cacerts - ## Configuration value to select database type ## Option to use "postgresql" or "mysql" database type, by default "postgresql" is chosen ## Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select From 424336aae6e2b8d165034f5a65d1cb451992aa71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mattias=20Nens=C3=A9n?= <59168151+mattiasnensen@users.noreply.github.com> Date: Tue, 25 Feb 2020 15:04:49 +0100 Subject: [PATCH 259/304] [stable/prometheus] Fix server.alertmanagers (#20779) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix helm/charts/stable/prometheus/templates/server-configmap.yaml Signed-off-by: Mattias Nensén Signed-off-by: Mattias Nensén * Bumps version Signed-off-by: Mattias Nensén Signed-off-by: Mattias Nensén --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/templates/server-configmap.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index be09558be1c5..c5808e046e5a 100644 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prometheus -version: 10.4.0 +version: 10.4.1 appVersion: 2.15.2 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/templates/server-configmap.yaml b/stable/prometheus/templates/server-configmap.yaml index 6ebccaa334c1..ac79fdf2fb68 100644 --- a/stable/prometheus/templates/server-configmap.yaml +++ b/stable/prometheus/templates/server-configmap.yaml @@ -40,7 +40,7 @@ data: {{- if $root.Values.extraScrapeConfigs }} {{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }} {{- end -}} -{{- if $root.Values.alertmanager.enabled }} +{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }} alerting: {{- if $root.Values.alertRelabelConfigs }} {{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }} From 675d7dcebec77a3bd8004ec63c82b258d7920ff6 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Tue, 25 Feb 2020 21:10:50 +0100 Subject: [PATCH 260/304] [stable/postgresql] Bump image revision to include fix on permissions (#21015) Signed-off-by: juan131 --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/values-production.yaml | 2 +- stable/postgresql/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index c9ef89ab16d0..d26df16416dc 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.4.1 +version: 8.4.2 appVersion: 11.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 4d87f90982ef..80811837261c 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -15,7 +15,7 @@ global: image: registry: docker.io repository: bitnami/postgresql - tag: 11.7.0-debian-10-r0 + tag: 11.7.0-debian-10-r8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 36b9ac48325f..dc93921a611d 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -15,7 +15,7 @@ global: image: registry: docker.io repository: bitnami/postgresql - tag: 11.7.0-debian-10-r0 + tag: 11.7.0-debian-10-r8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 82abdd59adc6cf8c04c9fc1826410b062e35043a Mon Sep 17 00:00:00 2001 From: Naseem Date: Tue, 25 Feb 2020 16:36:26 -0500 Subject: [PATCH 261/304] Update prometheus to 2.16.0 (#20821) Signed-off-by: Naseem --- stable/prometheus/Chart.yaml | 4 ++-- stable/prometheus/README.md | 2 +- stable/prometheus/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index c5808e046e5a..8e6f7c9fc9df 100644 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: prometheus -version: 10.4.1 -appVersion: 2.15.2 +version: 10.5.0 +appVersion: 2.16.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index 127d458ec499..c48e9243480a 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -290,7 +290,7 @@ Parameter | Description | Default `server.enabled` | If false, Prometheus server will not be created | `true` `server.name` | Prometheus server container name | `server` `server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.15.2` +`server.image.tag` | Prometheus server container image tag | `v2.16.0` `server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` `server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` `server.global.scrape_interval` | How frequently to scrape targets by default | `1m` diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index a00a00f574d6..436fce6989b8 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -589,7 +589,7 @@ server: ## image: repository: prom/prometheus - tag: v2.15.2 + tag: v2.16.0 pullPolicy: IfNotPresent ## prometheus server priorityClassName From 75383584362eb12ca26b0e1cfb10cd2552922925 Mon Sep 17 00:00:00 2001 From: Naseem Date: Tue, 25 Feb 2020 16:42:27 -0500 Subject: [PATCH 262/304] Update kube-state-metrics (#21017) Signed-off-by: Naseem Co-authored-by: David J. M. Karlsen --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/README.md | 2 +- stable/prometheus/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 8e6f7c9fc9df..0bf72d960fa0 100644 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prometheus -version: 10.5.0 +version: 10.5.1 appVersion: 2.16.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index c48e9243480a..0f8e0e1217ce 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -196,7 +196,7 @@ Parameter | Description | Default `kubeStateMetrics.enabled` | If true, create kube-state-metrics | `true` `kubeStateMetrics.name` | kube-state-metrics container name | `kube-state-metrics` `kubeStateMetrics.image.repository` | kube-state-metrics container image repository| `quay.io/coreos/kube-state-metrics` -`kubeStateMetrics.image.tag` | kube-state-metrics container image tag | `v1.9.0` +`kubeStateMetrics.image.tag` | kube-state-metrics container image tag | `v1.9.5` `kubeStateMetrics.image.pullPolicy` | kube-state-metrics container image pull policy | `IfNotPresent` `kubeStateMetrics.args` | kube-state-metrics container arguments | `{}` `kubeStateMetrics.nodeSelector` | node labels for kube-state-metrics pod assignment | `{}` diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index 436fce6989b8..116cb6b55de7 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -353,7 +353,7 @@ kubeStateMetrics: ## image: repository: quay.io/coreos/kube-state-metrics - tag: v1.9.1 + tag: v1.9.5 pullPolicy: IfNotPresent ## kube-state-metrics priorityClassName From 091729a8d8b43e85a53288fd257a2de606cfdba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20M=2E=20Cust=C3=B3dio?= Date: Tue, 25 Feb 2020 22:02:27 +0000 Subject: [PATCH 263/304] [stable/etcd-operator] Allow for setting priority classes. (#20761) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bruno Miguel Custódio --- stable/etcd-operator/Chart.yaml | 2 +- stable/etcd-operator/README.md | 3 +++ stable/etcd-operator/templates/backup-operator-deployment.yaml | 3 +++ stable/etcd-operator/templates/operator-deployment.yaml | 3 +++ .../etcd-operator/templates/restore-operator-deployment.yaml | 3 +++ stable/etcd-operator/values.yaml | 3 +++ 6 files changed, 16 insertions(+), 1 deletion(-) diff --git a/stable/etcd-operator/Chart.yaml b/stable/etcd-operator/Chart.yaml index b34ae806cf0f..b44e37292f33 100755 --- a/stable/etcd-operator/Chart.yaml +++ b/stable/etcd-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: CoreOS etcd-operator Helm chart for Kubernetes name: etcd-operator -version: 0.10.2 +version: 0.10.3 appVersion: 0.9.4 home: https://github.com/coreos/etcd-operator icon: https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-horizontal-color.png diff --git a/stable/etcd-operator/README.md b/stable/etcd-operator/README.md index 417b19b4a1a4..da6532e000a8 100644 --- a/stable/etcd-operator/README.md +++ b/stable/etcd-operator/README.md @@ -80,6 +80,7 @@ The following table lists the configurable parameters of the etcd-operator chart | `etcdOperator.nodeSelector` | Node labels for etcd operator pod assignment | `{}` | | `etcdOperator.podAnnotations` | Annotations for the etcd operator pod | `{}` | | `etcdOperator.commandArgs` | Additional command arguments | `{}` | +| `etcdOperator.priorityClassName` | Priority class for the etcd-operator pod(s) | `""` | | `backupOperator.name` | Backup operator name | `etcd-backup-operator` | | `backupOperator.replicaCount` | Number of operator replicas to create (only 1 is supported) | `1` | | `backupOperator.image.repository` | Operator container image | `quay.io/coreos/etcd-operator` | @@ -93,6 +94,7 @@ The following table lists the configurable parameters of the etcd-operator chart | `backupOperator.spec.s3.awsSecret` | Name of kubernetes secret containing aws credentials | | | `backupOperator.nodeSelector` | Node labels for etcd operator pod assignment | `{}` | | `backupOperator.commandArgs` | Additional command arguments | `{}` | +| `backupOperator.priorityClassName` | Priority class for the etcd-backuop-operator pod(s) | `""` | | `restoreOperator.name` | Restore operator name | `etcd-backup-operator` | | `restoreOperator.replicaCount` | Number of operator replicas to create (only 1 is supported) | `1` | | `restoreOperator.image.repository` | Operator container image | `quay.io/coreos/etcd-operator` | @@ -105,6 +107,7 @@ The following table lists the configurable parameters of the etcd-operator chart | `restoreOperator.spec.s3.awsSecret` | Name of kubernetes secret containing aws credentials | | | `restoreOperator.nodeSelector` | Node labels for etcd operator pod assignment | `{}` | | `restoreOperator.commandArgs` | Additional command arguments | `{}` | +| `restoreOperator.priorityClassName` | Priority class for the etcd-restore-operator pod(s) | `""` | | `etcdCluster.name` | etcd cluster name | `etcd-cluster` | | `etcdCluster.size` | etcd cluster size | `3` | | `etcdCluster.version` | etcd cluster version | `3.2.25` | diff --git a/stable/etcd-operator/templates/backup-operator-deployment.yaml b/stable/etcd-operator/templates/backup-operator-deployment.yaml index 8b8d51b00dbe..d1068c7721c7 100644 --- a/stable/etcd-operator/templates/backup-operator-deployment.yaml +++ b/stable/etcd-operator/templates/backup-operator-deployment.yaml @@ -22,6 +22,9 @@ spec: app: {{ template "etcd-backup-operator.fullname" . }} release: {{ .Release.Name }} spec: + {{- if .Values.backupOperator.priorityClassName }} + priorityClassName: {{ .Values.backupOperator.priorityClassName }} + {{- end }} serviceAccountName: {{ template "etcd-operator.serviceAccountName" . }} containers: - name: {{ .Values.backupOperator.name }} diff --git a/stable/etcd-operator/templates/operator-deployment.yaml b/stable/etcd-operator/templates/operator-deployment.yaml index dc50d46ec056..26bf33ad5a48 100644 --- a/stable/etcd-operator/templates/operator-deployment.yaml +++ b/stable/etcd-operator/templates/operator-deployment.yaml @@ -23,6 +23,9 @@ spec: release: {{ .Release.Name }} annotations: {{ toYaml .Values.etcdOperator.podAnnotations | nindent 8}} spec: + {{- if .Values.etcdOperator.priorityClassName }} + priorityClassName: {{ .Values.etcdOperator.priorityClassName }} + {{- end }} serviceAccountName: {{ template "etcd-operator.serviceAccountName" . }} containers: - name: {{ template "etcd-operator.fullname" . }} diff --git a/stable/etcd-operator/templates/restore-operator-deployment.yaml b/stable/etcd-operator/templates/restore-operator-deployment.yaml index ce27f6f82774..f1a2cd275a13 100644 --- a/stable/etcd-operator/templates/restore-operator-deployment.yaml +++ b/stable/etcd-operator/templates/restore-operator-deployment.yaml @@ -22,6 +22,9 @@ spec: app: {{ template "etcd-restore-operator.name" . }} release: {{ .Release.Name }} spec: + {{- if .Values.restoreOperator.priorityClassName }} + priorityClassName: {{ .Values.restoreOperator.priorityClassName }} + {{- end }} serviceAccountName: {{ template "etcd-operator.serviceAccountName" . }} containers: - name: {{ .Values.restoreOperator.name }} diff --git a/stable/etcd-operator/values.yaml b/stable/etcd-operator/values.yaml index 242ba0bd0f39..148635e2cbb1 100644 --- a/stable/etcd-operator/values.yaml +++ b/stable/etcd-operator/values.yaml @@ -38,6 +38,7 @@ customResources: # etcdOperator etcdOperator: + priorityClassName: "" name: etcd-operator replicaCount: 1 image: @@ -72,6 +73,7 @@ etcdOperator: # backup spec backupOperator: + priorityClassName: "" name: etcd-backup-operator replicaCount: 1 image: @@ -97,6 +99,7 @@ backupOperator: # restore spec restoreOperator: + priorityClassName: "" name: etcd-restore-operator replicaCount: 1 image: From 0b64a619cc979380d8b50b1ac5e1fc9416a52a81 Mon Sep 17 00:00:00 2001 From: Michael Barrientos Date: Tue, 25 Feb 2020 14:02:34 -0800 Subject: [PATCH 264/304] [stable/airflow] Add annotations to service account (#21016) Signed-off-by: Michael Barrientos --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 1 + stable/airflow/templates/service-account.yaml | 5 ++++- stable/airflow/values.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 439c4706bd17..198963e5ecbc 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 6.1.0 +version: 6.1.1 appVersion: 1.10.4 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 7b0617211a97..6a686667a889 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -482,6 +482,7 @@ The following table lists the configurable parameters of the Airflow chart and t | `rbac.create` | create RBAC resources | `true` | | `serviceAccount.create` | create a service account | `true` | | `serviceAccount.name` | the service account name | `` | +| `serviceAccount.annotations` | (optional) annotations for the service account | `{}` | | `postgresql.enabled` | create a postgres server | `true` | | `postgresql.existingSecret` | The name of an existing secret with a key named `postgresql.existingSecretKey` to use as the password | `nil` | | `postgresql.existingSecretKey` | The name of the key containing the password in the secret named `postgresql.existingSecret` | `postgres-password` | diff --git a/stable/airflow/templates/service-account.yaml b/stable/airflow/templates/service-account.yaml index 0f6022e6d07d..eee5e51bc526 100644 --- a/stable/airflow/templates/service-account.yaml +++ b/stable/airflow/templates/service-account.yaml @@ -8,4 +8,7 @@ metadata: chart: {{ template "airflow.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{ end }} \ No newline at end of file +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +{{ end }} diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 9df4daa7dcba..db21b7cdf3d8 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -591,6 +591,7 @@ serviceAccount: ## The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the fullname template name: + annotations: {} ## From b71bf8b37c645038c66d48d09e42568a7d9cafe5 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 25 Feb 2020 23:10:26 +0100 Subject: [PATCH 265/304] [stable/ghost] Release 9.1.10 (#20989) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/ghost] Release 9.1.10 updating components versions Signed-off-by: Bitnami Containers * Update requirements.lock Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 5a335b44df09..8a5e5058105b 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: ghost -version: 9.1.9 -appVersion: 3.7.0 +version: 9.1.10 +appVersion: 3.8.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 6d8465c358a7..a9f7a92305dd 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 3.7.0-debian-10-r0 + tag: 3.8.0-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From faa7218217e328a53f0a709c53f2f81b50b2d039 Mon Sep 17 00:00:00 2001 From: Rob Kernick Date: Tue, 25 Feb 2020 17:10:38 -0500 Subject: [PATCH 266/304] stable/sonarqube - Deprecate chart (#21007) * stable/sonarqube - Deprecate chart Signed-off-by: Rob Kernick * Remove maintainers Signed-off-by: Rob Kernick --- stable/sonarqube/Chart.yaml | 12 +++++------- stable/sonarqube/OWNERS | 6 ------ stable/sonarqube/README.md | 2 ++ stable/sonarqube/templates/NOTES.txt | 3 +++ 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 6f64ea8da129..ccdd6229e757 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sonarqube -description: SonarQube is an open sourced code quality scanning tool -version: 4.0.0 +description: DEPRECATED SonarQube is an open sourced code quality scanning tool +version: 4.0.1 appVersion: 7.9.2 keywords: - coverage @@ -12,8 +12,6 @@ home: https://www.sonarqube.org/ icon: https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg sources: - https://github.com/SonarSource/docker-sonarqube -maintainers: - - name: rjkernick - email: rjkernick@gmail.com - - name: tsiddique - email: tsiddique@live.com +# This chart has been deprecated https://github.com/helm/charts/blob/master/PROCESSES.md#deprecating-a-chart +# It is now maintained at https://github.com/oteemo/charts +deprecated: true diff --git a/stable/sonarqube/OWNERS b/stable/sonarqube/OWNERS index 30775e3acefd..e69de29bb2d1 100644 --- a/stable/sonarqube/OWNERS +++ b/stable/sonarqube/OWNERS @@ -1,6 +0,0 @@ -approvers: -- rjkernick -- tsiddique -reviewers: -- rjkernick -- tsiddique diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index d6aa07466e2d..ba3da1590e39 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -1,5 +1,7 @@ # SonarQube +**This chart has been deprecated and moved to [Oteemo Charts](https://github.com/oteemo/charts)** + [SonarQube](https://www.sonarqube.org/) is an open sourced code quality scanning tool. ## Introduction diff --git a/stable/sonarqube/templates/NOTES.txt b/stable/sonarqube/templates/NOTES.txt index fa36b07154a0..3575c6605990 100644 --- a/stable/sonarqube/templates/NOTES.txt +++ b/stable/sonarqube/templates/NOTES.txt @@ -1,3 +1,6 @@ +This chart has been deprecated and moved to https://github.com/oteemo/charts + + 1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} {{- range .Values.ingress.hosts }} From f6595c025375addafe7e821c38848a1e2a201bdb Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 08:38:27 +0100 Subject: [PATCH 267/304] [stable/odoo] Release 13.0.2 (#21010) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/odoo] Release 13.0.2 updating components versions Signed-off-by: Bitnami Containers * Update deps with Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/odoo/Chart.yaml | 4 ++-- stable/odoo/requirements.lock | 4 ++-- stable/odoo/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/odoo/Chart.yaml b/stable/odoo/Chart.yaml index 8524ef55c6a1..6af5fdcc18f8 100644 --- a/stable/odoo/Chart.yaml +++ b/stable/odoo/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: odoo -version: 13.0.1 -appVersion: 12.0.20191215 +version: 13.0.2 +appVersion: 12.0.20200215 description: A suite of web based open source business apps. home: https://www.odoo.com/ icon: https://bitnami.com/assets/stacks/odoo/img/odoo-stack-110x117.png diff --git a/stable/odoo/requirements.lock b/stable/odoo/requirements.lock index 553d864e7c04..9af9fbf31d59 100644 --- a/stable/odoo/requirements.lock +++ b/stable/odoo/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com/ - version: 8.2.1 + version: 8.4.2 digest: sha256:ab0947bfeb757eaf0dc8fdf51a5a4aeb6f6ca33d55e3a5a91b00cfefd65288e2 -generated: 2020-01-31T10:40:11.837607+01:00 +generated: "2020-02-26T07:30:30.091193428Z" diff --git a/stable/odoo/values.yaml b/stable/odoo/values.yaml index d79bf2719451..5105bcc79b7c 100644 --- a/stable/odoo/values.yaml +++ b/stable/odoo/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/odoo - tag: 12.0.20191215-debian-9-r26 + tag: 12.0.20200215-debian-10-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 665314608459a15b77ef3316863103c6290ae44a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 09:38:26 +0100 Subject: [PATCH 268/304] [stable/external-dns] Release 2.19.1 updating components versions (#21027) Signed-off-by: Bitnami Containers --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/values-production.yaml | 2 +- stable/external-dns/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index cb2e9df6b7d7..a366c7bfa9c7 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: external-dns -version: 2.19.0 +version: 2.19.1 appVersion: 0.6.0 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: diff --git a/stable/external-dns/values-production.yaml b/stable/external-dns/values-production.yaml index 021708fc2219..62abdbfed055 100644 --- a/stable/external-dns/values-production.yaml +++ b/stable/external-dns/values-production.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/external-dns - tag: 0.6.0-debian-10-r0 + tag: 0.6.0-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 4f9cac7e4aad..f304bfb714d4 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/external-dns - tag: 0.6.0-debian-10-r0 + tag: 0.6.0-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From e03d2182e4c59422a233556498847e9ba5749592 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 09:48:29 +0100 Subject: [PATCH 269/304] [stable/dokuwiki] Release 6.0.9 updating components versions (#21026) Signed-off-by: Bitnami Containers --- stable/dokuwiki/Chart.yaml | 2 +- stable/dokuwiki/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/dokuwiki/Chart.yaml b/stable/dokuwiki/Chart.yaml index 6ab294a51c30..0d66b9003aaf 100644 --- a/stable/dokuwiki/Chart.yaml +++ b/stable/dokuwiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: dokuwiki -version: 6.0.8 +version: 6.0.9 appVersion: 0.20180422.201901061035 description: DokuWiki is a standards-compliant, simple to use wiki optimized for creating documentation. It is targeted at developer teams, workgroups, and small companies. diff --git a/stable/dokuwiki/values.yaml b/stable/dokuwiki/values.yaml index e1423c630d9d..0cc0ef81843b 100644 --- a/stable/dokuwiki/values.yaml +++ b/stable/dokuwiki/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/dokuwiki - tag: 0.20180422.201901061035-debian-10-r22 + tag: 0.20180422.201901061035-debian-10-r28 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -193,7 +193,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From a6c9c1f6b22ca94cb4c36dcddd0b0441650252c6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 09:48:37 +0100 Subject: [PATCH 270/304] [stable/mongodb] Release 7.8.6 updating components versions (#21028) Signed-off-by: Bitnami Containers --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/values-production.yaml | 4 ++-- stable/mongodb/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 569df1816a7e..141543bbfceb 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mongodb -version: 7.8.5 +version: 7.8.6 appVersion: 4.2.3 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index 0f876a6edb5c..55531d49ea4d 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -18,7 +18,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.2.3-debian-10-r10 + tag: 4.2.3-debian-10-r31 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -437,7 +437,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.10.0-debian-10-r9 + tag: 0.10.0-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 1b9091a02cfa..6c64012f6029 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -18,7 +18,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.2.3-debian-10-r10 + tag: 4.2.3-debian-10-r31 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -439,7 +439,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.10.0-debian-10-r9 + tag: 0.10.0-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 27712938875b71d1ef3d3915ddb54835ca69c9a0 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 09:48:45 +0100 Subject: [PATCH 271/304] [stable/mariadb] Release 7.3.11 updating components versions (#21030) Signed-off-by: Bitnami Containers --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/values-production.yaml | 4 ++-- stable/mariadb/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 87dfdd5ca0c0..d2fcecb417ba 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mariadb -version: 7.3.10 +version: 7.3.11 appVersion: 10.3.22 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index 964ad9b5b3df..47293f490d37 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -19,7 +19,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.3.22-debian-10-r17 + tag: 10.3.22-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -459,7 +459,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.1-debian-10-r19 + tag: 0.12.1-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index d8ccf895fae1..afacee18941f 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -19,7 +19,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.3.22-debian-10-r17 + tag: 10.3.22-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -461,7 +461,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.1-debian-10-r19 + tag: 0.12.1-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 1cea5d1447585da670899e192708851b13c51b22 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 09:48:54 +0100 Subject: [PATCH 272/304] [stable/kubewatch] Release 1.0.7 updating components versions (#21031) Signed-off-by: Bitnami Containers --- stable/kubewatch/Chart.yaml | 2 +- stable/kubewatch/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/kubewatch/Chart.yaml b/stable/kubewatch/Chart.yaml index c56c177d2f31..29cb65163e78 100644 --- a/stable/kubewatch/Chart.yaml +++ b/stable/kubewatch/Chart.yaml @@ -1,5 +1,5 @@ name: kubewatch -version: 1.0.6 +version: 1.0.7 apiVersion: v1 appVersion: 0.0.4 home: https://github.com/bitnami-labs/kubewatch diff --git a/stable/kubewatch/values.yaml b/stable/kubewatch/values.yaml index 2d7edf482818..232289844901 100644 --- a/stable/kubewatch/values.yaml +++ b/stable/kubewatch/values.yaml @@ -49,7 +49,7 @@ resourcesToWatch: image: registry: docker.io repository: bitnami/kubewatch - tag: 0.0.4-debian-10-r22 + tag: 0.0.4-debian-10-r29 pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From fe257e00fc6e45d0af91d6cea4ee97046df3c93c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 09:49:02 +0100 Subject: [PATCH 273/304] [stable/nats] Release 4.3.4 updating components versions (#21042) Signed-off-by: Bitnami Containers --- stable/nats/Chart.yaml | 2 +- stable/nats/values-production.yaml | 4 ++-- stable/nats/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index 601a953d72b8..8084f76ed8f3 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nats -version: 4.3.3 +version: 4.3.4 appVersion: 2.1.4 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/values-production.yaml b/stable/nats/values-production.yaml index d60cac4f05d8..555f1f4a5a12 100644 --- a/stable/nats/values-production.yaml +++ b/stable/nats/values-production.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/nats - tag: 2.1.4-debian-10-r15 + tag: 2.1.4-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -306,7 +306,7 @@ metrics: image: registry: docker.io repository: bitnami/nats-exporter - tag: 0.6.0-debian-10-r20 + tag: 0.6.0-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/nats/values.yaml b/stable/nats/values.yaml index 618ed50c54ce..055dbd4e4775 100644 --- a/stable/nats/values.yaml +++ b/stable/nats/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/nats - tag: 2.1.4-debian-10-r15 + tag: 2.1.4-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -306,7 +306,7 @@ metrics: image: registry: docker.io repository: bitnami/nats-exporter - tag: 0.6.0-debian-10-r20 + tag: 0.6.0-debian-10-r27 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 6ec80968871117961eb2b2eeb6641a341891c96a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 10:10:26 +0100 Subject: [PATCH 274/304] [stable/rabbitmq] Release 6.17.5 updating components versions (#21036) Signed-off-by: Bitnami Containers --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/values-production.yaml | 4 ++-- stable/rabbitmq/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 9eab0deac9d6..944dd829a7fd 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.17.4 +version: 6.17.5 appVersion: 3.8.2 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index e2501267254d..8ca5cff57316 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.8.2-debian-10-r25 + tag: 3.8.2-debian-10-r30 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb @@ -403,7 +403,7 @@ metrics: image: registry: docker.io repository: bitnami/rabbitmq-exporter - tag: 0.29.0-debian-10-r23 + tag: 0.29.0-debian-10-r28 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index 9bd3e46de6af..d1a0327715c6 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.8.2-debian-10-r25 + tag: 3.8.2-debian-10-r30 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb @@ -380,7 +380,7 @@ metrics: image: registry: docker.io repository: bitnami/rabbitmq-exporter - tag: 0.29.0-debian-10-r23 + tag: 0.29.0-debian-10-r28 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 1c6aadbf292cd0ceb55b2dd29786748ec63780b3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 10:10:34 +0100 Subject: [PATCH 275/304] [stable/redis] Release 10.5.6 updating components versions (#21037) Signed-off-by: Bitnami Containers --- stable/redis/Chart.yaml | 2 +- stable/redis/values-production.yaml | 6 +++--- stable/redis/values.yaml | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index d731bd97ca17..7f581f9a9be5 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redis -version: 10.5.5 +version: 10.5.6 appVersion: 5.0.7 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index 64640f5c3d89..cae2af1ef0c9 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -18,7 +18,7 @@ image: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r27 + tag: 5.0.7-debian-10-r32 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -60,7 +60,7 @@ sentinel: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r22 + tag: 5.0.7-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -480,7 +480,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.3.5-debian-10-r22 + tag: 1.4.0-debian-10-r3 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index b5f188e49049..2649466df078 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -18,7 +18,7 @@ image: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r27 + tag: 5.0.7-debian-10-r32 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -60,7 +60,7 @@ sentinel: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis-sentinel#supported-tags-and-respective-dockerfile-links ## - tag: 5.0.7-debian-10-r22 + tag: 5.0.7-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -480,7 +480,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.3.5-debian-10-r22 + tag: 1.4.0-debian-10-r3 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From e6530ae4c690d7d30e5ca5b524e90cb55c26d01b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 10:42:29 +0100 Subject: [PATCH 276/304] [stable/orangehrm] Release 7.0.7 (#21006) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/orangehrm] Release 7.0.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/orangehrm/Chart.yaml | 2 +- stable/orangehrm/requirements.lock | 2 +- stable/orangehrm/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/orangehrm/Chart.yaml b/stable/orangehrm/Chart.yaml index af006c966143..b5cb40913d08 100644 --- a/stable/orangehrm/Chart.yaml +++ b/stable/orangehrm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: orangehrm -version: 7.0.6 +version: 7.0.7 appVersion: 4.3.4-0 description: OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business. diff --git a/stable/orangehrm/requirements.lock b/stable/orangehrm/requirements.lock index c5688dc1eb85..88c768d4743d 100644 --- a/stable/orangehrm/requirements.lock +++ b/stable/orangehrm/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:40:11.060124841Z" +generated: "2020-02-26T08:50:46.760351894Z" diff --git a/stable/orangehrm/values.yaml b/stable/orangehrm/values.yaml index b59fac517a85..3977a8b5aa8d 100644 --- a/stable/orangehrm/values.yaml +++ b/stable/orangehrm/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/orangehrm - tag: 4.3.4-0-debian-10-r22 + tag: 4.3.4-0-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -239,7 +239,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r21 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 26ed1d757d76c68f0a977182fbe8add72754121a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:14:27 +0100 Subject: [PATCH 277/304] [stable/prestashop] Release 9.1.7 (#21009) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/prestashop] Release 9.1.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/prestashop/Chart.yaml | 2 +- stable/prestashop/requirements.lock | 2 +- stable/prestashop/values.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index 0ad3431624de..db1d3fc5bb50 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prestashop -version: 9.1.6 +version: 9.1.7 appVersion: 1.7.6-3 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: diff --git a/stable/prestashop/requirements.lock b/stable/prestashop/requirements.lock index 574929cc50f9..90bd36a1be83 100644 --- a/stable/prestashop/requirements.lock +++ b/stable/prestashop/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:33:57.152705242Z" +generated: "2020-02-26T08:50:54.648747672Z" diff --git a/stable/prestashop/values.yaml b/stable/prestashop/values.yaml index 427f2c2a671b..4e08d6e98449 100644 --- a/stable/prestashop/values.yaml +++ b/stable/prestashop/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/prestashop - tag: 1.7.6-3-debian-10-r12 + tag: 1.7.6-3-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -126,7 +126,7 @@ mariadb: image: registry: docker.io repository: bitnami/mariadb - tag: 10.1.44-debian-10-r15 + tag: 10.1.44-debian-10-r24 ## Disable MariaDB replication replication: enabled: false @@ -303,7 +303,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r19 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 8e6f59a1e9f87843b0b0582176b2a62aa73bb255 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:14:39 +0100 Subject: [PATCH 278/304] [stable/joomla] Release 7.1.8 (#21013) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/joomla] Release 7.1.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/joomla/Chart.yaml | 2 +- stable/joomla/requirements.lock | 2 +- stable/joomla/values.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/joomla/Chart.yaml b/stable/joomla/Chart.yaml index f672549c7eba..64e01296f611 100644 --- a/stable/joomla/Chart.yaml +++ b/stable/joomla/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: joomla -version: 7.1.7 +version: 7.1.8 appVersion: 3.9.15 description: PHP content management system (CMS) for publishing web content keywords: diff --git a/stable/joomla/requirements.lock b/stable/joomla/requirements.lock index 74fce72ae830..f370846d7bc9 100644 --- a/stable/joomla/requirements.lock +++ b/stable/joomla/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-21T08:44:30.283602666Z" +generated: "2020-02-26T08:51:03.13866029Z" diff --git a/stable/joomla/values.yaml b/stable/joomla/values.yaml index f251d14c3d36..755fb838ecc1 100644 --- a/stable/joomla/values.yaml +++ b/stable/joomla/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/joomla - tag: 3.9.15-debian-10-r8 + tag: 3.9.15-debian-10-r9 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -97,7 +97,7 @@ mariadb: image: registry: docker.io repository: bitnami/mariadb - tag: 10.1.44-debian-10-r16 + tag: 10.1.44-debian-10-r24 ## Disable MariaDB replication replication: enabled: false @@ -286,7 +286,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r19 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From f2ab32999e37d40540e12b9a447a513bd84c86c9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:14:47 +0100 Subject: [PATCH 279/304] [stable/suitecrm] Release 8.0.8 (#21029) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/suitecrm] Release 8.0.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/suitecrm/Chart.yaml | 2 +- stable/suitecrm/requirements.lock | 4 ++-- stable/suitecrm/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index 6301c8a54a97..7b077850029c 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: suitecrm -version: 8.0.7 +version: 8.0.8 appVersion: 7.11.12 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: diff --git a/stable/suitecrm/requirements.lock b/stable/suitecrm/requirements.lock index 99e93056cf60..7725514288d9 100644 --- a/stable/suitecrm/requirements.lock +++ b/stable/suitecrm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.9 + version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-18T11:09:15.718707619Z" +generated: "2020-02-26T08:45:09.136430551Z" diff --git a/stable/suitecrm/values.yaml b/stable/suitecrm/values.yaml index e2f9bcf22e1e..3e15e9dfe556 100644 --- a/stable/suitecrm/values.yaml +++ b/stable/suitecrm/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/suitecrm - tag: 7.11.12-debian-10-r0 + tag: 7.11.12-debian-10-r10 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -267,7 +267,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r19 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 91d1cfff45f074fae7dcd777cc194394fa442962 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:14:55 +0100 Subject: [PATCH 280/304] [stable/wordpress] Release 8.1.6 (#21032) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/wordpress] Release 8.1.6 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/requirements.lock | 2 +- stable/wordpress/values-production.yaml | 4 ++-- stable/wordpress/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 79fe977e306e..60b30e78b1fe 100755 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: wordpress -version: 8.1.5 +version: 8.1.6 appVersion: 5.3.2 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/requirements.lock b/stable/wordpress/requirements.lock index 5c8aa239d098..cd165f7b7cf3 100644 --- a/stable/wordpress/requirements.lock +++ b/stable/wordpress/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:0a5be71f27bb4258b63df284f5006ab452666b4c3125a1c15b8753e71ec8c118 -generated: "2020-02-24T07:39:02.834458068Z" +generated: "2020-02-26T08:45:16.922661067Z" diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index d33a02d76d98..d3f5e55860eb 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.3.2-debian-10-r25 + tag: 5.3.2-debian-10-r29 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -382,7 +382,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r23 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index faeb43d143a8..17ca4a05fa45 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.3.2-debian-10-r25 + tag: 5.3.2-debian-10-r29 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -377,7 +377,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r23 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 077db72e50f3774328aa5f7fa19fcb975f6f0673 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:03 +0100 Subject: [PATCH 281/304] [stable/phpbb] Release 7.0.8 (#21033) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phpbb] Release 7.0.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phpbb/Chart.yaml | 2 +- stable/phpbb/requirements.lock | 2 +- stable/phpbb/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/phpbb/Chart.yaml b/stable/phpbb/Chart.yaml index 25144350a897..865f051a7ffe 100644 --- a/stable/phpbb/Chart.yaml +++ b/stable/phpbb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpbb -version: 7.0.7 +version: 7.0.8 appVersion: 3.3.0 description: Community forum that supports the notion of users and groups, file attachments, full-text search, notifications and more. keywords: diff --git a/stable/phpbb/requirements.lock b/stable/phpbb/requirements.lock index b9ea8136c6f8..b07551fa9837 100644 --- a/stable/phpbb/requirements.lock +++ b/stable/phpbb/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-24T07:37:47.116535546Z" +generated: "2020-02-26T08:44:52.469482899Z" diff --git a/stable/phpbb/values.yaml b/stable/phpbb/values.yaml index 5266883fe628..3f6273f7aefc 100644 --- a/stable/phpbb/values.yaml +++ b/stable/phpbb/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/phpbb - tag: 3.3.0-debian-10-r23 + tag: 3.3.0-debian-10-r25 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -246,7 +246,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r24 + tag: 0.7.0-debian-10-r30 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From f9e2d7bf20060c18be16a53cd79c77701922529e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:11 +0100 Subject: [PATCH 282/304] [stable/phpmyadmin] Release 4.3.3 (#21034) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phpmyadmin] Release 4.3.3 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phpmyadmin/Chart.yaml | 2 +- stable/phpmyadmin/requirements.lock | 2 +- stable/phpmyadmin/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/phpmyadmin/Chart.yaml b/stable/phpmyadmin/Chart.yaml index 3d428a75053e..85c3670cea7c 100644 --- a/stable/phpmyadmin/Chart.yaml +++ b/stable/phpmyadmin/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phpmyadmin -version: 4.3.2 +version: 4.3.3 appVersion: 5.0.1 description: phpMyAdmin is an mysql administration frontend keywords: diff --git a/stable/phpmyadmin/requirements.lock b/stable/phpmyadmin/requirements.lock index 08c8a2c36410..769a41bcb250 100644 --- a/stable/phpmyadmin/requirements.lock +++ b/stable/phpmyadmin/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 6.13.0 digest: sha256:a5bab50185c0373da803c6b86abc0e27ed0be1053fe1b560bc8de5a8054e8101 -generated: "2020-02-24T07:38:28.611000558Z" +generated: "2020-02-26T08:45:00.251739043Z" diff --git a/stable/phpmyadmin/values.yaml b/stable/phpmyadmin/values.yaml index 6871988900fb..12de3e4ecc22 100644 --- a/stable/phpmyadmin/values.yaml +++ b/stable/phpmyadmin/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/phpmyadmin - tag: 5.0.1-debian-10-r26 + tag: 5.0.1-debian-10-r30 ## Specify a imagePullPolicy pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -162,7 +162,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r23 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 850313576460da41816029acaac6b37b28dbd9ab Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:20 +0100 Subject: [PATCH 283/304] [stable/drupal] Release 6.2.8 (#21035) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/drupal] Release 6.2.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/drupal/Chart.yaml | 2 +- stable/drupal/requirements.lock | 2 +- stable/drupal/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index d68411694e24..ba057a22f7fb 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: drupal -version: 6.2.7 +version: 6.2.8 appVersion: 8.8.2 description: One of the most versatile open source content management systems. keywords: diff --git a/stable/drupal/requirements.lock b/stable/drupal/requirements.lock index 2b28abcd36c7..4805c8b79c60 100644 --- a/stable/drupal/requirements.lock +++ b/stable/drupal/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-24T07:39:53.777551264Z" +generated: "2020-02-26T08:44:13.411820648Z" diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index 145fbf1af8a7..cce094730bcc 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.8.2-debian-10-r18 + tag: 8.8.2-debian-10-r22 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -287,7 +287,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r23 + tag: 0.7.0-debian-10-r30 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From caad82e975a2d8ecad47c9cf7d689ae16a0bff4f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:27 +0100 Subject: [PATCH 284/304] [stable/mediawiki] Release 9.1.7 (#21038) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/mediawiki] Release 9.1.7 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/mediawiki/Chart.yaml | 2 +- stable/mediawiki/requirements.lock | 2 +- stable/mediawiki/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mediawiki/Chart.yaml b/stable/mediawiki/Chart.yaml index 6f1d776d9962..b7197bdb88e8 100644 --- a/stable/mediawiki/Chart.yaml +++ b/stable/mediawiki/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mediawiki -version: 9.1.6 +version: 9.1.7 appVersion: 1.34.0 description: Extremely powerful, scalable software and a feature-rich wiki implementation that uses PHP to process and display data stored in a database. home: http://www.mediawiki.org/ diff --git a/stable/mediawiki/requirements.lock b/stable/mediawiki/requirements.lock index 8a24c7faf815..fdd63c30b1fb 100644 --- a/stable/mediawiki/requirements.lock +++ b/stable/mediawiki/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:d45d6c79af1488743975c530c9bacc4321ef538392cc1603d08214a02e3cac49 -generated: "2020-02-24T07:38:45.948570846Z" +generated: "2020-02-26T08:44:21.18566319Z" diff --git a/stable/mediawiki/values.yaml b/stable/mediawiki/values.yaml index 14c95c5a4e0a..f65eb529c1e9 100644 --- a/stable/mediawiki/values.yaml +++ b/stable/mediawiki/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/mediawiki - tag: 1.34.0-debian-10-r27 + tag: 1.34.0-debian-10-r31 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -280,7 +280,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r23 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 9318b993b939536e08cd09ddc65c9a0e26f76d0b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:35 +0100 Subject: [PATCH 285/304] [stable/parse] Release 10.3.8 (#21039) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/parse] Release 10.3.8 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/parse/Chart.yaml | 2 +- stable/parse/requirements.lock | 4 ++-- stable/parse/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index 8c5c47090f69..32d2488d13c1 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: parse -version: 10.3.7 +version: 10.3.8 appVersion: 3.10.0 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: diff --git a/stable/parse/requirements.lock b/stable/parse/requirements.lock index 0960dedf95b5..22736b4273cd 100644 --- a/stable/parse/requirements.lock +++ b/stable/parse/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mongodb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.8.4 + version: 7.8.5 digest: sha256:380fe3c8514cc2d19b28e5b1a79d83961fa9f9d7f438eba85425dbf8c0b89bbd -generated: "2020-02-24T07:39:19.975678921Z" +generated: "2020-02-26T08:44:44.63381915Z" diff --git a/stable/parse/values.yaml b/stable/parse/values.yaml index 954f72773a4c..8c474923e699 100644 --- a/stable/parse/values.yaml +++ b/stable/parse/values.yaml @@ -63,7 +63,7 @@ server: image: registry: docker.io repository: bitnami/parse - tag: 3.10.0-debian-10-r26 + tag: 3.10.0-debian-10-r30 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -186,7 +186,7 @@ dashboard: image: registry: docker.io repository: bitnami/parse-dashboard - tag: 2.0.5-debian-10-r23 + tag: 2.0.5-debian-10-r27 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 6908443d038a1f9a670fc1f457a2804b71557ce5 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:43 +0100 Subject: [PATCH 286/304] [stable/moodle] Release 7.2.3 (#21040) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/moodle] Release 7.2.3 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/moodle/Chart.yaml | 2 +- stable/moodle/requirements.lock | 2 +- stable/moodle/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index 2c94662aaf67..fede0a27a1bd 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: moodle -version: 7.2.2 +version: 7.2.3 appVersion: 3.8.1 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/requirements.lock b/stable/moodle/requirements.lock index 258d97c5a4f3..eaf1a7cf8b61 100644 --- a/stable/moodle/requirements.lock +++ b/stable/moodle/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-24T07:37:15.823870369Z" +generated: "2020-02-26T08:44:29.017274944Z" diff --git a/stable/moodle/values.yaml b/stable/moodle/values.yaml index a5b44b668300..d40b9b5926ff 100644 --- a/stable/moodle/values.yaml +++ b/stable/moodle/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/moodle - tag: 3.8.1-debian-10-r17 + tag: 3.8.1-debian-10-r18 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -301,7 +301,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r27 + tag: 0.7.0-debian-10-r28 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From fafed7324877bf39cb9453efe0a62095b1e63bda Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:51 +0100 Subject: [PATCH 287/304] [stable/owncloud] Release 8.1.5 (#21041) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/owncloud] Release 8.1.5 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/owncloud/Chart.yaml | 2 +- stable/owncloud/requirements.lock | 2 +- stable/owncloud/values.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/owncloud/Chart.yaml b/stable/owncloud/Chart.yaml index f4d61fbd3d1d..118151b88e2d 100644 --- a/stable/owncloud/Chart.yaml +++ b/stable/owncloud/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: owncloud -version: 8.1.4 +version: 8.1.5 appVersion: 10.3.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/stable/owncloud/requirements.lock b/stable/owncloud/requirements.lock index edd212b066b3..53a0cdeff36f 100644 --- a/stable/owncloud/requirements.lock +++ b/stable/owncloud/requirements.lock @@ -3,4 +3,4 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ version: 7.3.10 digest: sha256:cd64413a4a697ccf85c0091e9c55cdc5876938ddced84c05d37c57ff9abc5864 -generated: "2020-02-24T07:38:08.622373413Z" +generated: "2020-02-26T08:44:36.826523173Z" diff --git a/stable/owncloud/values.yaml b/stable/owncloud/values.yaml index 234ef7c349a0..e404e854e189 100644 --- a/stable/owncloud/values.yaml +++ b/stable/owncloud/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/owncloud - tag: 10.3.2-debian-10-r20 + tag: 10.3.2-debian-10-r23 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -254,7 +254,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r24 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 0344b17eaeb3384d79dc815a6c14f2956799b266 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 11:15:59 +0100 Subject: [PATCH 288/304] [stable/phabricator] Release 9.0.10 (#21043) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/phabricator] Release 9.0.10 updating components versions Signed-off-by: Bitnami Containers * Run "helm dependency update" using latest Helm 2 Signed-off-by: Carlos Rodriguez Hernandez Co-authored-by: Carlos Rodríguez Hernández --- stable/phabricator/Chart.yaml | 2 +- stable/phabricator/requirements.lock | 4 ++-- stable/phabricator/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 2f5ea8d07854..98032372dc89 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: phabricator -version: 9.0.9 +version: 9.0.10 appVersion: 2020.7.0 description: Collection of open source web applications that help software companies build better software. keywords: diff --git a/stable/phabricator/requirements.lock b/stable/phabricator/requirements.lock index 807712633530..cf64675882c8 100644 --- a/stable/phabricator/requirements.lock +++ b/stable/phabricator/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 7.3.9 + version: 7.3.10 digest: sha256:22662ca4b6b22e2476dbffb98118b0369277a68918a0129d17bf34bd66100653 -generated: "2020-02-18T10:48:36.47906334Z" +generated: "2020-02-26T08:37:02.607390868Z" diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index 428cf7f7047e..908341423e8c 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -14,7 +14,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2020.7.0-debian-10-r3 + tag: 2020.7.0-debian-10-r6 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -228,7 +228,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-10-r20 + tag: 0.7.0-debian-10-r29 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 1d09130a0e5ae7e496cbc405d6f7f1ab7b6cf011 Mon Sep 17 00:00:00 2001 From: Daniel Arteaga Date: Wed, 26 Feb 2020 11:22:26 +0100 Subject: [PATCH 289/304] [stable/redmine] fix emailreceiver cronjob template (#21044) * fix emailreceiver cronjob template Signed-off-by: darteaga * bump chart version Signed-off-by: darteaga --- stable/redmine/Chart.yaml | 2 +- stable/redmine/templates/cronjob.yaml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index 8e5d6dc9522a..8d82610eb545 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: redmine -version: 14.1.9 +version: 14.1.10 appVersion: 4.1.0 description: A flexible project management web application. keywords: diff --git a/stable/redmine/templates/cronjob.yaml b/stable/redmine/templates/cronjob.yaml index 01816073e654..c07ef595c14b 100644 --- a/stable/redmine/templates/cronjob.yaml +++ b/stable/redmine/templates/cronjob.yaml @@ -7,6 +7,7 @@ metadata: spec: schedule: "{{ .Values.mailReceiver.schedule }}" suspend: {{ .Values.mailReceiver.suspend }} + concurrencyPolicy: Forbid jobTemplate: spec: template: @@ -19,12 +20,10 @@ spec: name: {{ template "redmine.fullname" . }} defaultMode: 0744 restartPolicy: Never - concurrencyPolicy: Forbid - imagePullPolicy: {{ .Values.mailReceiver.image.pullPolicy | quote }} containers: - name: {{ template "redmine.mailReceiver.fullname" . }} image: {{ template "redmine.mailReceiver.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + imagePullPolicy: {{ .Values.mailReceiver.image.pullPolicy | quote }} command: - bash args: From 03ef3e4684d1bdd1da9f44afbc499259a1c1c414 Mon Sep 17 00:00:00 2001 From: devOpsHelm <54980549+devOpsHelm@users.noreply.github.com> Date: Wed, 26 Feb 2020 14:34:26 +0300 Subject: [PATCH 290/304] adds prometheus port on service annotations (#100) (#21020) Signed-off-by: devOpsHelm --- stable/hazelcast/Chart.yaml | 2 +- stable/hazelcast/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/hazelcast/Chart.yaml b/stable/hazelcast/Chart.yaml index 9634e0e381e7..0ef62f013a72 100644 --- a/stable/hazelcast/Chart.yaml +++ b/stable/hazelcast/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: hazelcast -version: 3.0.2 +version: 3.0.3 appVersion: "4.0" tillerVersion: ">=2.7.2" kubeVersion: ">=1.9.0-0" diff --git a/stable/hazelcast/values.yaml b/stable/hazelcast/values.yaml index 014a0014f71a..165e50037d17 100644 --- a/stable/hazelcast/values.yaml +++ b/stable/hazelcast/values.yaml @@ -182,6 +182,7 @@ metrics: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" + prometheus.io/port: "8080" # customVolume is the configuration for any volume mounted as '/data/custom/' (e.g. to mount a volume with custom JARs) # customVolume: From 57b526e77af26e52ba4ffbcd2b56d4325664c52c Mon Sep 17 00:00:00 2001 From: devOpsHelm <54980549+devOpsHelm@users.noreply.github.com> Date: Wed, 26 Feb 2020 14:44:25 +0300 Subject: [PATCH 291/304] adds prometheus port on service annotations (#100) (#21021) Signed-off-by: devOpsHelm --- stable/hazelcast-jet/Chart.yaml | 2 +- stable/hazelcast-jet/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/hazelcast-jet/Chart.yaml b/stable/hazelcast-jet/Chart.yaml index 9808fde4b1a3..427e676f2304 100644 --- a/stable/hazelcast-jet/Chart.yaml +++ b/stable/hazelcast-jet/Chart.yaml @@ -4,7 +4,7 @@ tillerVersion: ">=2.7.2" kubeVersion: ">=1.9.0-0" description: Hazelcast Jet is an application embeddable, distributed computing engine built on top of Hazelcast In-Memory Data Grid (IMDG). With Hazelcast IMDG providing storage functionality, Hazelcast Jet performs parallel execution to enable data-intensive applications to operate in near real-time. name: hazelcast-jet -version: 1.3.0 +version: 1.3.1 keywords: - hazelcast - jet diff --git a/stable/hazelcast-jet/values.yaml b/stable/hazelcast-jet/values.yaml index 7fd01dbeec14..cc36cb63dc67 100644 --- a/stable/hazelcast-jet/values.yaml +++ b/stable/hazelcast-jet/values.yaml @@ -169,6 +169,7 @@ metrics: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" + prometheus.io/port: "8080" # Hazelcast Jet Management Center application properties managementcenter: From 498c76ebec44720570d1c8adb6297163036879db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Wed, 26 Feb 2020 13:34:26 +0100 Subject: [PATCH 292/304] [stable/coredns] Allow to specify a PodDisruptionBudget (#20586) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/coredns] Allow to specify a PodDisruptionBudget Signed-off-by: Manuel Rüger * Update stable/coredns/Chart.yaml Co-Authored-By: Carlos Tadeu Panato Junior Signed-off-by: Manuel Rüger Co-authored-by: Carlos Tadeu Panato Junior --- stable/coredns/Chart.yaml | 2 +- stable/coredns/README.md | 1 + .../templates/poddisruptionbudget.yaml | 28 +++++++++++++++++++ stable/coredns/values.yaml | 3 ++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 stable/coredns/templates/poddisruptionbudget.yaml diff --git a/stable/coredns/Chart.yaml b/stable/coredns/Chart.yaml index 732b23e4a5eb..add42e7b0868 100644 --- a/stable/coredns/Chart.yaml +++ b/stable/coredns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: coredns -version: 1.9.3 +version: 1.10.0 appVersion: 1.6.7 description: CoreDNS is a DNS server that chains plugins and provides Kubernetes DNS Services keywords: diff --git a/stable/coredns/README.md b/stable/coredns/README.md index dc00ca26b5f8..b4fbbc91bd4c 100644 --- a/stable/coredns/README.md +++ b/stable/coredns/README.md @@ -75,6 +75,7 @@ The command removes all the Kubernetes components associated with the chart and | `zoneFiles` | Configure custom Zone files | [] | | `extraSecrets` | Optional array of secrets to mount inside the CoreDNS container | [] | | `customLabels` | Optional labels for Deployment(s), Pod, Service, ServiceMonitor objects | {} | +| `podDisruptionBudget` | Optional PodDisruptionBudget | {} | | `autoscaler.enabled` | Optionally enabled a cluster-proportional-autoscaler for CoreDNS | `false` | | `autoscaler.coresPerReplica` | Number of cores in the cluster per CoreDNS replica | `256` | | `autoscaler.nodesPerReplica` | Number of nodes in the cluster per CoreDNS replica | `16` | diff --git a/stable/coredns/templates/poddisruptionbudget.yaml b/stable/coredns/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000000..8ade224f8c47 --- /dev/null +++ b/stable/coredns/templates/poddisruptionbudget.yaml @@ -0,0 +1,28 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "coredns.fullname" . }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- if .Values.isClusterService }} + k8s-app: {{ .Chart.Name | quote }} + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- if .Values.isClusterService }} + k8s-app: {{ .Chart.Name | quote }} + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end }} diff --git a/stable/coredns/values.yaml b/stable/coredns/values.yaml index becf135646d9..d7e074d93c80 100644 --- a/stable/coredns/values.yaml +++ b/stable/coredns/values.yaml @@ -128,6 +128,9 @@ nodeSelector: {} # effect: NoSchedule tolerations: [] +# https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +podDisruptionBudget: {} + # configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/ zoneFiles: [] # - filename: example.db From 6d2fc82c220ad13e0d74df69275fc98f6085ccf1 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Wed, 26 Feb 2020 16:26:25 +0100 Subject: [PATCH 293/304] [stable/datadog] v2.0.0 major release (#18182) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/datadog] v2.0.0 cleaning and refactoring * Remove Datadog agent deployment configuration. * Cleanup resources labels, to fit with recommended labels. * Cleanup useless or unused values parameters. Signed-off-by: cedric lamoriniere * [stable/datadog] cleanup refactor RBAC resources * each component have its own RBAC configuration (create,configuration). * container runtime socket update values configuration simplification. * `nameOverride` `fullnameOverride` is now optional in values.yaml Signed-off-by: cedric lamoriniere * update stable/datadog/ci values.yaml Signed-off-by: cedric lamoriniere * [datadog] fix linter error Signed-off-by: cedric lamoriniere * [datadog] fix missing merge Signed-off-by: cedric lamoriniere * refactor values.yaml Signed-off-by: cedric lamoriniere * update value.yaml Signed-off-by: cedric lamoriniere * Add a table with the correspondence between the v1 and v2 parameters Signed-off-by: cedric lamoriniere * templates: enable APM by default Signed-off-by: cedric lamoriniere * Leave apm.enabled setting but change default. Signed-off-by: cedric lamoriniere * DD_APM_NON_LOCAL_TRAFFIC=true when apm.enabled is true Signed-off-by: cedric lamoriniere * Enable hostPort binding 8126 by default when apm.enabled is true. Signed-off-by: cedric lamoriniere * values: make apm.enabled default to false Signed-off-by: cedric lamoriniere * Address PR comments. Signed-off-by: cedric lamoriniere * refactor dogstatsd parameters Signed-off-by: cedric lamoriniere * update after comments Signed-off-by: cedric lamoriniere * fix dogstatsd parameters path Signed-off-by: cedric lamoriniere * update system-probe manifest after review Signed-off-by: cedric lamoriniere * update ci configuration and fix cluster-agent config Signed-off-by: cedric lamoriniere * change cluster-agent probes endpoint change the cluster-agent probes endpoint in order to be resilent if never the datadog api is not reachable. Signed-off-by: cedric lamoriniere * Fix several typo thanks to contributions Include: #20460 #20449 Signed-off-by: cedric lamoriniere * adding new approvers/reviewers Signed-off-by: cedric lamoriniere * [stable/datadog] add resoures field for init-containers Fixe: #20035 Include: #20461 Add the possibility to overwrite the resources associated to the init-containers. Signed-off-by: cedric lamoriniere * update after review Signed-off-by: cedric lamoriniere * return error message if apiKey is not provided Signed-off-by: cedric lamoriniere * Mount the directory containing the CRI socket instead of the socket itself (#5) This is to handle the cases where the docker daemon is restarted. In this case, the docker daemon will recreate its docker socket and, if the container bind-mounted directly the socket, the container would still have access to the old socket instead of the one of the new docker daemon. Signed-off-by: cedric lamoriniere Co-authored-by: Lénaïc Huard Co-authored-by: Gabriel Aszalos --- stable/datadog/CHANGELOG.md | 12 + stable/datadog/Chart.yaml | 2 +- stable/datadog/OWNERS | 22 +- stable/datadog/README.md | 201 +++--- .../ci/cluster-agent-and-worker-values.yaml | 12 +- ...nt-metrics-server-service-port-values.yaml | 4 + ...uster-agent-volumes-and-mounts-values.yaml | 4 + stable/datadog/ci/cluster-name-values.yaml | 4 + stable/datadog/ci/cluster-name.yaml | 4 - stable/datadog/ci/default-values.yaml | 3 + stable/datadog/ci/no_hardened_seccomp.yaml | 11 +- stable/datadog/docs/Migration_1.x_to_2.x.md | 68 ++ stable/datadog/requirements.lock | 6 +- stable/datadog/requirements.yaml | 4 +- stable/datadog/templates/NOTES.txt | 51 +- .../datadog/templates/agent-apiservice.yaml | 6 +- .../agent-clusterchecks-deployment.yaml | 60 +- .../templates/agent-clusterchecks-rbac.yaml | 6 +- stable/datadog/templates/agent-rbac.yaml | 12 +- stable/datadog/templates/agent-secret.yaml | 4 - stable/datadog/templates/agent-services.yaml | 4 - .../datadog/templates/checksd-configmap.yaml | 4 - .../cluster-agent-confd-configmap.yaml | 4 - .../templates/cluster-agent-deployment.yaml | 53 +- stable/datadog/templates/confd-configmap.yaml | 4 - stable/datadog/templates/container-agent.yaml | 76 +- .../datadog/templates/container-agents.yaml | 223 ------ .../templates/container-process-agent.yaml | 30 +- .../templates/container-system-probe.yaml | 12 +- .../templates/container-trace-agent.yaml | 36 +- stable/datadog/templates/containers-init.yaml | 14 +- stable/datadog/templates/daemonset.yaml | 118 ++- .../templates/datadog-yaml-configmap.yaml | 18 +- stable/datadog/templates/deployment.yaml | 200 ----- stable/datadog/templates/hpa-rbac.yaml | 14 +- stable/datadog/templates/rbac.yaml | 16 +- stable/datadog/templates/secrets.yaml | 8 - stable/datadog/templates/service.yaml | 40 - .../templates/system-probe-configmap.yaml | 23 +- stable/datadog/values.yaml | 683 ++++++++++-------- 40 files changed, 795 insertions(+), 1281 deletions(-) create mode 100644 stable/datadog/CHANGELOG.md create mode 100644 stable/datadog/ci/cluster-name-values.yaml delete mode 100644 stable/datadog/ci/cluster-name.yaml create mode 100644 stable/datadog/docs/Migration_1.x_to_2.x.md delete mode 100644 stable/datadog/templates/container-agents.yaml delete mode 100644 stable/datadog/templates/deployment.yaml delete mode 100644 stable/datadog/templates/service.yaml diff --git a/stable/datadog/CHANGELOG.md b/stable/datadog/CHANGELOG.md new file mode 100644 index 000000000000..748da882d231 --- /dev/null +++ b/stable/datadog/CHANGELOG.md @@ -0,0 +1,12 @@ +# Datadog changelog + +## 2.0 + +### 2.0.0 + +* Remove Datadog agent deployment configuration. +* Cleanup resources labels, to fit with recommended labels. +* Cleanup useless or unused values parameters. +* each component have its own RBAC configuration (create,configuration). +* container runtime socket update values configuration simplification. +* `nameOverride` `fullnameOverride` is now optional in values.yaml diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index b5ea620fc271..c8cd8154fef9 100644 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 1.39.9 +version: 2.0.0 appVersion: "7" description: DataDog Agent keywords: diff --git a/stable/datadog/OWNERS b/stable/datadog/OWNERS index a38047a5a821..b9c3fc2ced30 100644 --- a/stable/datadog/OWNERS +++ b/stable/datadog/OWNERS @@ -1,18 +1,24 @@ approvers: +- ahmed-mez +- celenechang +- charlyf +- clamoriniere - hkaj - irabinovitch -- charlyf +- L3n41c - mfpierre -- clamoriniere +- vboulineau - xlucas -- L3n41c -- celenechang +- xornivore reviewers: +- ahmed-mez +- celenechang +- charlyf +- clamoriniere - hkaj - irabinovitch -- charlyf +- L3n41c - mfpierre -- clamoriniere +- vboulineau - xlucas -- L3n41c -- celenechang +- xornivore diff --git a/stable/datadog/README.md b/stable/datadog/README.md index 98bd3854a5ee..70fcb3db7882 100644 --- a/stable/datadog/README.md +++ b/stable/datadog/README.md @@ -40,7 +40,7 @@ Run the following if you want to deploy the chart with the Datadog Cluster Agent ```bash helm install --name datadog-monitoring \ --set datadog.apiKey= \ - --set datadog.appKey= \ --set clusterAgent.enabled=true \ --set clusterAgent.metricsProvider.enabled=true \ stable/datadog @@ -59,6 +59,13 @@ You can specify the Datadog Cluster Agent token used to secure the communication ### Upgrading +#### From 1.x to 2.x + +⚠️ Migrating from 1.x to 2.x requires a manual action. + +The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. +Please follow the [migration guide](docs/Migration_1.x_to_2.x.md) to update you `values.yaml` file. + #### From 1.19.0 onwards Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). @@ -119,7 +126,7 @@ Update your [datadog-values.yaml](values.yaml) file with the process collection ``` datadog: (...) - processAgentEnabled: true + processAgent.enabled: true ``` then upgrade your Datadog Helm chart: @@ -133,14 +140,14 @@ helm upgrade -f datadog-values.yaml stable/datadog --recreate-pod The system-probe agent only runs in dedicated container environment. Update your [datadog-values.yaml](values.yaml) file with the system-probe collection configuration: ``` -systemProbe: +datadog: (...) - enabled: true + systemProbe: + (...) + enabled: true (...) -daemonset: - useDedicatedContainers: true ``` then upgrade your Datadog Helm chart: @@ -223,9 +230,10 @@ helm upgrade -f datadog-values.yaml stable/datadog --recreate-pod ### CRI integration -As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath` and make sure you allow the socket to be mounted into the pod running the agent by setting `datadog.useCriSocketVolume` to `True`. +As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath`; default is the Docker container runtime socket. To deactivate this support, you just need to unset the `datadog.criSocketPath` setting. Standard paths are: +- Docker socket: `/var/run/docker.sock` - Containerd socket: `/var/run/containerd/containerd.sock` - Cri-o socket: `/var/run/crio/crio.sock` @@ -241,20 +249,18 @@ helm install --name \ | Parameter | Description | Default | | ----------------------------- | ------------------------------------ | ------------------------------------------- | -| `datadog.apiKey` | Your Datadog API key | `Nil` You must provide your own key | +| `datadog.apiKey` | Your Datadog API key | `nil` You must provide your own key | | `datadog.apiKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `datadog.appKey` | Datadog APP key required to use metricsProvider | `Nil` You must provide your own key | +| `datadog.appKey` | Datadog APP key required to use metricsProvider | `nil` You must provide your own key | | `datadog.appKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | | `image.repository` | The image repository to pull from | `datadog/agent` | -| `image.tag` | The image tag to pull | `6.10.1` | +| `image.tag` | The image tag to pull | `6.14.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `nil` | -| `nameOverride` | Override name of app | `nil` | -| `fullnameOverride` | Override full name of app | `nil` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `rbac.serviceAccountName` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `daemonset.podLabels` | labels to add to each pod | `nil` | -| `datadog.name` | Container name if Daemonset or Deployment | `datadog` | +| `nameOverride` | Override name of app | `""` | +| `fullnameOverride` | Override full name of app | `""` | +| `agents.rbac.create` | If true, create & use RBAC resources | `true` | +| `agents.rbac.serviceAccountName` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | | `datadog.site` | Site ('datadoghq.com' or 'datadoghq.eu') | `nil` | | `datadog.dd_url` | Datadog intake server | `nil` | | `datadog.env` | Additional Datadog environment variables | `nil` | @@ -262,87 +268,89 @@ helm install --name \ | `datadog.logsEnabled` | Enable log collection | `nil` | | `datadog.logsConfigContainerCollectAll` | Collect logs from all containers | `nil` | | `datadog.logsPointerHostPath` | Host path to store the log tailing state in | `/var/lib/datadog-agent/logs` | -| `datadog.apmEnabled` | Enable tracing from the host | `nil` | -| `datadog.processAgentEnabled` | Control live process and container monitoring. Possible values: `nil` for container monitoring only, `true` for container and process monitoring, `false` turns off process-agent | `nil`| +| `datadog.apm.enabled` | Enable tracing from the host | `false` | +| `datadog.apm.port` | Used to override the default agent APM Port | `8126` | +| `datadog.processAgent.enabled` | Control live process and container monitoring. Possible values: `nil` for container monitoring only, `true` for container and process monitoring, `false` turns off process-agent | `nil`| | `datadog.checksd` | Additional custom checks as python code | `nil` | | `datadog.confd` | Additional check configurations (static and Autodiscovery) | `nil` | -| `datadog.criSocketPath` | Path to the container runtime socket (if different from Docker) | `nil` | +| `datadog.criSocketPath` | Path to the container runtime socket (default is Docker runtime) | `/var/run/docker.sock` | | `datadog.tags` | Set host tags | `nil` | -| `datadog.nonLocalTraffic` | Enable statsd reporting and APM from any external ip | `False` | | `datadog.useCriSocketVolume` | Enable mounting the container runtime socket in Agent containers | `True` | -| `datadog.dogstatsdOriginDetection` | Enable origin detection for container tagging | `False` | -| `datadog.dogStatsDPort` | Used to override the default agent DogStatsD Port | `8125` | -| `datadog.useDogStatsDSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | -| `datadog.dogStatsDSocketPath` | Custom path to the socket, has to be located in the `/var/run/datadog` folder path | `/var/run/datadog/dsd.socket` | -| `datadog.volumes` | Additional volumes for the daemonset or deployment | `nil` | -| `datadog.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | +| `datadog.dogstatsd.originDetection` | Enable origin detection for container tagging | `False` | +| `datadog.dogstatsd.port` | Used to override the default agent DogStatsD Port | `8125` | +| `datadog.dogstatsd.useHostPID`. | If true, use the host's PID namespace | `nil` | +| `datadog.dogstatsd.useHostPort` | If true, use the same ports for both host and container | `nil` | +| `datadog.dogstatsd.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | +| `datadog.dogstatsd.useSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | +| `datadog.dogstatsd.socketPath` | Custom path to the socket, has to be located in the `/var/run/datadog` folder path | `/var/run/datadog/dsd.socket` | | `datadog.nodeLabelsAsTags` | Kubernetes Node Labels to Datadog Tags mapping | `nil` | | `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | | `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` | -| `datadog.resources.requests.cpu` | CPU resource requests | `200m` | -| `datadog.resources.limits.cpu` | CPU resource limits | `200m` | -| `datadog.resources.requests.memory` | Memory resource requests | `256Mi` | -| `datadog.resources.limits.memory` | Memory resource limits | `256Mi` | | `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` | | `datadog.livenessProbe` | Overrides the default liveness probe | http port 5555 | | `datadog.hostname` | Set the hostname (write it in datadog.conf) | `nil` | | `datadog.acInclude` | Include containers based on image name | `nil` | | `datadog.acExclude` | Exclude containers based on image name | `nil` | -| `daemonset.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | -| `daemonset.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | -| `daemonset.nodeSelector` | Node selectors | `nil` | -| `daemonset.affinity` | Node affinities | `nil` | -| `daemonset.useHostNetwork` | If true, use the host's network | `nil` | -| `daemonset.useHostPID`. | If true, use the host's PID namespace | `nil` | -| `daemonset.useHostPort` | If true, use the same ports for both host and container | `nil` | -| `daemonset.useDedicatedContainers` | If true, each Datadog agent will run in a separate container | `nil` | -| `daemonset.containers.agent.env` | Additional list of environment variables to use in the agent container | `nil` | -| `daemonset.containers.agent.logLevel` | Agent log verbosity | `INFO` | -| `daemonset.containers.agent.resources.limits.cpu` | CPU resource limits for the agent container | `200m` | -| `daemonset.containers.agent.resources.requests.cpu` | CPU resource requests for the agent container | `200m` | -| `daemonset.containers.agent.resources.limits.memory` | Memory resource limits for the agent container | `256Mi` | -| `daemonset.containers.agent.resources.requests.memory` | Memory resource requests for the agent container | `256Mi` | -| `daemonset.containers.processAgent.env` | Additional list of environment variables to use in the process-agent container | `nil` | -| `daemonset.containers.processAgent.logLevel` | Process agent log verbosity | `INFO` | -| `daemonset.containers.processAgent.resources.limits.cpu` | CPU resource limits for the process-agent container | `100m` | -| `daemonset.containers.processAgent.resources.requests.cpu` | CPU resource requests for the process-agent container | `100m` | -| `daemonset.containers.processAgent.resources.limits.memory` | Memory resource limits for the process-agent container | `200Mi` | -| `daemonset.containers.processAgent.resources.requests.memory` | Memory resource requests for the process-agent container | `200Mi` | -| `daemonset.containers.traceAgent.env` | Additional list of environment variables to use in the trace-agent container | `nil` | -| `daemonset.containers.traceAgent.logLevel` | Trace agent log verbosity | `INFO` | -| `daemonset.containers.traceAgent.resources.limits.cpu` | CPU resource limits for the trace-agent container | `100m` | -| `daemonset.containers.traceAgent.resources.requests.cpu` | CPU resource requests for the trace-agent container | `100m` | -| `daemonset.containers.traceAgent.resources.limits.memory` | Memory resource limits for the trace-agent container | `200Mi` | -| `daemonset.containers.traceAgent.resources.requests.memory` | Memory resource requests for the trace-agent container | `200Mi` | -| `daemonset.containers.systemProbe.env` | Additional list of environment variables to use in the system-probe container | `nil` | -| `daemonset.containers.systemProbe.logLevel` | System probe log verbosity | `INFO` | -| `daemonset.containers.systemProbe.resources.limits.cpu` | CPU resource limits for the system-probe container | `100m` | -| `daemonset.containers.systemProbe.resources.requests.cpu` | CPU resource requests for the system-probe container | `100m` | -| `daemonset.containers.systemProbe.resources.limits.memory` | Memory resource limits for the system-probe container | `200Mi` | -| `daemonset.containers.systemProbe.resources.requests.memory` | Memory resource requests for the system-probe container | `200Mi` | -| `daemonset.priorityClassName` | Which Priority Class to associate with the daemonset | `nil` | -| `daemonset.useConfigMap` | Configures a configmap to provide the agent configuration | `false` | -| `daemonset.customAgentConfig` | Specify custom contents for the datadog agent config (datadog.yaml). | `{}` | -| `daemonset.updateStrategy` | Which update strategy to deploy the daemonset | RollingUpdate with 10% maxUnavailable | +| `datadog.systemProbe.enabled` | enable system probe collection | `false` | +| `datadog.systemProbe.seccomp` | Apply an ad-hoc seccomp profile to system-probe to restrict its privileges | `localhost/system-probe` | +| `datadog.systemProbe.seccompRoot` | Seccomp root directory for system-probe | `/var/lib/kubelet/seccomp` | +| `datadog.systemProbe.debugPort` | The port to expose pprof and expvar for system-probe agent, it is not enabled if the value is set to 0 | `0` | +| `datadog.systemProbe.enableConntrack` | If true, system-probe connects to the netlink/conntrack subsystem to add NAT information to connection data. Ref: http://conntrack-tools.netfilter.org/| `true`| +| `datadog.systemProbe.bpfDebug` | If true, system-probe writes debug logs to /sys/kernel/debug/tracing/trace_pipe | `false` | +| `datadog.systemProbe.apparmor` | Apparmor profile for system-probe | `unconfined` | +| `agents.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | +| `agents.podLabels` | labels to add to each pod | `nil` | +| `agents.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | +| `agents.nodeSelector` | Node selectors | `nil` | +| `agents.affinity` | Node affinities | `nil` | +| `agents.useHostNetwork` | If true, use the host's network | `nil` | +| `agents.containers.agent.env` | Additional list of environment variables to use in the agent container | `nil` | +| `agents.containers.agent.logLevel` | Agent log verbosity | `INFO` | +| `agents.containers.agent.resources.limits.cpu` | CPU resource limits for the agent container | `200m` | +| `agents.containers.agent.resources.requests.cpu` | CPU resource requests for the agent container | `200m` | +| `agents.containers.agent.resources.limits.memory` | Memory resource limits for the agent container | `256Mi` | +| `agents.containers.agent.resources.requests.memory` | Memory resource requests for the agent container | `256Mi` | +| `agents.containers.processAgent.env` | Additional list of environment variables to use in the process-agent container | `nil` | +| `agents.containers.processAgent.logLevel` | Process agent log verbosity | `INFO` | +| `agents.containers.processAgent.resources.limits.cpu` | CPU resource limits for the process-agent container | `100m` | +| `agents.containers.processAgent.resources.requests.cpu` | CPU resource requests for the process-agent container | `100m` | +| `agents.containers.processAgent.resources.limits.memory` | Memory resource limits for the process-agent container | `200Mi` | +| `agents.containers.processAgent.resources.requests.memory` | Memory resource requests for the process-agent container | `200Mi` | +| `agents.containers.traceAgent.env` | Additional list of environment variables to use in the trace-agent container | `nil` | +| `agents.containers.traceAgent.logLevel` | Trace agent log verbosity | `INFO` | +| `agents.containers.traceAgent.resources.limits.cpu` | CPU resource limits for the trace-agent container | `100m` | +| `agents.containers.traceAgent.resources.requests.cpu` | CPU resource requests for the trace-agent container | `100m` | +| `agents.containers.traceAgent.resources.limits.memory` | Memory resource limits for the trace-agent container | `200Mi` | +| `agents.containers.traceAgent.resources.requests.memory` | Memory resource requests for the trace-agent container | `200Mi` | +| `agents.containers.systemProbe.env` | Additional list of environment variables to use in the system-probe container | `nil` | +| `agents.containers.systemProbe.logLevel` | System probe log verbosity | `INFO` | +| `agents.containers.systemProbe.resources.limits.cpu` | CPU resource limits for the system-probe container | `100m` | +| `agents.containers.systemProbe.resources.requests.cpu` | CPU resource requests for the system-probe container | `100m` | +| `agents.containers.systemProbe.resources.limits.memory` | Memory resource limits for the system-probe container | `200Mi` | +| `agents.containers.systemProbe.resources.requests.memory` | Memory resource requests for the system-probe container | `200Mi` | +| `agents.containers.initContainers.resources.limits.cpu` | CPU resource limits for the init containers container | `200m` | +| `agents.containers.initContainers.resources.requests.cpu` | CPU resource requests for the init containers container | `200m` | +| `agents.containers.initContainers.resources.limits.memory` | Memory resource limits for the init containers container | `256Mi` | +| `agents.containers.initContainers.resources.requests.memory` | Memory resource requests for the init containers container | `256Mi` | +| `agents.priorityClassName` | Which Priority Class to associate with the daemonset | `nil` | +| `agents.useConfigMap` | Configures a configmap to provide the agent configuration | `false` | +| `agents.customAgentConfig` | Specify custom contents for the datadog agent config (datadog.yaml). | `{}` | +| `agents.updateStrategy` | Which update strategy to deploy the daemonset | RollingUpdate with 10% maxUnavailable | +| `agents.volumes` | Additional volumes for the daemonset or deployment | `nil` | +| `agents.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | | `datadog.leaderElection` | Enable the leader Election feature | `false` | | `datadog.leaderLeaseDuration` | The duration for which a leader stays elected. | 60 sec, 15 if Cluster Checks enabled | | `datadog.collectEvents` | Enable Kubernetes event collection. Requires leader election. | `false` | -| `deployment.affinity` | Node / Pod affinities | `{}` | -| `deployment.tolerations` | List of node taints to tolerate | `[]` | -| `deployment.priorityClassName` | Which Priority Class to associate with the deployment | `nil` | -| `kubeStateMetrics.enabled` | If true, create kube-state-metrics | `true` | -| `kube-state-metrics.rbac.create` | If true, create & use RBAC resources for kube-state-metrics | `true` | -| `kube-state-metrics.serviceAccount.create` | If true, create & use serviceAccount | `true` | -| `kube-state-metrics.serviceAccount.name` | If not set & create is true, use template fullname | | -| `kube-state-metrics.resources` | Overwrite the default kube-state-metrics container resources (Optional) | | +| `datadog.kubeStateMetricsEnabled` | If true, create kube-state-metrics | `true` | | `clusterAgent.enabled` | Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only) | `false` | | `clusterAgent.token` | A cluster-internal secret for agent-to-agent communication. Must be 32+ characters a-zA-Z | Generates a random value | | `clusterAgent.tokenExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | -| `clusterAgent.containerName` | The container name for the Cluster Agent | `cluster-agent` | | `clusterAgent.image.repository` | The image repository for the cluster-agent | `datadog/cluster-agent` | | `clusterAgent.image.tag` | The image tag to pull | `1.2.0` | | `clusterAgent.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `clusterAgent.image.pullSecrets` | Image pull secrets | `nil` | +| `clusterAgent.rbac.create` | If true, create & use RBAC resources for cluster agent's pods | `true` | +| `clusterAgent.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for cluster agent's pods | `default` | | `clusterAgent.metricsProvider.enabled` | Enable Datadog metrics as a source for HPA scaling | `false` | | `clusterAgent.metricsProvider.service.type` | The type of service to use for the clusterAgent metrics server | `ClusterIP` | | `clusterAgent.metricsProvider.service.port` | The port for service to use for the clusterAgent metrics server | `443` . | @@ -356,29 +364,28 @@ helm install --name \ | `clusterAgent.resources.requests.memory` | Memory resource requests | `256Mi` | | `clusterAgent.resources.limits.memory` | Memory resource limits | `256Mi` | | `clusterAgent.tolerations` | List of node taints to tolerate | `[]` | -| `clusterAgent.livenessProbe` | Overrides the default liveness probe | http port 443 if external metrics enabled | -| `clusterAgent.readinessProbe` | Overrides the default readiness probe | http port 443 if external metrics enabled | +| `clusterAgent.healthPort` | Overrides the default health port used by the liveness and readiness endpoint | `8080` | +| `clusterAgent.livenessProbe` | Overrides the default liveness probe | `http check on /healthz with port 8080` | +| `clusterAgent.readinessProbe` | Overrides the default readiness probe | `http check on /healthz with port 8080` | | `clusterAgent.strategy` | Which update strategy to deploy the cluster-agent | RollingUpdate with 0 maxUnavailable, 1 maxSurge | | `clusterAgent.useHostNetwork` | If true, use the host's network | `nil` | | `clusterAgent.volumes` | Additional volumes for the cluster-agent deployment | `nil` | | `clusterAgent.volumeMounts` | Additional volumeMounts for the cluster-agent deployment | `nil` | -| `clusterchecksDeployment.enabled` | Enable Datadog agent deployment dedicated for running Cluster Checks. It allows having different resources (Request/Limit) for Cluster Checks agent pods. | `false` | -| `clusterchecksDeployment.env` | Additional Datadog environment variables for Cluster Checks Deployment | `nil` | -| `clusterchecksDeployment.resources.requests.cpu` | CPU resource requests | `200m` | -| `clusterchecksDeployment.resources.limits.cpu` | CPU resource limits | `200m` | -| `clusterchecksDeployment.resources.requests.memory` | Memory resource requests | `256Mi` | -| `clusterchecksDeployment.resources.limits.memory` | Memory resource limits | `256Mi` | -| `clusterchecksDeployment.nodeSelector` | Node selectors | `nil` | -| `clusterchecksDeployment.tolerations` | List of node taints to tolerate | `nil` | -| `clusterchecksDeployment.affinity` | Node affinities | avoid running pods on the same node | -| `clusterchecksDeployment.livenessProbe` | Overrides the default liveness probe | http port 5555 | -| `clusterchecksDeployment.rbac.dedicated` | If true, use dedicated RBAC resources for clusterchecks agent's pods | `false` | -| `clusterchecksDeployment.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for clusterchecks | `default` | -| `clusterchecksDeployment.strategy` | Which update strategy to deploy the Cluster Checks Deployment | RollingUpdate with 0 maxUnavailable, 1 maxSurge | -| `systemProbe.enabled` | If both this flag and `daemonset.useDedicatedContainers` are true, enable system probe collection | `false` | -| `systemProbe.seccomp` | Apply an ad-hoc seccomp profile to system-probe to restrict its privileges | `localhost/system-probe` | -| `systemProbe.seccompRoot` | Seccomp root directory for system-probe | `/var/lib/kubelet/seccomp` | -| `systemProbe.debugPort` | The port to expose pprof and expvar for system-probe agent, it is not enabled if the value is set to 0 | `0` | -| `systemProbe.enableConntrack` | If true, system-probe connects to the netlink/conntrack subsystem to add NAT information to connection data. Ref: http://conntrack-tools.netfilter.org/| `true`| -| `systemProbe.bpfDebug` | If true, system-probe writes debug logs to /sys/kernel/debug/tracing/trace_pipe | `false` | -| `systemProbe.apparmor` | Apparmor profile for system-probe | `unconfined` | +| `clusterChecksRunner.enabled` | Enable Datadog agent deployment dedicated for running Cluster Checks. It allows having different resources (Request/Limit) for Cluster Checks agent pods. | `false` | +| `clusterChecksRunner.env` | Additional Datadog environment variables for Cluster Checks Deployment | `nil` | +| `clusterChecksRunner.resources.requests.cpu` | CPU resource requests | `200m` | +| `clusterChecksRunner.resources.limits.cpu` | CPU resource limits | `200m` | +| `clusterChecksRunner.resources.requests.memory` | Memory resource requests | `256Mi` | +| `clusterChecksRunner.resources.limits.memory` | Memory resource limits | `256Mi` | +| `clusterChecksRunner.nodeSelector` | Node selectors | `nil` | +| `clusterChecksRunner.tolerations` | List of node taints to tolerate | `nil` | +| `clusterChecksRunner.affinity` | Node affinities | avoid running pods on the same node | +| `clusterChecksRunner.livenessProbe` | Overrides the default liveness probe | http port 5555 | +| `clusterChecksRunner.rbac.create` | If true, create & use RBAC resources for clusterchecks agent's pods | `true` | +| `clusterChecksRunner.rbac.dedicated` | If true, use dedicated RBAC resources for clusterchecks agent's pods | `false` | +| `clusterChecksRunner.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for clusterchecks agent's pods | `default` | +| `clusterChecksRunner.strategy` | Which update strategy to deploy the Cluster Checks Deployment | RollingUpdate with 0 maxUnavailable, 1 maxSurge | +| `kube-state-metrics.rbac.create` | If true, create & use RBAC resources for kube-state-metrics | `true` | +| `kube-state-metrics.serviceAccount.create` | If true, create & use serviceAccount | `true` | +| `kube-state-metrics.serviceAccount.name` | If not set & create is true, use template fullname | | +| `kube-state-metrics.resources` | Overwrite the default kube-state-metrics container resources (Optional) | | diff --git a/stable/datadog/ci/cluster-agent-and-worker-values.yaml b/stable/datadog/ci/cluster-agent-and-worker-values.yaml index 6b5724741d27..2bdcfcbac2e4 100644 --- a/stable/datadog/ci/cluster-agent-and-worker-values.yaml +++ b/stable/datadog/ci/cluster-agent-and-worker-values.yaml @@ -1,9 +1,11 @@ -# Empty values file for testing default parameters. -clusterAgent: - enabled: true +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + clusterChecks: + enabled: true -clusterChecks: +clusterAgent: enabled: true -clusterchecksDeployment: +clusterChecksRunner: enabled: true diff --git a/stable/datadog/ci/cluster-agent-metrics-server-service-port-values.yaml b/stable/datadog/ci/cluster-agent-metrics-server-service-port-values.yaml index 43d3e7723c83..7360ab6cda12 100644 --- a/stable/datadog/ci/cluster-agent-metrics-server-service-port-values.yaml +++ b/stable/datadog/ci/cluster-agent-metrics-server-service-port-values.yaml @@ -1,3 +1,7 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + clusterAgent: enabled: true diff --git a/stable/datadog/ci/cluster-agent-volumes-and-mounts-values.yaml b/stable/datadog/ci/cluster-agent-volumes-and-mounts-values.yaml index 808ec772a750..b3989a371a79 100644 --- a/stable/datadog/ci/cluster-agent-volumes-and-mounts-values.yaml +++ b/stable/datadog/ci/cluster-agent-volumes-and-mounts-values.yaml @@ -1,3 +1,7 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + clusterAgent: enabled: true diff --git a/stable/datadog/ci/cluster-name-values.yaml b/stable/datadog/ci/cluster-name-values.yaml new file mode 100644 index 000000000000..f8ca4893ab85 --- /dev/null +++ b/stable/datadog/ci/cluster-name-values.yaml @@ -0,0 +1,4 @@ +datadog: + clusterName: kubernetes-cluster.example.com + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" diff --git a/stable/datadog/ci/cluster-name.yaml b/stable/datadog/ci/cluster-name.yaml deleted file mode 100644 index 812dd0f12f12..000000000000 --- a/stable/datadog/ci/cluster-name.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# Empty values file for testing default parameters. - -datadog: - clusterName: kubernetes-cluster.example.com diff --git a/stable/datadog/ci/default-values.yaml b/stable/datadog/ci/default-values.yaml index 7394e238e8d5..ff92bd38a893 100644 --- a/stable/datadog/ci/default-values.yaml +++ b/stable/datadog/ci/default-values.yaml @@ -1 +1,4 @@ # Empty values file for testing default parameters. +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" diff --git a/stable/datadog/ci/no_hardened_seccomp.yaml b/stable/datadog/ci/no_hardened_seccomp.yaml index 4050954a1558..0db647830172 100644 --- a/stable/datadog/ci/no_hardened_seccomp.yaml +++ b/stable/datadog/ci/no_hardened_seccomp.yaml @@ -1,5 +1,6 @@ -# Empty values file for testing default parameters. - -systemProbe: - enabled: true - seccomp: runtime/default +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + systemProbe: + enabled: true + seccomp: runtime/default diff --git a/stable/datadog/docs/Migration_1.x_to_2.x.md b/stable/datadog/docs/Migration_1.x_to_2.x.md new file mode 100644 index 000000000000..ab123f1d5a9a --- /dev/null +++ b/stable/datadog/docs/Migration_1.x_to_2.x.md @@ -0,0 +1,68 @@ +# Chart 1.x to 2.x migration guide + +The `datadog` chart has been refactored to regroup the `values.yaml` parameters in a more logical way. +Migrating from chart v1 to chart v2 hence requires to restructure the `values.yaml` file. +For all the parameters in the existing `values.yaml` file that applied to chart v1, you’ll +find to which parameters they correspond to in v2 in the following table. +Parameters that are not listed in the table below haven’t been touched and are at the same +location in v1 and v2. + +| Old parameter | New location | comment | +| ------------- | ------------ | ------- | +| `image.repository` | `agents.image.repository` and `clusterCheckRunner.image.repository` | | +| `image.tag` | `agents.image.tag` and `clusterCheckRunner.image.repository` | | +| `image.pullPolicy` | `agents.image.pullPolicy` and `clusterCheckRunner.image.repository` | | +| `datadog.name` | ∅ | The name of the container inside the agent and cluster-agent pod isn’t configurable anymore | +| `datadog.useCriSocketVolume` | ∅ | If `datadog.criSocketPath` is defined, the socket will be mounted inside the container without needing to set `datadog.useCriSocketVolume` in addition. | +| `datadog.containerLogsPath` | ∅ | Not needed anymore because the chart automatically detects if the CRI is `docker` based on `criSocketPath` and mounts the path accordingly | +| `datadog.apmEnabled` | `datadog.apm.enabled` | | +| `datadog.processAgentEnabled` | `datadog.processAgent.enabled` | | +| `datadog.volumes` | `agent.volumes` | | +| `datadog.volumeMounts` | `agent.VolumeMounts` | | +| `datadog.livenessProbe` | `agents.containers.agent.livenessProbe` | | +| `datadog.resources` | `agents.containers.agent.resources` | | +| `datadog.dogstatsdOriginDetection` | `datadog.dogstatsd.originDetection` | | +| `datadog.useDogStatsDSocketVolume` | `datadog.dogstatsd.useSocketVolume` | | +| `systemProbe.enabled` | `datadog.systemProbe.enabled` | | +| `systemProbe.debugPort` | `datadog.systemProbe.debugPort` | | +| `systemProbe.enableConntrack` | `datadog.systemProbe.enableConntrack` | | +| `systemProbe.seccomp` | `datadog.systemProbe.seccomp` | | +| `systemProbe.seccompRoot` | `datadog.systemProbe.seccompRoot` | | +| `systemProbe.bpfDebug` | `datadog.systemProbe.bpfDebug` | | +| `systemProbe.apparmor` | `datadog.systemProbe.apparmor` | | +| `clusterAgent.containerName` | ∅ | The name of the container inside the cluster agent pod isn’t configurable anymore | +| `clusterAgent.clusterChecks.enabled` | `datadog.clusterChecks.enabled` | | +| `rbac.create` | `agents.rbac.create` and `clusterAgent.rbac.create` | | +| `rbac.serviceAccountName` | `agents.rbac.serviceAccountName` and `clusterAgent.rabc.serviceAccountName` | | +| `toleration` | `agents.toleration` | | +| `kubeStateMetrics.enabled` | `datadog.kubeStateMetricsEnabled` | | +| `daemonset.enabled` | `agents.enabled` | | +| `daemonset.containers.agent.*` | `agents.containers.agent.*` | | +| `daemonset.containers.processAgent.*` | `agents.containers.processAgent.*` | | +| `daemonset.containers.traceAgent.*` | `agents.containers.traceAgent.*` | | +| `daemonset.containers.systemProbe.*` | `agents.containers.systemProbe.*` | | +| `daemonset.useHostNetwork` | `agents.useHostNetwork` | | +| `daemonset.dogstatsdPort` | `datadog.dogstatsd.port` | | +| `daemonset.useHostPort` | `datadog.dogstatsd.useHostPort` | | +| `daemonset.useHostPID` | `datadog.dogstatsd.useHostPID` | | +| `daemonset.nonLocalTraffic` | `datadog.dogstatsd.nonLocalTraffic` | | +| `daemonset.podAnnotations` | `agents.podAnnotations` | | +| `daemonset.tolerations` | `agents.tolerations` | | +| `daemonset.nodeSelector` | `agents.nodeSelector` | | +| `daemonset.affinity` | `agents.affinity` | | +| `daemonset.updateStrategy` | `agents.updateStrategy` | | +| `daemonset.priorityClassName` | `agents.priorityClassName` | | +| `daemonset.podLabels` | `agents.podLabels` | | +| `daemonset.useConfigMap` | `agents.useConfigMap` | | +| `daemonset.customAgentConfig.*` | `agents.customAgentConfig.*` | | +| `deployment.*` | ∅ | | +| `clusterchecksDeployment.enabled` | `clusterChecksRunner.enabled` | | +| `clusterchecksDeployment.rbac.*` | `clusterChecksRunner.rbac.*` | | +| `clusterchecksDeployment.replicas` | `clusterChecksRunner.replicas` | | +| `clusterchecksDeployment.resources.*` | `clusterChecksRunner.resources.*` | | +| `clusterchecksDeployment.affinity` | `clusterChecksRunner.affinity` | | +| `clusterchecksDeployment.strategy` | `clusterChecksRunner.strategy` | | +| `clusterchecksDeployment.nodeSelector` | `clusterChecksRunner.nodeSelector` | | +| `clusterchecksDeployment.tolerations` | `clusterChecksRunner.tolerations` | | +| `clusterchecksDeployment.livenessProbe` | `clusterChecksRunner.livenessProbe` | | +| `clusterchecksDeployment.env` | `clusterChecksRunner.env` | | diff --git a/stable/datadog/requirements.lock b/stable/datadog/requirements.lock index 9d10ee9b102d..e7a0165bf490 100644 --- a/stable/datadog/requirements.lock +++ b/stable/datadog/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-state-metrics repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.2.3 -digest: sha256:28fd41002af09316b9f614d320ea4171db39a144b595c68f616c546dd5292709 -generated: "2019-08-13T09:53:34.977562+02:00" + version: 2.3.1 +digest: sha256:2b964f07f2958d3eab02e2f2aa34cb5a1f0074b22e7b231518e842d875521686 +generated: "2020-01-02T18:11:01.227785+01:00" diff --git a/stable/datadog/requirements.yaml b/stable/datadog/requirements.yaml index 171a28a1144d..39721dce4ed2 100644 --- a/stable/datadog/requirements.yaml +++ b/stable/datadog/requirements.yaml @@ -1,5 +1,5 @@ dependencies: - name: kube-state-metrics - version: ~2.2.3 + version: ~2.3.1 repository: https://kubernetes-charts.storage.googleapis.com/ - condition: kubeStateMetrics.enabled + condition: datadog.kubeStateMetricsEnabled diff --git a/stable/datadog/templates/NOTES.txt b/stable/datadog/templates/NOTES.txt index 11c0fa3ec076..2f823fecd4b0 100644 --- a/stable/datadog/templates/NOTES.txt +++ b/stable/datadog/templates/NOTES.txt @@ -1,12 +1,13 @@ -{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} + +{{- if (or (.Values.datadog.apiKeyExistingSecret) (not (eq .Values.datadog.apiKey ""))) }} DataDog agents are spinning up on each node in your cluster. After a few minutes, you should see your agents starting in your event stream: - https://app.datadoghq.com/event/stream + {{- if .Values.datadog.apiKeyExistingSecret }} You disabled creation of Secret containing API key, therefore it is expected that you create Secret named '{{ .Values.datadog.apiKeyExistingSecret }}' which includes a key called 'api-key' containing the API key. - {{- else if (.Values.datadog.apiKey) }} + {{- else if not (eq .Values.datadog.apiKey "") }} {{- end }} {{- else }} ############################################################################## @@ -44,48 +45,10 @@ Create an application key at https://app.datadoghq.com/account/settings#api {{- end }} {{- end }} - {{- if and (not .Values.clusterAgent.token) (not .Values.clusterAgent.tokenExistingSecret) }} - -############################################################################## -#### INFO: You did not set a clusterAgent.token #### -############################################################################## - -Because you enabled the Cluster Agent but did not either provide a token or a reference to an existing token via '{{ .Values.clusterAgent.tokenExistingSecret }}', a random token was generated. -This token is used to secure the communication between the Agents and the Cluster Agent. - -Make sure to recreate all pods on upgrade (with the --recreate-pods flag) to ensure all -agents use the same shared token. - - {{- end }} - {{- end }} -{{- if .Values.datadog.apmEnabled }} -The datadog agent is listening on port 8126. -{{- end }} - -{{- if .Values.deployment.enabled }} -################################################################# -#### WARNING: Deprecation notice #### -################################################################# - -* Deployment installation will be deprecated in the future major - chart version (`v2.0.0`). This installation configuration is - triggered by the option: `deployment.enabled: true`. - The recommended solution is to run the Datadog-agent with the - `Daemonset` configuration which is the default configuration. - -{{- if .Values.daemonset.enabled }} - -* Simultaneous DaemonSet + Deployment installation within a single - release will be deprecated in the futur major chart version - (`v2.0.0`). - - Running as a Deployment is not necessary for event collection - anymore, thanks to the leader election feature. - - We encourage you to migrate to a single DaemonSet. -{{- end }} +{{- if .Values.datadog.apm.enabled }} +The Datadog Agent is listening on port {{ .Values.datadog.apm.port }} for APM service. {{- end }} {{- if .Values.datadog.autoconf }} @@ -102,7 +65,7 @@ Please note that duplicate file names may have conflicted during the merge. In that case, the confd entry will take precedence. {{- end }} -{{- if eq .Values.image.repository "datadog/docker-dd-agent" }} +{{- if eq .Values.agents.image.repository "datadog/docker-dd-agent" }} ###################################################################### #### ERROR: Unsupported agent version #### diff --git a/stable/datadog/templates/agent-apiservice.yaml b/stable/datadog/templates/agent-apiservice.yaml index b1a3ab0ff3ee..74557cf9772c 100644 --- a/stable/datadog/templates/agent-apiservice.yaml +++ b/stable/datadog/templates/agent-apiservice.yaml @@ -1,13 +1,9 @@ -{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} +{{- if and .Values.clusterAgent.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: name: v1beta1.external.metrics.k8s.io labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/agent-clusterchecks-deployment.yaml b/stable/datadog/templates/agent-clusterchecks-deployment.yaml index 80dc04e7981b..1795bbae7863 100644 --- a/stable/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/stable/datadog/templates/agent-clusterchecks-deployment.yaml @@ -1,35 +1,18 @@ -{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.clusterChecks.enabled .Values.clusterchecksDeployment.enabled -}} -{{- if .Capabilities.APIVersions.Has "apps/v1" }} +{{- if and .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled -}} apiVersion: apps/v1 -{{- else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} -apiVersion: extensions/v1beta1 -{{- else }} -apiVersion: apps/v1 -{{- end }} kind: Deployment metadata: name: {{ template "datadog.fullname" . }}-clusterchecks labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} app.kubernetes.io/managed-by: {{ .Release.Service | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} spec: - replicas: {{ .Values.clusterchecksDeployment.replicas }} + replicas: {{ .Values.clusterChecksRunner.replicas }} strategy: -{{- if .Values.clusterchecksDeployment.strategy }} -{{ toYaml .Values.clusterchecksDeployment.strategy | indent 4 }} -{{- else }} - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 -{{- end }} +{{ toYaml .Values.clusterChecksRunner.strategy | indent 4 }} selector: matchLabels: app: {{ template "datadog.fullname" . }}-clusterchecks @@ -39,15 +22,17 @@ spec: app: {{ template "datadog.fullname" . }}-clusterchecks name: {{ template "datadog.fullname" . }}-clusterchecks spec: - {{- if .Values.clusterchecksDeployment.rbac.dedicated }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "datadog.fullname" . }}-cluster-checks{{ else }}"{{ .Values.clusterchecksDeployment.rbac.serviceAccountName }}"{{ end }} + {{- if .Values.clusterChecksRunner.rbac.dedicated }} + serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}-cluster-checks{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} {{- else }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + serviceAccountName: {{ if .Values.clusterChecksRunner.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.clusterChecksRunner.rbac.serviceAccountName }}"{{ end }} {{- end }} + imagePullSecrets: +{{ toYaml .Values.clusterChecksRunner.image.pullSecrets | indent 8 }} containers: - - name: {{ default .Chart.Name .Values.datadog.name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + - name: agent + image: "{{ .Values.clusterChecksRunner.image.repository }}:{{ .Values.clusterChecksRunner.image.tag }}" + imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} env: - name: DD_API_KEY valueFrom: @@ -69,7 +54,6 @@ spec: value: {{ .Values.clusterAgent.enabled | quote }} - {name: DD_EXTRA_CONFIG_PROVIDERS, value: "clusterchecks"} # Remove unused features - - {name: DD_APM_ENABLED, value: "false"} - {name: DD_PROCESS_AGENT_ENABLED, value: "false"} - {name: DD_LOGS_ENABLED, value: "false"} # Safely run alongside the daemonset @@ -78,17 +62,17 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName -{{- if .Values.clusterchecksDeployment.env }} -{{ toYaml .Values.clusterchecksDeployment.env | indent 10 }} +{{- if .Values.clusterChecksRunner.env }} +{{ toYaml .Values.clusterChecksRunner.env | indent 10 }} {{- end }} resources: -{{ toYaml .Values.clusterchecksDeployment.resources | indent 10 }} +{{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} volumeMounts: - {name: s6-run, mountPath: /var/run/s6} - {name: remove-corechecks, mountPath: /etc/datadog-agent/conf.d} -{{- if .Values.clusterchecksDeployment.livenessProbe }} +{{- if .Values.clusterChecksRunner.livenessProbe }} livenessProbe: -{{ toYaml .Values.clusterchecksDeployment.livenessProbe | indent 10 }} +{{ toYaml .Values.clusterChecksRunner.livenessProbe | indent 10 }} {{- else }} livenessProbe: httpGet: @@ -104,8 +88,8 @@ spec: - {name: s6-run, emptyDir: {}} - {name: remove-corechecks, emptyDir: {}} affinity: -{{- if .Values.clusterchecksDeployment.affinity }} -{{ toYaml .Values.clusterchecksDeployment.affinity | indent 8 }} +{{- if .Values.clusterChecksRunner.affinity }} +{{ toYaml .Values.clusterChecksRunner.affinity | indent 8 }} {{- else }} # Ensure we only run one worker per node, to avoid name collisions podAntiAffinity: @@ -115,12 +99,12 @@ spec: app: {{ template "datadog.fullname" . }}-clusterchecks topologyKey: kubernetes.io/hostname {{- end }} - {{- if .Values.clusterchecksDeployment.nodeSelector }} + {{- if .Values.clusterChecksRunner.nodeSelector }} nodeSelector: -{{ toYaml .Values.clusterchecksDeployment.nodeSelector | indent 8 }} +{{ toYaml .Values.clusterChecksRunner.nodeSelector | indent 8 }} {{- end }} - {{- if .Values.clusterchecksDeployment.tolerations }} + {{- if .Values.clusterChecksRunner.tolerations }} tolerations: -{{ toYaml .Values.clusterchecksDeployment.tolerations | indent 8 }} +{{ toYaml .Values.clusterChecksRunner.tolerations | indent 8 }} {{- end }} {{ end }} diff --git a/stable/datadog/templates/agent-clusterchecks-rbac.yaml b/stable/datadog/templates/agent-clusterchecks-rbac.yaml index 5a1667d48129..b36799b56ae3 100644 --- a/stable/datadog/templates/agent-clusterchecks-rbac.yaml +++ b/stable/datadog/templates/agent-clusterchecks-rbac.yaml @@ -1,12 +1,8 @@ -{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.clusterChecks.enabled .Values.clusterchecksDeployment.enabled -}} +{{- if and .Values.clusterChecksRunner.rbac.create .Values.clusterAgent.enabled .Values.datadog.clusterChecks.enabled .Values.clusterChecksRunner.enabled -}} apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/agent-rbac.yaml b/stable/datadog/templates/agent-rbac.yaml index a8ff5b574486..096773c2d670 100644 --- a/stable/datadog/templates/agent-rbac.yaml +++ b/stable/datadog/templates/agent-rbac.yaml @@ -1,12 +1,8 @@ -{{- if and .Values.rbac.create .Values.clusterAgent.enabled -}} +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create -}} apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRole metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -80,10 +76,6 @@ apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -115,7 +107,7 @@ metadata: name: {{ template "datadog.fullname" . }}-cluster-agent {{- end }} -{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled }} +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/stable/datadog/templates/agent-secret.yaml b/stable/datadog/templates/agent-secret.yaml index ceafe829c030..33e13d1bb39d 100644 --- a/stable/datadog/templates/agent-secret.yaml +++ b/stable/datadog/templates/agent-secret.yaml @@ -6,10 +6,6 @@ kind: Secret metadata: name: {{ template "datadog.fullname" . }}-cluster-agent labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/agent-services.yaml b/stable/datadog/templates/agent-services.yaml index c883423d5ee5..d8ebca258f70 100644 --- a/stable/datadog/templates/agent-services.yaml +++ b/stable/datadog/templates/agent-services.yaml @@ -4,10 +4,6 @@ kind: Service metadata: name: {{ template "datadog.fullname" . }}-cluster-agent labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/checksd-configmap.yaml b/stable/datadog/templates/checksd-configmap.yaml index 83f354bcc080..486b5f64918b 100644 --- a/stable/datadog/templates/checksd-configmap.yaml +++ b/stable/datadog/templates/checksd-configmap.yaml @@ -4,10 +4,6 @@ kind: ConfigMap metadata: name: {{ template "datadog.fullname" . }}-checksd labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/cluster-agent-confd-configmap.yaml b/stable/datadog/templates/cluster-agent-confd-configmap.yaml index 2113d8cea2a0..b39963055f9f 100644 --- a/stable/datadog/templates/cluster-agent-confd-configmap.yaml +++ b/stable/datadog/templates/cluster-agent-confd-configmap.yaml @@ -4,10 +4,6 @@ kind: ConfigMap metadata: name: {{ template "datadog.fullname" . }}-cluster-agent-confd labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/cluster-agent-deployment.yaml b/stable/datadog/templates/cluster-agent-deployment.yaml index 08fc0f02c75a..aa925b525633 100644 --- a/stable/datadog/templates/cluster-agent-deployment.yaml +++ b/stable/datadog/templates/cluster-agent-deployment.yaml @@ -4,10 +4,6 @@ kind: Deployment metadata: name: {{ template "datadog.fullname" . }}-cluster-agent labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -33,9 +29,9 @@ spec: app: {{ template "datadog.fullname" . }}-cluster-agent name: {{ template "datadog.fullname" . }}-cluster-agent annotations: - ad.datadoghq.com/{{ .Values.clusterAgent.containerName }}.check_names: '["prometheus"]' - ad.datadoghq.com/{{ .Values.clusterAgent.containerName }}.init_configs: '[{}]' - ad.datadoghq.com/{{ .Values.clusterAgent.containerName }}.instances: | + ad.datadoghq.com/cluster-agent.check_names: '["prometheus"]' + ad.datadoghq.com/cluster-agent.init_configs: '[{}]' + ad.datadoghq.com/cluster-agent.instances: | [{ "prometheus_url": "http://%%host%%:5000/metrics", "namespace": "datadog.cluster_agent", @@ -58,12 +54,15 @@ spec: imagePullSecrets: {{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }} {{- end }} + serviceAccountName: {{ if .Values.clusterAgent.rbac.create }}{{ template "datadog.fullname" . }}-cluster-agent{{ else }}"{{ .Values.clusterAgent.rbac.serviceAccountName }}"{{ end }} {{- if .Values.clusterAgent.useHostNetwork }} hostNetwork: {{ .Values.clusterAgent.useHostNetwork }} dnsPolicy: ClusterFirstWithHostNet {{- end }} + imagePullSecrets: +{{ toYaml .Values.clusterAgent.image.pullSecrets | indent 8 }} containers: - - name: {{ .Values.clusterAgent.containerName }} + - name: cluster-agent image: "{{ .Values.clusterAgent.image.repository }}:{{ .Values.clusterAgent.image.tag }}" imagePullPolicy: {{ .Values.clusterAgent.image.pullPolicy }} resources: @@ -78,25 +77,28 @@ spec: protocol: TCP {{- end }} env: + - name: DD_HEALTH_PORT + value: {{ .Values.clusterAgent.healthPort | quote }} - name: DD_API_KEY valueFrom: secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key + optional: true {{- if .Values.clusterAgent.metricsProvider.enabled }} - - name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED - value: {{ .Values.clusterAgent.metricsProvider.enabled | quote }} - name: DD_APP_KEY valueFrom: secretKeyRef: name: {{ template "datadog.appKeySecretName" . }} key: app-key + - name: DD_EXTERNAL_METRICS_PROVIDER_ENABLED + value: {{ .Values.clusterAgent.metricsProvider.enabled | quote }} - name: DD_EXTERNAL_METRICS_PROVIDER_PORT value: {{ .Values.clusterAgent.metricsProvider.service.port | quote }} {{- end }} - {{- if .Values.clusterAgent.clusterChecks.enabled }} + {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED - value: {{ .Values.clusterAgent.clusterChecks.enabled | quote }} + value: {{ .Values.datadog.clusterChecks.enabled | quote }} - name: DD_EXTRA_CONFIG_PROVIDERS value: "kube_services" - name: DD_EXTRA_LISTENERS @@ -122,11 +124,11 @@ spec: value: {{ .Values.datadog.logLevel | quote }} {{- end }} - name: DD_LEADER_ELECTION - value: {{ .Values.datadog.leaderElection | default "true" | quote}} + value: {{ default "true" .Values.datadog.leaderElection | quote}} {{- if .Values.datadog.leaderLeaseDuration }} - name: DD_LEADER_LEASE_DURATION value: {{ .Values.datadog.leaderLeaseDuration | quote }} - {{- else if .Values.clusterAgent.clusterChecks.enabled }} + {{- else if .Values.datadog.clusterChecks.enabled }} - name: DD_LEADER_LEASE_DURATION value: "15" {{- end }} @@ -146,35 +148,17 @@ spec: {{- if .Values.clusterAgent.env }} {{ toYaml .Values.clusterAgent.env | indent 10 }} {{- end }} -{{- if .Values.clusterAgent.livenessProbe }} livenessProbe: {{ toYaml .Values.clusterAgent.livenessProbe | indent 10 }} -{{- else if .Values.clusterAgent.metricsProvider.enabled }} - livenessProbe: - httpGet: - port: {{ .Values.clusterAgent.metricsProvider.service.port }} - path: /healthz - scheme: HTTPS -{{- end }} -{{- if .Values.clusterAgent.readinessProbe }} readinessProbe: {{ toYaml .Values.clusterAgent.readinessProbe | indent 10 }} -{{- else if .Values.clusterAgent.metricsProvider.enabled}} - readinessProbe: - httpGet: - port: {{ .Values.clusterAgent.metricsProvider.service.port }} - path: /healthz - scheme: HTTPS -{{- end }} volumeMounts: +{{ toYaml .Values.clusterAgent.volumeMounts | indent 10 }} {{- if .Values.clusterAgent.confd }} - name: confd mountPath: /conf.d readOnly: true {{- end }} -{{- if .Values.clusterAgent.volumeMounts }} -{{ toYaml .Values.clusterAgent.volumeMounts | indent 10 }} -{{- end }} {{- if .Values.clusterAgent.datadog_cluster_yaml }} - name: cluster-agent-yaml mountPath: /etc/datadog-agent/datadog-cluster.yaml @@ -204,9 +188,6 @@ spec: affinity: {{ toYaml .Values.clusterAgent.affinity | indent 8 }} {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "datadog.fullname" . }}-cluster-agent{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} - {{- if .Values.clusterAgent.nodeSelector }} nodeSelector: {{ toYaml .Values.clusterAgent.nodeSelector | indent 8 }} - {{- end }} {{ end }} diff --git a/stable/datadog/templates/confd-configmap.yaml b/stable/datadog/templates/confd-configmap.yaml index 3b4ab9fef38c..44d64966cb62 100644 --- a/stable/datadog/templates/confd-configmap.yaml +++ b/stable/datadog/templates/confd-configmap.yaml @@ -4,10 +4,6 @@ kind: ConfigMap metadata: name: {{ template "datadog.fullname" . }}-confd labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/container-agent.yaml b/stable/datadog/templates/container-agent.yaml index 6828781ccd31..041dd61326df 100644 --- a/stable/datadog/templates/container-agent.yaml +++ b/stable/datadog/templates/container-agent.yaml @@ -1,14 +1,14 @@ {{- define "container-agent" -}} - name: agent - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "start"] resources: -{{ toYaml .Values.daemonset.containers.agent.resources | indent 4 }} +{{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: - - containerPort: {{ default 8125 .Values.datadog.dogStatsDPort }} - {{- if .Values.daemonset.useHostPort }} - hostPort: {{ default 8125 .Values.datadog.dogStatsDPort }} + - containerPort: {{ .Values.datadog.dogstatsd.port }} + {{- if .Values.datadog.dogstatsd.useHostPort }} + hostPort: {{ .Values.datadog.dogstatsd.port }} {{- end }} name: dogstatsdport protocol: UDP @@ -23,21 +23,19 @@ {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL - value: {{ .Values.daemonset.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} - {{- end }} - {{- if .Values.datadog.dogStatsDPort }} + value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} + {{- end }} + {{- if .Values.datadog.dogstatsd.port }} - name: DD_DOGSTATD_PORT - value: {{ .Values.datadog.dogStatsDPort | quote }} + value: {{ .Values.datadog.dogstatsd.port | quote }} {{- end }} - {{- if .Values.datadog.nonLocalTraffic }} + {{- if .Values.datadog.dogstatsd.nonLocalTraffic }} - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} - - name: DD_APM_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} + value: {{ .Values.datadog.dogstatsd.nonLocalTraffic | quote }} {{- end }} - {{- if .Values.datadog.dogstatsdOriginDetection }} + {{- if .Values.datadog.dogstatsd.originDetection }} - name: DD_DOGSTATSD_ORIGIN_DETECTION - value: {{ .Values.datadog.dogstatsdOriginDetection | quote }} + value: {{ .Values.datadog.dogstatsd.originDetection | quote }} {{- end }} {{- if .Values.datadog.acInclude }} - name: DD_AC_INCLUDE @@ -93,37 +91,37 @@ {{- end }} {{- if .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH - value: {{ .Values.datadog.criSocketPath | quote }} + value: {{ print "/host/" .Values.datadog.criSocketPath | clean }} {{- end }} {{- if not .Values.datadog.livenessProbe }} - name: DD_HEALTH_PORT value: "5555" {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} + {{- if .Values.datadog.dogstatsd.useSocketVolume }} - name: DD_DOGSTATSD_SOCKET - value: {{ default "/var/run/datadog/dsd.socket" .Values.datadog.dogStatsDSocketPath | quote }} + value: {{ default "/var/run/datadog/dsd.socket" .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} - {{- if and .Values.clusterAgent.clusterChecks.enabled (not .Values.clusterchecksDeployment.enabled) }} + {{- if and .Values.datadog.clusterChecks.enabled (not .Values.clusterChecksRunner.enabled) }} - name: DD_EXTRA_CONFIG_PROVIDERS value: "clusterchecks" {{- end }} -{{- if .Values.daemonset.containers.agent.env }} -{{ toYaml .Values.daemonset.containers.agent.env | indent 4 }} +{{- if .Values.agents.containers.agent.env }} +{{ toYaml .Values.agents.containers.agent.env | indent 4 }} {{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent - {{- if .Values.daemonset.useConfigMap }} + {{- if .Values.agents.useConfigMap }} - name: {{ template "datadog.fullname" . }}-datadog-yaml mountPath: /etc/datadog-agent/datadog.yaml subPath: datadog.yaml {{- end }} - {{- if .Values.datadog.useCriSocketVolume }} - - name: runtimesocket - mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} + {{- if .Values.datadog.criSocketPath }} + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir .Values.datadog.criSocketPath) | clean }} readOnly: true {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} + {{- if .Values.datadog.dogstatsd.useSocketVolume }} - name: dsdsocket mountPath: "/var/run/datadog" {{- end }} @@ -139,27 +137,15 @@ - name: logpodpath mountPath: /var/log/pods readOnly: true - {{- if .Values.datadog.containerLogsPath }} - - name: logcontainerpath - mountPath: {{ .Values.datadog.containerLogsPath | quote }} + {{- if regexFind "^.*docker.*$" $.Values.datadog.criSocketPath }} + - name: logdockercontainerpath + mountPath: /var/lib/docker/containers readOnly: true {{- end }} {{- end }} -{{- if .Values.datadog.volumeMounts }} -{{ toYaml .Values.datadog.volumeMounts | indent 4 }} +{{- if .Values.agents.volumeMounts }} +{{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} -{{- if .Values.datadog.livenessProbe }} livenessProbe: -{{ toYaml .Values.datadog.livenessProbe | indent 4 }} -{{- else }} - livenessProbe: - httpGet: - path: /health - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 -{{- end }} +{{ toYaml .Values.agents.containers.agent.livenessProbe | indent 4 }} {{- end -}} diff --git a/stable/datadog/templates/container-agents.yaml b/stable/datadog/templates/container-agents.yaml deleted file mode 100644 index 5dd20f2013d0..000000000000 --- a/stable/datadog/templates/container-agents.yaml +++ /dev/null @@ -1,223 +0,0 @@ -{{- define "container-agents" -}} -- name: {{ default .Chart.Name .Values.datadog.name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: -{{ toYaml .Values.datadog.resources | indent 4 }} - ports: - - containerPort: {{ default 8125 .Values.datadog.dogStatsDPort }} - {{- if .Values.daemonset.useHostPort }} - hostPort: {{ default 8125 .Values.datadog.dogStatsDPort }} - {{- end }} - name: dogstatsdport - protocol: UDP - {{- if .Values.datadog.apmEnabled }} - - containerPort: 8126 - {{- if .Values.daemonset.useHostPort }} - hostPort: 8126 - {{- end }} - name: traceport - protocol: TCP - {{- end }} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key - {{- if .Values.datadog.clusterName }} - {{- if not (regexMatch "^([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]{0,38}[a-z0-9])?)$" .Values.datadog.clusterName) }} - {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen."}} - {{- end}} - - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} - {{- end }} - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.datadog.logLevel | quote }} - {{- end }} - {{- if .Values.datadog.dogStatsDPort }} - - name: DD_DOGSTATD_PORT - value: {{ .Values.datadog.dogStatsDPort | quote }} - {{- end }} - {{- if .Values.datadog.nonLocalTraffic }} - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} - - name: DD_APM_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsdOriginDetection }} - - name: DD_DOGSTATSD_ORIGIN_DETECTION - value: {{ .Values.datadog.dogstatsdOriginDetection | quote }} - {{- end }} - {{- if .Values.datadog.tags }} - - name: DD_TAGS - value: {{ .Values.datadog.tags | quote }} - {{- end }} - {{- if .Values.datadog.apmEnabled }} - - name: DD_APM_ENABLED - value: {{ .Values.datadog.apmEnabled | quote }} - {{- end }} - {{- if .Values.datadog.processAgentEnabled }} - - name: DD_PROCESS_AGENT_ENABLED - value: {{ .Values.datadog.processAgentEnabled | quote }} - {{- end }} - {{- if .Values.datadog.hostname }} - - name: DD_HOSTNAME - value: {{ .Values.datadog.hostname | quote }} - {{- end }} - {{- if .Values.datadog.acInclude }} - - name: DD_AC_INCLUDE - value: {{ .Values.datadog.acInclude | quote }} - {{- end }} - {{- if .Values.datadog.acExclude }} - - name: DD_AC_EXCLUDE - value: {{ .Values.datadog.acExclude | quote }} - {{- end }} - {{- if not .Values.clusterAgent.enabled }} - {{- if .Values.datadog.leaderElection }} - - name: DD_LEADER_ELECTION - value: {{ .Values.datadog.leaderElection | quote}} - {{- end }} - {{- if .Values.datadog.leaderLeaseDuration }} - - name: DD_LEADER_LEASE_DURATION - value: {{ .Values.datadog.leaderLeaseDuration | quote }} - {{- end }} - {{- if .Values.datadog.collectEvents }} - - name: DD_COLLECT_KUBERNETES_EVENTS - value: {{.Values.datadog.collectEvents | quote}} - {{- end }} - {{- else }} - - name: DD_CLUSTER_AGENT_ENABLED - value: {{ .Values.clusterAgent.enabled | quote }} - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: {{ template "datadog.fullname" . }}-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "clusterAgent.tokenSecretName" . }} - key: token - {{- end }} - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.nodeLabelsAsTags }} - - name: DD_KUBERNETES_NODE_LABELS_AS_TAGS - value: '{{ toJson .Values.datadog.nodeLabelsAsTags }}' - {{- end }} - {{- if .Values.datadog.podLabelsAsTags }} - - name: DD_KUBERNETES_POD_LABELS_AS_TAGS - value: '{{ toJson .Values.datadog.podLabelsAsTags }}' - {{- end }} - {{- if .Values.datadog.podAnnotationsAsTags }} - - name: DD_KUBERNETES_POD_ANNOTATIONS_AS_TAGS - value: '{{ toJson .Values.datadog.podAnnotationsAsTags }}' - {{- end }} - {{- if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion }} - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- end }} - {{- if .Values.datadog.logsEnabled }} - - name: DD_LOGS_ENABLED - value: {{.Values.datadog.logsEnabled | quote}} - {{- end }} - {{- if .Values.datadog.logsConfigContainerCollectAll }} - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: {{.Values.datadog.logsConfigContainerCollectAll | quote}} - {{- end }} - {{- if .Values.datadog.criSocketPath }} - - name: DD_CRI_SOCKET_PATH - value: {{ .Values.datadog.criSocketPath | quote }} - {{- end }} - {{- if not .Values.datadog.livenessProbe }} - - name: DD_HEALTH_PORT - value: "5555" - {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} - - name: DD_DOGSTATSD_SOCKET - value: {{ default "/var/run/datadog/dsd.socket" .Values.datadog.dogStatsDSocketPath | quote }} - {{- end }} - {{- if and .Values.clusterAgent.clusterChecks.enabled (not .Values.clusterchecksDeployment.enabled) }} - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - {{- end }} -{{- if .Values.datadog.env }} -{{ toYaml .Values.datadog.env | indent 4 }} -{{- end }} - volumeMounts: - {{- if .Values.datadog.useCriSocketVolume }} - - name: runtimesocket - mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} - readOnly: true - {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} - - name: dsdsocket - mountPath: "/var/run/datadog" - {{- end }} - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - - name: s6-run - mountPath: /var/run/s6 - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - mountPath: /conf.d - readOnly: true - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: /checks.d - readOnly: true - {{- end }} - {{- if .Values.datadog.logsEnabled }} - - name: pointerdir - mountPath: /opt/datadog-agent/run - - name: logpodpath - mountPath: /var/log/pods - readOnly: true - {{- if .Values.datadog.containerLogsPath }} - - name: logcontainerpath - mountPath: {{ .Values.datadog.containerLogsPath | quote }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.datadog.processAgentEnabled }} - - name: passwd - mountPath: /etc/passwd - readOnly: true - {{- end }} - {{- if .Values.daemonset.useConfigMap }} - - name: {{ template "datadog.fullname" . }}-datadog-yaml - mountPath: /etc/datadog-agent/datadog.yaml - subPath: datadog.yaml - {{- end }} -{{- if .Values.datadog.volumeMounts }} -{{ toYaml .Values.datadog.volumeMounts | indent 4 }} -{{- end }} -{{- if .Values.datadog.livenessProbe }} - livenessProbe: -{{ toYaml .Values.datadog.livenessProbe | indent 4 }} -{{- else }} - livenessProbe: - httpGet: - path: /health - port: 5555 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 -{{- end }} -{{- end -}} diff --git a/stable/datadog/templates/container-process-agent.yaml b/stable/datadog/templates/container-process-agent.yaml index b96bdc1a08e7..d4856b0ce168 100644 --- a/stable/datadog/templates/container-process-agent.yaml +++ b/stable/datadog/templates/container-process-agent.yaml @@ -1,27 +1,27 @@ {{- define "container-process-agent" -}} - name: process-agent - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["process-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: -{{ toYaml .Values.daemonset.containers.processAgent.resources | indent 4 }} +{{ toYaml .Values.agents.containers.processAgent.resources | indent 4 }} env: {{- include "containers-common-env" . | nindent 4 }} - {{- if not (kindIs "invalid" .Values.datadog.processAgentEnabled) }} + {{- if not (kindIs "invalid" .Values.datadog.processAgent.enabled) }} - name: DD_PROCESS_AGENT_ENABLED - value: {{ .Values.datadog.processAgentEnabled | quote }} + value: {{ .Values.datadog.processAgent.enabled | quote }} {{- end }} - name: DD_LOG_LEVEL - value: {{ .Values.daemonset.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} - {{- if .Values.systemProbe.enabled }} + value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} + {{- if .Values.datadog.systemProbe.enabled }} - name: DD_SYSTEM_PROBE_ENABLED - value: {{ .Values.systemProbe.enabled | quote }} + value: {{ .Values.datadog.systemProbe.enabled | quote }} {{- end }} -{{- if .Values.daemonset.containers.processAgent.env }} -{{ toYaml .Values.daemonset.containers.processAgent.env | indent 4 }} +{{- if .Values.agents.containers.processAgent.env }} +{{ toYaml .Values.agents.containers.processAgent.env | indent 4 }} {{- end }} volumeMounts: - {{- if .Values.daemonset.useConfigMap }} + {{- if .Values.agents.useConfigMap }} - name: {{ template "datadog.fullname" . }}-datadog-yaml mountPath: /etc/datadog-agent/datadog.yaml subPath: datadog.yaml @@ -36,12 +36,12 @@ - name: procdir mountPath: /host/proc readOnly: true - {{- if .Values.datadog.useCriSocketVolume }} - - name: runtimesocket - mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} + {{- if .Values.datadog.criSocketPath }} + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir .Values.datadog.criSocketPath) | clean }} readOnly: true {{- end }} - {{- if .Values.systemProbe.enabled }} + {{- if .Values.datadog.systemProbe.enabled }} - name: sysprobe-socket-dir mountPath: /opt/datadog-agent/run readOnly: true diff --git a/stable/datadog/templates/container-system-probe.yaml b/stable/datadog/templates/container-system-probe.yaml index aa7bab8bbf58..8928eaddd63b 100644 --- a/stable/datadog/templates/container-system-probe.yaml +++ b/stable/datadog/templates/container-system-probe.yaml @@ -1,19 +1,19 @@ {{- define "container-system-probe" -}} - name: system-probe - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} securityContext: capabilities: add: ["SYS_ADMIN", "SYS_RESOURCE", "SYS_PTRACE", "NET_ADMIN", "IPC_LOCK"] command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] env: - name: DD_LOG_LEVEL - value: {{ .Values.daemonset.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} -{{- if .Values.daemonset.containers.systemProbe.env }} -{{ toYaml .Values.daemonset.containers.systemProbe.env | indent 4 }} + value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} +{{- if .Values.agents.containers.systemProbe.env }} +{{ toYaml .Values.agents.containers.systemProbe.env | indent 4 }} {{- end }} resources: -{{ toYaml .Values.daemonset.containers.systemProbe.resources | indent 4 }} +{{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} volumeMounts: - name: debugfs mountPath: /sys/kernel/debug diff --git a/stable/datadog/templates/container-trace-agent.yaml b/stable/datadog/templates/container-trace-agent.yaml index 07196b923744..edc9f57b8c24 100644 --- a/stable/datadog/templates/container-trace-agent.yaml +++ b/stable/datadog/templates/container-trace-agent.yaml @@ -1,44 +1,34 @@ {{- define "container-trace-agent" -}} - name: trace-agent - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["trace-agent", "--config=/etc/datadog-agent/datadog.yaml"] resources: -{{ toYaml .Values.daemonset.containers.traceAgent.resources | indent 4 }} +{{ toYaml .Values.agents.containers.traceAgent.resources | indent 4 }} ports: - - containerPort: 8126 - {{- if .Values.daemonset.useHostPort }} - hostPort: 8126 - {{- end }} + - containerPort: {{ .Values.datadog.apm.port }} + hostPort: {{ .Values.datadog.apm.port }} name: traceport protocol: TCP env: {{- include "containers-common-env" . | nindent 4 }} - - name: DD_APM_ENABLED - value: {{ .Values.datadog.apmEnabled | quote }} - name: DD_LOG_LEVEL - value: {{ .Values.daemonset.containers.traceAgent.logLevel | default .Values.datadog.logLevel | quote }} - {{- if .Values.datadog.nonLocalTraffic }} - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} + value: {{ .Values.agents.containers.traceAgent.logLevel | default .Values.datadog.logLevel | quote }} - name: DD_APM_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} - {{- end }} -{{- if .Values.daemonset.containers.traceAgent.env }} -{{ toYaml .Values.daemonset.containers.traceAgent.env | indent 4 }} + value: "true" + - name: DD_APM_RECEIVER_PORT + value: {{ .Values.datadog.apm.port | quote }} +{{- if .Values.agents.containers.traceAgent.env }} +{{ toYaml .Values.agents.containers.traceAgent.env | indent 4 }} {{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent - {{- if .Values.daemonset.useConfigMap }} + {{- if .Values.agents.useConfigMap }} - name: {{ template "datadog.fullname" . }}-datadog-yaml mountPath: /etc/datadog-agent/datadog.yaml subPath: datadog.yaml {{- end }} livenessProbe: - tcpSocket: - port: 8126 - initialDelaySeconds: 15 - periodSeconds: 15 - timeoutSeconds: 5 +{{ toYaml .Values.agents.containers.traceAgent.livenessProbe | indent 4 }} {{- end -}} diff --git a/stable/datadog/templates/containers-init.yaml b/stable/datadog/templates/containers-init.yaml index 676dce59bed0..219ce0ce18df 100644 --- a/stable/datadog/templates/containers-init.yaml +++ b/stable/datadog/templates/containers-init.yaml @@ -1,14 +1,16 @@ {{- define "containers-init" -}} - name: init-volume - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt volumeMounts: - name: config mountPath: /opt/datadog-agent + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ .Values.agents.image.repository }}:{{ .Values.agents.image.tag }}" command: ["bash", "-c"] args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done @@ -28,9 +30,9 @@ - name: procdir mountPath: /host/proc readOnly: true - {{- if .Values.datadog.useCriSocketVolume }} - - name: runtimesocket - mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} + {{- if .Values.datadog.criSocketPath }} + - name: runtimesocketdir + mountPath: {{ print "/host/" (dir .Values.datadog.criSocketPath) | clean }} readOnly: true {{- end }} env: @@ -38,4 +40,6 @@ {{- if .Values.datadog.env }} {{ toYaml .Values.datadog.env | nindent 4 }} {{- end }} + resources: +{{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} {{- end -}} diff --git a/stable/datadog/templates/daemonset.yaml b/stable/datadog/templates/daemonset.yaml index 11c669308a6e..dd300fafd858 100644 --- a/stable/datadog/templates/daemonset.yaml +++ b/stable/datadog/templates/daemonset.yaml @@ -1,20 +1,10 @@ -{{- if .Values.daemonset.enabled }} +{{- if .Values.agents.enabled }} {{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} -{{- if .Capabilities.APIVersions.Has "apps/v1" }} apiVersion: apps/v1 -{{- else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} -apiVersion: extensions/v1beta1 -{{- else }} -apiVersion: apps/v1 -{{- end }} kind: DaemonSet metadata: name: {{ template "datadog.fullname" . }} labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -24,85 +14,75 @@ spec: selector: matchLabels: app: {{ template "datadog.fullname" . }} - {{- if .Values.daemonset.podLabels }} -{{ toYaml .Values.daemonset.podLabels | indent 6 }} + {{- if .Values.agents.podLabels }} +{{ toYaml .Values.agents.podLabels | indent 6 }} {{- end }} template: metadata: labels: app: {{ template "datadog.fullname" . }} - {{- if .Values.daemonset.podLabels }} -{{ toYaml .Values.daemonset.podLabels | indent 8 }} + {{- if .Values.agents.podLabels }} +{{ toYaml .Values.agents.podLabels | indent 8 }} {{- end }} name: {{ template "datadog.fullname" . }} annotations: checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} - {{- if .Values.daemonset.customAgentConfig }} - checksum/agent-config: {{ tpl (toYaml .Values.daemonset.customAgentConfig) . | sha256sum }} - {{- end }} - {{- if and .Values.systemProbe.enabled .Values.daemonset.useDedicatedContainers }} - container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.systemProbe.apparmor }} - {{- if .Values.systemProbe.seccomp }} - container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.systemProbe.seccomp }} + {{- if .Values.agents.customAgentConfig }} + checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} + {{- if .Values.datadog.systemProbe.enabled }} + container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} + container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} - {{- if .Values.daemonset.podAnnotations }} -{{ toYaml .Values.daemonset.podAnnotations | indent 8 }} + {{- if .Values.agents.podAnnotations }} +{{ toYaml .Values.agents.podAnnotations | indent 8 }} {{- end }} spec: {{- if .Values.datadog.securityContext }} securityContext: {{ toYaml .Values.datadog.securityContext | indent 8 }} {{- end }} - {{- if .Values.daemonset.useHostNetwork }} - hostNetwork: {{ .Values.daemonset.useHostNetwork }} + {{- if .Values.agents.useHostNetwork }} + hostNetwork: {{ .Values.agents.useHostNetwork }} dnsPolicy: ClusterFirstWithHostNet {{- end }} - {{- if .Values.daemonset.useHostPID }} - hostPID: {{ .Values.daemonset.useHostPID }} + {{- if .Values.datadog.dogstatsd.useHostPID }} + hostPID: {{ .Values.datadog.dogstatsd.useHostPID }} {{- end }} - {{- if .Values.image.pullSecrets }} + {{- if .Values.agents.image.pullSecrets }} imagePullSecrets: -{{ toYaml .Values.image.pullSecrets | indent 8 }} +{{ toYaml .Values.agents.image.pullSecrets | indent 8 }} {{- end }} - {{- if .Values.daemonset.priorityClassName }} - priorityClassName: {{ .Values.daemonset.priorityClassName }} + {{- if .Values.agents.priorityClassName }} + priorityClassName: {{ .Values.agents.priorityClassName }} {{- end }} containers: - {{- if .Values.daemonset.useDedicatedContainers }} {{- include "container-agent" . | nindent 8 }} - {{- if .Values.datadog.apmEnabled }} + {{- if .Values.datadog.apm.enabled }} {{- include "container-trace-agent" . | nindent 8 }} {{- end }} - {{- if or (kindIs "invalid" .Values.datadog.processAgentEnabled) .Values.datadog.processAgentEnabled }} + {{- if or (kindIs "invalid" .Values.datadog.processAgent.enabled) .Values.datadog.processAgent.enabled }} {{- include "container-process-agent" . | nindent 8 }} {{- end }} - {{- if .Values.systemProbe.enabled }} + {{- if .Values.datadog.systemProbe.enabled }} {{- include "container-system-probe" . | nindent 8 }} {{- end }} - {{- else }} - {{- include "container-agents" . | nindent 8 }} - {{- end}} - {{- if .Values.daemonset.useDedicatedContainers }} initContainers: {{ include "containers-init" . | nindent 8 }} - {{- if and .Values.systemProbe.enabled (eq .Values.systemProbe.seccomp "localhost/system-probe") }} + {{- if and .Values.datadog.systemProbe.enabled (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 8 }} {{- end }} - {{- end }} volumes: - {{- if .Values.daemonset.useDedicatedContainers }} - name: config emptyDir: {} - {{- end }} - {{- if .Values.datadog.useCriSocketVolume }} + {{- if .Values.datadog.criSocketPath }} - hostPath: - path: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} - name: runtimesocket + path: {{ dir .Values.datadog.criSocketPath }} + name: runtimesocketdir {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} + {{- if .Values.datadog.dogstatsd.useSocketVolume }} - hostPath: path: "/var/run/datadog/" name: dsdsocket @@ -127,23 +107,23 @@ spec: {{- end }} {{- if .Values.datadog.logsEnabled }} - hostPath: - path: {{ default "/var/lib/datadog-agent/logs" .Values.datadog.logsPointerHostPath | quote }} + path: "/var/lib/datadog-agent/logs" name: pointerdir - hostPath: path: /var/log/pods name: logpodpath - {{- if .Values.datadog.containerLogsPath }} + {{- if regexFind "^.*docker.*$" $.Values.datadog.criSocketPath }} - hostPath: - path: {{ .Values.datadog.containerLogsPath | quote }} - name: logcontainerpath + path: /var/lib/docker/containers + name: logdockercontainerpath {{- end }} {{- end }} - {{- if or (kindIs "invalid" .Values.datadog.processAgentEnabled) .Values.datadog.processAgentEnabled .Values.systemProbe.enabled }} + {{- if or .Values.datadog.processAgent.enabled .Values.datadog.systemProbe.enabled }} - hostPath: path: /etc/passwd name: passwd {{- end }} - {{- if and .Values.systemProbe.enabled .Values.daemonset.useDedicatedContainers }} + {{- if .Values.datadog.systemProbe.enabled }} - name: sysprobe-config configMap: name: {{ template "datadog.fullname" . }}-system-probe-config @@ -152,7 +132,7 @@ spec: configMap: name: {{ template "datadog.fullname" . }}-security - hostPath: - path: {{ .Values.systemProbe.seccompRoot }} + path: {{ .Values.datadog.systemProbe.seccompRoot }} name: seccomp-root {{- end }} - hostPath: @@ -161,34 +141,28 @@ spec: - name: sysprobe-socket-dir emptyDir: {} {{- end }} - {{- if .Values.daemonset.useConfigMap }} + {{- if .Values.agents.useConfigMap }} - name: {{ template "datadog.fullname" . }}-datadog-yaml configMap: name: {{ template "datadog.fullname" . }}-datadog-yaml {{- end }} -{{- if .Values.datadog.volumes }} -{{ toYaml .Values.datadog.volumes | indent 8 }} +{{- if .Values.agents.volumes }} +{{ toYaml .Values.agents.volumes | indent 8 }} {{- end }} - {{- if .Values.daemonset.tolerations }} + {{- if .Values.agents.tolerations }} tolerations: -{{ toYaml .Values.daemonset.tolerations | indent 8 }} +{{ toYaml .Values.agents.tolerations | indent 8 }} {{- end }} - {{- if .Values.daemonset.affinity }} + {{- if .Values.agents.affinity }} affinity: -{{ toYaml .Values.daemonset.affinity | indent 8 }} +{{ toYaml .Values.agents.affinity | indent 8 }} {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} - {{- if .Values.daemonset.nodeSelector }} + serviceAccountName: {{ if .Values.agents.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.agents.rbac.serviceAccountName }}"{{ end }} + {{- if .Values.agents.nodeSelector }} nodeSelector: -{{ toYaml .Values.daemonset.nodeSelector | indent 8 }} +{{ toYaml .Values.agents.nodeSelector | indent 8 }} {{- end }} updateStrategy: -{{- if .Values.daemonset.updateStrategy }} -{{ toYaml .Values.daemonset.updateStrategy | indent 4 }} -{{- else }} - type: RollingUpdate - rollingUpdate: - maxUnavailable: "10%" -{{- end }} +{{ toYaml .Values.agents.updateStrategy | indent 4 }} {{ end }} {{ end }} diff --git a/stable/datadog/templates/datadog-yaml-configmap.yaml b/stable/datadog/templates/datadog-yaml-configmap.yaml index b960e1815cdb..f7d0379c803d 100644 --- a/stable/datadog/templates/datadog-yaml-configmap.yaml +++ b/stable/datadog/templates/datadog-yaml-configmap.yaml @@ -1,26 +1,22 @@ -{{- if .Values.daemonset.useConfigMap }} +{{- if .Values.agents.useConfigMap }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "datadog.fullname" . }}-datadog-yaml labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} app.kubernetes.io/managed-by: {{ .Release.Service | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} annotations: - {{- if .Values.daemonset.customAgentConfig }} - checksum/agent-config: {{ tpl (toYaml .Values.daemonset.customAgentConfig) . | sha256sum }} + {{- if .Values.agents.customAgentConfig }} + checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} data: datadog.yaml: | - {{- if .Values.daemonset.customAgentConfig }} -{{ tpl (toYaml .Values.daemonset.customAgentConfig) . | indent 4 }} + {{- if .Values.agents.customAgentConfig }} +{{ tpl (toYaml .Values.agents.customAgentConfig) . | indent 4 }} {{- else }} ## Provides autodetected defaults, for kubernetes environments, ## please see datadog.yaml.example for all supported options @@ -34,8 +30,10 @@ data: # Enable APM by setting the DD_APM_ENABLED envvar to true, or override this configuration apm_config: - enabled: false + enabled: true apm_non_local_traffic: true + max_memory: 0 + max_cpu_percent: 0 {{- $version := (.Values.image.tag | toString | trimSuffix "-jmx") }} {{- $length := len (split "." $version ) -}} diff --git a/stable/datadog/templates/deployment.yaml b/stable/datadog/templates/deployment.yaml deleted file mode 100644 index e9cb24ea2621..000000000000 --- a/stable/datadog/templates/deployment.yaml +++ /dev/null @@ -1,200 +0,0 @@ -{{- if .Values.deployment.enabled }} -{{- if (or (.Values.datadog.apiKeyExistingSecret) (.Values.datadog.apiKey)) }} -{{- if .Capabilities.APIVersions.Has "apps/v1" }} -apiVersion: apps/v1 -{{- else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} -apiVersion: extensions/v1beta1 -{{- else }} -apiVersion: apps/v1 -{{- end }} -kind: Deployment -metadata: - name: {{ template "datadog.fullname" . }} - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -spec: - selector: - matchLabels: - app: {{ template "datadog.fullname" . }} - type: deployment - replicas: {{ .Values.deployment.replicas }} - template: - metadata: - labels: - app: {{ template "datadog.fullname" . }} - type: deployment - name: {{ template "datadog.fullname" . }} - annotations: - checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} - checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} - checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} - spec: - {{- if .Values.datadog.securityContext }} - securityContext: -{{ toYaml .Values.datadog.securityContext | indent 8 }} - {{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: -{{ toYaml .Values.image.pullSecrets | indent 8 }} - {{- end }} - {{- if .Values.deployment.priorityClassName }} - priorityClassName: {{ .Values.deployment.priorityClassName }} - {{- end }} - containers: - - name: {{ default .Chart.Name .Values.datadog.name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: -{{ toYaml .Values.datadog.resources | indent 10 }} - ports: - - containerPort: {{ default 8125 .Values.datadog.dogStatsDPort }} - name: dogstatsdport - protocol: UDP - {{- if .Values.datadog.apmEnabled }} - - containerPort: 8126 - name: traceport - protocol: TCP - {{- end }} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "datadog.apiSecretName" . }} - key: api-key - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} - {{- if .Values.datadog.logLevel }} - - name: DD_LOG_LEVEL - value: {{ .Values.datadog.logLevel | quote }} - {{- end }} - {{- if .Values.datadog.nonLocalTraffic }} - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} - - name: DD_APM_NON_LOCAL_TRAFFIC - value: {{ .Values.datadog.nonLocalTraffic | quote }} - {{- end }} - {{- if .Values.datadog.dogstatsdOriginDetection }} - - name: DD_DOGSTATSD_ORIGIN_DETECTION - value: {{ .Values.datadog.dogstatsdOriginDetection | quote }} - {{- end }} - {{- if .Values.datadog.tags }} - - name: DD_TAGS - value: {{ .Values.datadog.tags | quote }} - {{- end }} - {{- if .Values.datadog.apmEnabled }} - - name: DD_APM_ENABLED - value: {{ .Values.datadog.apmEnabled | quote }} - {{- end }} - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.collectEvents }} - - name: KUBERNETES_COLLECT_EVENTS - value: "yes" - {{- end }} - {{- if .Values.datadog.criSocketPath }} - - name: DD_CRI_SOCKET_PATH - value: {{ .Values.datadog.criSocketPath | quote }} - {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} - - name: DD_DOGSTATSD_SOCKET - value: {{ default "/var/run/datadog/dsd.socket" .Values.datadog.dogStatsDSocketPath | quote }} - {{- end }} -{{- if .Values.datadog.env }} -{{ toYaml .Values.datadog.env | indent 10 }} -{{- end }} - volumeMounts: - {{- if .Values.datadog.useCriSocketVolume }} - - name: runtimesocket - mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} - readOnly: true - {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} - - name: dsdsocket - mountPath: "/var/run/datadog" - {{- end }} - - name: procdir - mountPath: /host/proc - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - readOnly: true - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - mountPath: /conf.d - readOnly: true - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - mountPath: /checks.d - readOnly: true - {{- end }} -{{- if .Values.datadog.volumeMounts }} -{{ toYaml .Values.datadog.volumeMounts | indent 10 }} -{{- end }} -{{- if .Values.datadog.livenessProbe }} - livenessProbe: -{{ toYaml .Values.datadog.livenessProbe | indent 10 }} -{{- else }} - livenessProbe: - exec: - command: - - ./probe.sh - initialDelaySeconds: 15 - periodSeconds: 5 - failureThreshold: 6 -{{- end }} - volumes: - {{- if .Values.datadog.useCriSocketVolume }} - - hostPath: - path: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} - name: runtimesocket - {{- end }} - {{- if .Values.datadog.useDogStatsDSocketVolume }} - - hostPath: - path: "/var/run/datadog/" - name: dsdsocket - {{- end }} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - {{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} - - name: confd - configMap: - name: {{ template "datadog.fullname" . }}-confd - {{- end }} - {{- if .Values.datadog.checksd }} - - name: checksd - configMap: - name: {{ template "datadog.fullname" . }}-checksd - {{- end }} -{{- if .Values.datadog.volumes }} -{{ toYaml .Values.datadog.volumes | indent 8 }} -{{- end }} - {{- if .Values.deployment.tolerations }} - tolerations: -{{ toYaml .Values.deployment.tolerations | indent 8 }} - {{- end }} - {{- if .Values.deployment.affinity }} - affinity: -{{ toYaml .Values.deployment.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ if .Values.rbac.create }}{{ template "datadog.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} -{{ end }} -{{ end }} diff --git a/stable/datadog/templates/hpa-rbac.yaml b/stable/datadog/templates/hpa-rbac.yaml index cf2d660e222f..62b78aa77a80 100644 --- a/stable/datadog/templates/hpa-rbac.yaml +++ b/stable/datadog/templates/hpa-rbac.yaml @@ -1,12 +1,8 @@ -{{- if and .Values.rbac.create .Values.clusterAgent.enabled .Values.clusterAgent.metricsProvider.enabled -}} +{{- if and .Values.clusterAgent.enabled .Values.clusterAgent.rbac.create .Values.clusterAgent.metricsProvider.enabled -}} apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRole metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -27,10 +23,6 @@ apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -50,10 +42,6 @@ apiVersion: {{ template "rbac.apiVersion" . }} kind: RoleBinding metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/rbac.yaml b/stable/datadog/templates/rbac.yaml index d927e6b12d60..a1b45518d09e 100644 --- a/stable/datadog/templates/rbac.yaml +++ b/stable/datadog/templates/rbac.yaml @@ -1,12 +1,8 @@ -{{- if .Values.rbac.create -}} +{{- if .Values.agents.rbac.create -}} apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRole metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -88,15 +84,11 @@ rules: verbs: - get --- -{{- if not .Values.clusterchecksDeployment.rbac.dedicated }} +{{- if not .Values.clusterChecksRunner.rbac.dedicated }} apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -117,10 +109,6 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/secrets.yaml b/stable/datadog/templates/secrets.yaml index c4ffd86a86e2..c386893bb06e 100644 --- a/stable/datadog/templates/secrets.yaml +++ b/stable/datadog/templates/secrets.yaml @@ -6,10 +6,6 @@ kind: Secret metadata: name: {{ template "datadog.fullname" . }} labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -30,10 +26,6 @@ kind: Secret metadata: name: {{ template "datadog.appKeySecretName" . }} labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/templates/service.yaml b/stable/datadog/templates/service.yaml deleted file mode 100644 index 216c2e758306..000000000000 --- a/stable/datadog/templates/service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ if .Values.deployment.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "datadog.fullname" . }} - labels: - app: "{{ template "datadog.fullname" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - {{- if .Values.deployment.service.annotations }} - annotations: -{{ toYaml .Values.deployment.service.annotations | indent 4 }} - {{- end }} -spec: - type: {{ .Values.deployment.service.type }} - selector: - app: {{ template "datadog.fullname" . }} - type: deployment - ports: - - port: {{ default 8125 .Values.datadog.dogStatsDPort }} - name: dogstatsdport - protocol: UDP - {{- if .Values.deployment.dogstatsdNodePort }} - nodePort: {{ .Values.deployment.dogstatsdNodePort }} - {{- end }} - {{- if .Values.datadog.apmEnabled }} - - port: 8126 - name: traceport - protocol: TCP - {{- if .Values.deployment.traceNodePort }} - nodePort: {{ .Values.deployment.traceNodePort }} - {{- end }} - {{- end }} -{{ end }} diff --git a/stable/datadog/templates/system-probe-configmap.yaml b/stable/datadog/templates/system-probe-configmap.yaml index 7242d7cac787..e92eb321c2eb 100644 --- a/stable/datadog/templates/system-probe-configmap.yaml +++ b/stable/datadog/templates/system-probe-configmap.yaml @@ -1,15 +1,10 @@ -{{- if and .Values.systemProbe.enabled .Values.daemonset.useDedicatedContainers }} +{{- if .Values.datadog.systemProbe.enabled }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "datadog.fullname" . }}-system-probe-config namespace: {{ $.Release.Namespace }} labels: - app: {{ $.Chart.Name }} - service: {{ $.Chart.Name }} - chart_version: {{ $.Chart.Version }} - chart_name: {{ $.Chart.Name }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} @@ -18,12 +13,13 @@ metadata: data: system-probe.yaml: | system_probe_config: - enabled: {{ $.Values.systemProbe.enabled }} - debug_port: {{ $.Values.systemProbe.debugPort }} + enabled: {{ $.Values.datadog.systemProbe.enabled }} + debug_port: {{ $.Values.datadog.systemProbe.debugPort }} sysprobe_socket: /opt/datadog-agent/run/sysprobe.sock - enable_conntrack : {{ $.Values.systemProbe.enableConntrack }} - bpf_debug: {{ $.Values.systemProbe.bpfDebug }} -{{- if eq .Values.systemProbe.seccomp "localhost/system-probe" }} + enable_conntrack : {{ $.Values.datadog.systemProbe.enableConntrack }} + bpf_debug: {{ $.Values.datadog.systemProbe.bpfDebug }} + +{{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- apiVersion: v1 kind: ConfigMap @@ -31,11 +27,6 @@ metadata: name: {{ template "datadog.fullname" . }}-security namespace: {{ $.Release.Namespace }} labels: - app: {{ $.Chart.Name }} - service: {{ $.Chart.Name }} - chart_version: {{ $.Chart.Version }} - chart_name: {{ $.Chart.Name }} - heritage: {{ .Release.Service | quote }} helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" app.kubernetes.io/name: "{{ template "datadog.fullname" . }}" app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/stable/datadog/values.yaml b/stable/datadog/values.yaml index ef0af021f089..6350c69183e6 100644 --- a/stable/datadog/values.yaml +++ b/stable/datadog/values.yaml @@ -2,38 +2,15 @@ ## See Datadog helm documentation to learn more: ## https://docs.datadoghq.com/agent/kubernetes/helm/ -## @param image - object - required -## Define the Datadog image to work with. +## @param nameOverride - string - optional +## Override name of app. # -image: +# nameOverride: "" - ## @param repository - string - required - ## Define the repository to use: - ## use "datadog/agent" for Datadog Agent 7 - ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 - # - repository: datadog/agent - - ## @param tag - string - required - ## Define the Agent version to use. - ## Use 7-jmx to enable jmx fetch collection - # - tag: "7" - - ## @param pullPolicy - string - required - ## The Kubernetes pull policy. - # - pullPolicy: IfNotPresent - - ## @param pullSecrets - list of key:value strings - optional - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # - # pullSecrets: - # - name: "" - -nameOverride: "" -fullnameOverride: "" +## @param fullnameOverride - string - optional +## Override the full qualified app name. +# +# fullnameOverride: "" datadog: @@ -80,12 +57,6 @@ datadog: # # clusterName: - ## @param name - string - required - ## Daemonset/Deployment container name - ## See clusterAgent.containerName if clusterAgent.enabled = true - # - name: datadog - ## @param site - string - optional - default: 'datadoghq.com' ## The site of the Datadog intake to send Agent data to. ## Set to 'datadoghq.eu' to send data to the EU site. @@ -105,6 +76,20 @@ datadog: # logLevel: INFO + ## @param kubeStateMetricsEnabled - boolean - required + ## If true, deploys the kube-state-metrics deployment. + ## ref: https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics + # + kubeStateMetricsEnabled: true + + ## @param clusterChecks - object - required + ## Enable the Cluster Checks feature on both the cluster-agents and the daemonset + ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ + ## Autodiscovery via Kube Service annotations is automatically enabled + # + clusterChecks: + enabled: false + ## @param nodeLabelsAsTags - list of key:value strings - optional ## Provide a mapping of Kubernetes Node Labels to Datadog Tags. # @@ -137,35 +122,56 @@ datadog: # - : # - : - ## @param useCriSocketVolume - boolean - required - ## Enable container runtime socket volume mounting + ## @param dogstatsd - object - required + ## dogstatsd configuration + ## ref: https://docs.datadoghq.com/agent/kubernetes/dogstatsd/ + ## To emit custom metrics from your Kubernetes application, use DogStatsD. # - useCriSocketVolume: true + dogstatsd: + ## @param port - integer - optional - default: 8125 + ## Override the Agent DogStatsD port. + ## Note: Make sure your client is sending to the same UDP port. + # + port: 8125 - ## @param dogstatsdOriginDetection - boolean - optional - ## Enable origin detection for container tagging - ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging - # - # dogstatsdOriginDetection: true + ## @param originDetection - boolean - optional + ## Enable origin detection for container tagging + ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + # + # originDetection: true - ## @param useDogStatsDSocketVolume - boolean - optional - ## Enable dogstatsd over Unix Domain Socket - ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # - # useDogStatsDSocketVolume: true + ## @param useSocketVolume - boolean - optional + ## Enable dogstatsd over Unix Domain Socket + ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ + # + # useSocketVolume: true - # # dogStatsDPort - integer - optional - default: 8125 - # # Override the Agent DogStatsD port. - # # Note: Make sure your client is sending to the same UDP port. - # - # dogStatsDPort: + ## @param socketPath - string - optional + ## Path to the DogStatsD socket + # + # socketPath: /var/run/datadog/dsd.socket + + ## @param useHostPort - boolean - optional + ## Sets the hostPort to the same value of the container port. Needs to be used + ## for sending custom metrics. + ## The ports need to be available on all hosts. + ## + ## WARNING: Make sure that hosts using this are properly firewalled otherwise + ## metrics and traces are accepted from any host able to connect to this host. + # + # useHostPort: true - ## @param nonLocalTraffic - boolean - optional - default: false - ## Enable this to make each node accept non-local statsd traffic. - ## This option must be set to "true" in order to use APM. - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - # - # nonLocalTraffic: false + ## @param useHostPID - boolean - optional + ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin + ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ + # + # useHostPID: true + + ## @param nonLocalTraffic - boolean - optional - default: false + ## Enable this to make each node accept non-local statsd traffic. + ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables + # + # nonLocalTraffic: false ## @param collectEvents - boolean - optional - default: false ## Enables this to start event collection from the kubernetes API @@ -195,26 +201,21 @@ datadog: # # logsConfigContainerCollectAll: false - ## @param containerLogsPath - string - optional - default: /var/lib/docker/containers - ## This to allow log collection from container log path. Set to a different path if not - ## using docker runtime. - ## ref: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest + ## @param apm - object - required + ## Enable apm agent and provide custom configs # - containerLogsPath: /var/lib/docker/containers - - - ## @param apmEnabled - boolean - optional - default: false - ## Enable this to enable APM and tracing, on port 8126 - ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host - # - # apmEnabled: false + apm: + ## @param enabled - boolean - optional - default: false + ## Enable this to enable APM and tracing, on port 8126 + ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host + # + enabled: false - ## @param processAgentEnabled - boolean - optional - default: false - ## Enable this to activate live process monitoring. - ## Note: /etc/passwd is automatically mounted to allow username resolution. - ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset - # - # processAgentEnabled: false + ## @param port - integer - optional - default: 8126 + ## Override the trace Agent DogStatsD port. + ## Note: Make sure your client is sending to the same UDP port. + # + port: 8126 ## @param env - list of object - optional ## The dd-agent supports many environment variables @@ -224,22 +225,6 @@ datadog: # - name: # value: - ## @param volumes - list of objects - optional - ## Specify additional volumes to mount in the dd-agent container - # - # volumes: - # - hostPath: - # path: - # name: - - ## @param volumeMounts - list of objects - optional - ## Specify additional volumes to mount in the dd-agent container - # - # volumeMounts: - # - name: - # mountPath: - # readOnly: true - ## @param confd - list of objects - optional ## Provide additional check configurations (static and Autodiscovery) ## Each key becomes a file in /conf.d @@ -267,79 +252,64 @@ datadog: # checksd: # service.py: |- - ## @param criSocketPath - string - optional + ## @param criSocketPath - string - required ## Path to the container runtime socket (if different from Docker) ## This is supported starting from agent 6.6.0 # - # criSocketPath: /var/run/containerd/containerd.sock + criSocketPath: /var/run/docker.sock - ## @param dogStatsDSocketPath - string - optional - ## Path to the DogStatsD socket - # - # dogStatsDSocketPath: /var/run/datadog/dsd.socket - ## @param livenessProbe - object - optional - ## Override the agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: + ## @param processAgent - object - required + ## Enable process agent and provide custom configs # - # livenessProbe: - # exec: - # command: ["/bin/true"] - - ## @param resources - object -required - ## datadog-agent resource requests and limits - ## Make sure to keep requests and limits equal to keep the pods in the Guaranteed QoS class - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # - resources: {} - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi + processAgent: + ## @param enabled - boolean - required + ## Set this to true to enable live process monitoring agent + ## Note: /etc/passwd is automatically mounted to allow username resolution. + ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset + # + enabled: false -## @param systemProbe - object - required -## Enable systemProbe agent and provide custom configs -# -systemProbe: - ## @param enabled - boolean - required - ## Set this to true to enable system-probe agent + ## @param systemProbe - object - required + ## Enable systemProbe agent and provide custom configs # - enabled: false + systemProbe: + ## @param enabled - boolean - required + ## Set this to true to enable system-probe agent + # + enabled: false - ## @param debugPort - integer - required - ## Specify the port to expose pprof and expvar for system-probe agent - # - debugPort: 0 + ## @param debugPort - integer - required + ## Specify the port to expose pprof and expvar for system-probe agent + # + debugPort: 0 - ## @param enableConntrack - boolean - required - ## Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data - ## Ref: http://conntrack-tools.netfilter.org/ - # - enableConntrack: true + ## @param enableConntrack - boolean - required + ## Enable the system-probe agent to connect to the netlink/conntrack subsystem to add NAT information to connection data + ## Ref: http://conntrack-tools.netfilter.org/ + # + enableConntrack: true - ## @param seccomp - string - required - ## Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges - ## Note that this will break `kubectl exec … -c system-probe -- /bin/bash` - # - seccomp: localhost/system-probe + ## @param seccomp - string - required + ## Apply an ad-hoc seccomp profile to the system-probe agent to restrict its privileges + ## Note that this will break `kubectl exec … -c system-probe -- /bin/bash` + # + seccomp: localhost/system-probe - ## @param seccompRoot - string - required - ## Specify the seccomp profile root directory - # - seccompRoot: /var/lib/kubelet/seccomp + ## @param seccompRoot - string - required + ## Specify the seccomp profile root directory + # + seccompRoot: /var/lib/kubelet/seccomp - ## @param bpfDebug - boolean - required - ## Enable logging for kernel debug - # - bpfDebug: false + ## @param bpfDebug - boolean - required + ## Enable logging for kernel debug + # + bpfDebug: false - ## @param apparmor profile - string - required - ## specify a apparmor profile for system-probe - # - apparmor: unconfined + ## @param apparmor profile - string - required + ## specify a apparmor profile for system-probe + # + apparmor: unconfined ## @param clusterAgent - object - required ## This is the Datadog Cluster Agent implementation that handles cluster-wide @@ -354,12 +324,33 @@ clusterAgent: # enabled: false - containerName: cluster-agent + ## @param image - object - required + ## Define the Datadog Cluster-Agent image to work with. + # image: + + ## @param repository - string - required + ## Define the repository to use: + # repository: datadog/cluster-agent - tag: 1.4.0 + + ## @param tag - string - required + ## Define the Cluster-Agent version to use. + # + tag: 1.5.2 + + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # pullPolicy: IfNotPresent + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + # pullSecrets: + # - name: "" + ## @param token - string - required ## This needs to be at least 32 characters a-zA-z ## It is a preshared key between the node agents and the cluster agent @@ -367,8 +358,26 @@ clusterAgent: # token: "" + ## @param replicas - integer - required + ## Specify the of cluster agent replicas, if > 1 it allow the cluster agent to + ## work in HA mode. + # replicas: 1 + ## @param rbac - object - required + ## Provide Cluster Agent Deployment pod(s) RBAC configuration + rbac: + + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + ## @param serviceAccountName - string - required + ## Ignored if clusterAgentrbac.create is true + # + serviceAccountName: default + ## @param metricsProvider - object - required ## Enable the metricsProvider to be able to scale based on metrics in Datadog # @@ -386,14 +395,6 @@ clusterAgent: ## port: 443 - ## @param clusterChecks - object - required - ## Enable the Cluster Checks feature on both the cluster-agents and the daemonset - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - ## Autodiscovery via Kube Service annotations is automatically enabled - # - clusterChecks: - enabled: false - ## @param confd - list of objects - optional ## Provide additional cluster check configurations ## Each key will become a file in /conf.d @@ -412,12 +413,12 @@ clusterAgent: ## Datadog cluster-agent resource requests and limits. # resources: {} -# requests: -# cpu: 200m -# memory: 256Mi -# limits: -# cpu: 200m -# memory: 256Mi + # requests: + # cpu: 200m + # memory: 256Mi + # limits: + # cpu: 200m + # memory: 256Mi ## @param priorityclassName - string - optional ## Name of the priorityClass to apply to the Cluster Agent @@ -431,24 +432,39 @@ clusterAgent: # # nodeSelector: {} - ## @param livenessProbe - object - optional + ## @param healthPort - integer - optional - default: 8080 + ## Port number use the cluster-agent to server healthz endpoint + healthPort: 8080 + + ## @param livenessProbe - object - required ## Override the agent's liveness probe logic from the default: ## In case of issues with the probe, you can disable it with the ## following values, to allow easier investigating: # - # livenessProbe: - # exec: - # command: ["/bin/true"] + livenessProbe: + httpGet: + port: 5000 + path: /metrics + scheme: HTTP - ## @param strategy - string - optional + ## @param readinessProbe - object - required + ## Override the cluster-agent's readiness probe logic from the default: + # + readinessProbe: + httpGet: + port: 5000 + path: /metrics + scheme: HTTP + + ## @param strategy - string - required ## Allow the Cluster Agent deployment to perform a rolling update on helm update ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # - # strategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 1 - # maxUnavailable: 0 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 ## @param podAnnotations - list of key:value strings - optional ## Annotations to add to the cluster-agents's pod(s) @@ -456,11 +472,6 @@ clusterAgent: # podAnnotations: # key: "value" - ## @param readinessProbe - object - optional - ## Override the cluster-agent's readiness probe logic from the default: - # - # readinessProbe: - ## @param useHostNetwork - boolean - optional ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might ## not be supported. The ports need to be available on all hosts. It can be @@ -491,20 +502,6 @@ clusterAgent: # # datadog_cluster_yaml: {} -rbac: - - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - ## @param serviceAccountName - string - required - ## Ignored if rbac.create is true - # - serviceAccountName: default - -tolerations: [] - kubeStateMetrics: ## @param enabled - boolean - required @@ -513,37 +510,7 @@ kubeStateMetrics: # enabled: true -kube-state-metrics: - rbac: - ## @param created - boolean - required - ## If true, create & use RBAC resources - # - create: true - - serviceAccount: - ## @param created - boolean - required - ## If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true - # - create: true - ## @param name - string - required - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - # - name: - - ## @param resources - object - optional - ## Resource requests and limits for the kube-state-metrics container. - # - # resources: - # requests: - # cpu: 200m - # memory: 256Mi - # limits: - # cpu: 200m - # memory: 256Mi - -daemonset: - +agents: ## @param enabled - boolean - required ## You should keep Datadog DaemonSet enabled! ## The exceptional case could be a situation when you need to run @@ -554,17 +521,55 @@ daemonset: # enabled: true - ## @param useDedicatedContainers - boolean - optional - ## Deploy each datadog agent process in a separate container. Allow fine-grained - ## control over allocated resources and better isolation. + ## @param image - object - required + ## Define the Datadog image to work with. # - # useDedicatedContainers: false + image: + + ## @param repository - string - required + ## Define the repository to use: + ## use "datadog/agent" for Datadog Agent 7 + ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 + # + repository: datadog/agent + + ## @param tag - string - required + ## Define the Agent version to use. + ## Use 7-jmx to enable jmx fetch collection + # + tag: "7" + + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # + pullPolicy: IfNotPresent + + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + # pullSecrets: + # - name: "" + + ## @param rbac - object - required + ## Provide Daemonset RBAC configuration + rbac: + + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + ## @param serviceAccountName - string - required + ## Ignored if daemonset.rbac.create is true + # + serviceAccountName: default containers: agent: ## @param env - list - required - ## Additionnal environment variables for the agent container. + ## Additional environment variables for the agent container. # # env: @@ -586,9 +591,24 @@ daemonset: # cpu: 200m # memory: 256Mi + ## @param livenessProbe - object - required + ## Override the agent's liveness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + livenessProbe: + httpGet: + path: /health + port: 5555 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + processAgent: ## @param env - list - required - ## Additionnal environment variables for the process-agent container. + ## Additional environment variables for the process-agent container. # # env: @@ -612,7 +632,7 @@ daemonset: traceAgent: ## @param env - list - required - ## Additionnal environment variables for the trace-agent container. + ## Additional environment variables for the trace-agent container. # # env: @@ -634,9 +654,21 @@ daemonset: # cpu: 100m # memory: 200Mi + ## @param livenessProbe - object - optional + ## Override the trace agent's liveness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + livenessProbe: + tcpSocket: + port: 8126 + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + systemProbe: ## @param env - list - required - ## Additionnal environment variables for the system-probe container. + ## Additional environment variables for the system-probe container. # # env: @@ -658,6 +690,34 @@ daemonset: # cpu: 100m # memory: 200Mi + initContainers: + ## @param resources - object - required + ## Resource requests and limits for the init containers. + # + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + ## @param volumes - list of objects - optional + ## Specify additional volumes to mount in the dd-agent container + # + # volumes: + # - hostPath: + # path: + # name: + + ## @param volumeMounts - list of objects - optional + ## Specify additional volumes to mount in the dd-agent container + # + # volumeMounts: + # - name: + # mountPath: + # readOnly: true + ## @param useHostNetwork - boolean - optional ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might ## not be supported. The ports need to be available on all hosts. It Can be @@ -668,22 +728,6 @@ daemonset: # # useHostNetwork: true - ## @param useHostPort - boolean - optional - ## Sets the hostPort to the same value of the container port. Needs to be used - ## to receive traces in a standard APM set up. Can be used as for sending custom metrics. - ## The ports need to be available on all hosts. - ## - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces are accepted from any host able to connect to this host. - # - # useHostPort: true - - ## @param useHostPID - boolean - optional - ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin - ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # - # useHostPID: true - ## @param podAnnotations - list of key:value strings - optional ## Annotations to add to the DaemonSet's Pods # @@ -711,10 +755,10 @@ daemonset: ## Allow the DaemonSet to perform a rolling update on helm update ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ # - # updateStrategy: - # type: RollingUpdate - # rollingUpdate: - # maxUnavailable: "10%" + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: "10%" ## @param priorityClassName - string - optional ## Sets PriorityClassName if defined. @@ -761,73 +805,66 @@ daemonset: # # agent version >= 6.15 # # jmx_use_container_support: true -deployment: +clusterChecksRunner: + ## @param enabled - boolean - required - ## Apart from DaemonSet, deploy Datadog agent pods and related service for - ## applications that want to send custom metrics. Provides DogStatsD service. + ## If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. + ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ # enabled: false - ## @param replicas - integer - required - ## If you want to use datadog.collectEvents, keep deployment.replicas set to 1. - # - replicas: 1 - - ## @param affinity - object - required - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # - affinity: {} - - ## @param tolerations - array - required - ## Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## @param image - object - required + ## Define the Datadog image to work with. # - tolerations: [] + image: - ## @param dogstatsdNodePort - integer - optional - ## If you're using a NodePort-type service and need a fixed port, set this parameter. - # - # dogstatsdNodePort: 8125 + ## @param repository - string - required + ## Define the repository to use: + ## use "datadog/agent" for Datadog Agent 7 + ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD 7 + # + repository: datadog/agent - ## @param traceNodePort - integer - optional - ## If you're using a NodePort-type service and need a fixed port, set this parameter. - # - # traceNodePort: 8126 + ## @param tag - string - required + ## Define the Agent version to use. + ## Use 7-jmx to enable jmx fetch collection + # + tag: "7" - ## @param service - object - required - ## - # - service: - type: ClusterIP - annotations: {} + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # + pullPolicy: IfNotPresent - ## @param priorityClassName - string - optional - ## Sets PriorityClassName if defined. - # - # priorityClassName: + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + # pullSecrets: + # - name: "" -clusterchecksDeployment: + ## @param rbac - object - required + ## Provide Cluster Checks Deployment pods RBAC configuration + rbac: - ## @param enabled - boolean - required - ## If true, deploys agent dedicated for running the Cluster Checks instead of running in the Daemonset's agents. - ## ref: https://docs.datadoghq.com/agent/autodiscovery/clusterchecks/ - # - enabled: false + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true - rbac: ## @param dedicated - boolean - required ## If true, use a dedicated RBAC resource for the cluster checks agent(s) # dedicated: false + ## @param serviceAccountName - string - required - ## Ignored if rbac.create is true + ## Ignored if clusterChecksRunner.rbac.create is true # serviceAccountName: default ## @param replicas - integer - required - ## If you want to deploy the cluckerchecks agent in HA, keep at least clusterchecksDeployment.replicas set to 2. - ## And increase the clusterchecksDeployment.replicas according to the number of Cluster Checks. + ## If you want to deploy the cluckerchecks agent in HA, keep at least clusterChecksRunner.replicas set to 2. + ## And increase the clusterChecksRunner.replicas according to the number of Cluster Checks. # replicas: 2 @@ -853,11 +890,11 @@ clusterchecksDeployment: ## Allow the ClusterChecks deployment to perform a rolling update on helm update ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # - # strategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 1 - # maxUnavailable: 0 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 ## @param nodeSelector - object - optional ## Allow the ClusterChecks Deployment to schedule on selected nodes @@ -887,3 +924,33 @@ clusterchecksDeployment: # env: # - name: # value: + + +kube-state-metrics: + rbac: + ## @param created - boolean - required + ## If true, create & use RBAC resources + # + create: true + + serviceAccount: + ## @param created - boolean - required + ## If true, create ServiceAccount, require rbac kube-state-metrics.rbac.create true + # + create: true + ## @param name - string - required + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + # + name: + + ## @param resources - object - optional + ## Resource requests and limits for the kube-state-metrics container. + # + # resources: + # requests: + # cpu: 200m + # memory: 256Mi + # limits: + # cpu: 200m + # memory: 256Mi From 6a62fe59d2ed35a2731627ff3d5c3a61106a63c9 Mon Sep 17 00:00:00 2001 From: Simone Lamberti <58550016+ni-slamberti@users.noreply.github.com> Date: Wed, 26 Feb 2020 19:28:20 +0100 Subject: [PATCH 294/304] [stable/prometheus] gRPC port on prometheus service (#21002) * add grpc service port to service template Signed-off-by: Simone Lamberti * update readme with grpc values Signed-off-by: Simone Lamberti * bump chart version Signed-off-by: Simone Lamberti --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/README.md | 3 +++ stable/prometheus/templates/server-service.yaml | 9 +++++++++ stable/prometheus/values.yaml | 6 ++++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 0bf72d960fa0..3f7b2e9749b3 100644 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: prometheus -version: 10.5.1 +version: 10.5.2 appVersion: 2.16.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index 0f8e0e1217ce..082061619338 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -358,6 +358,9 @@ Parameter | Description | Default `server.service.servicePort` | Prometheus server service port | `80` `server.service.sessionAffinity` | Session Affinity for server service, can be `None` or `ClientIP` | `None` `server.service.type` | type of Prometheus server service to create | `ClusterIP` +`server.service.gRPC.enabled` | If true, open a second port on the service for gRPC | `false` +`server.service.gRPC.servicePort` | Prometheus service gRPC port, (ignored if `server.service.gRPC.enabled` is not `true`) | `10901` +`server.service.gRPC.nodePort` | Port to be used as gRPC nodePort in the prometheus service | `0` `server.service.statefulsetReplica.enabled` | If true, send the traffic from the service to only one replica of the replicaset | `false` `server.service.statefulsetReplica.replica` | Which replica to send the traffice to | `0` `server.sidecarContainers` | array of snippets with your sidecar containers for prometheus server | `""` diff --git a/stable/prometheus/templates/server-service.yaml b/stable/prometheus/templates/server-service.yaml index a0c88eedd66e..1f06151c0388 100644 --- a/stable/prometheus/templates/server-service.yaml +++ b/stable/prometheus/templates/server-service.yaml @@ -37,6 +37,15 @@ spec: {{- if .Values.server.service.nodePort }} nodePort: {{ .Values.server.service.nodePort }} {{- end }} + {{- if .Values.server.service.gRPC.enabled }} + - name: grpc + port: {{ .Values.server.service.gRPC.servicePort }} + protocol: TCP + targetPort: 10901 + {{- if .Values.server.service.gRPC.nodePort }} + nodePort: {{ .Values.server.service.gRPC.nodePort }} + {{- end }} + {{- end }} selector: {{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }} statefulset.kubernetes.io/pod-name: {{ .Release.Name }}-{{ .Values.server.name }}-{{ .Values.server.service.statefulsetReplica.replica }} diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index 116cb6b55de7..0f5ba46cb95e 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -930,6 +930,12 @@ server: sessionAffinity: None type: ClusterIP + ## Enable gRPC port on service to allow auto discovery with thanos-querier + gRPC: + enabled: false + servicePort: 10901 + # nodePort: 10901 + ## If using a statefulSet (statefulSet.enabled=true), configure the ## service to connect to a specific replica to have a consistent view ## of the data. From 85251a83b3e0319101a160adf86232fb237a564c Mon Sep 17 00:00:00 2001 From: Joffrey Janiec Date: Wed, 26 Feb 2020 19:45:20 +0100 Subject: [PATCH 295/304] [stable/metrics-server] Add podLabels support (#21068) Signed-off-by: Joffrey Janiec --- stable/metrics-server/Chart.yaml | 2 +- stable/metrics-server/README.md | 1 + stable/metrics-server/templates/metrics-server-deployment.yaml | 3 +++ stable/metrics-server/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/metrics-server/Chart.yaml b/stable/metrics-server/Chart.yaml index 93928d5671bc..d11d6203f247 100755 --- a/stable/metrics-server/Chart.yaml +++ b/stable/metrics-server/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.3.6 description: Metrics Server is a cluster-wide aggregator of resource usage data. name: metrics-server -version: 2.9.0 +version: 2.10.0 keywords: - metrics-server home: https://github.com/kubernetes-incubator/metrics-server diff --git a/stable/metrics-server/README.md b/stable/metrics-server/README.md index c5383271a4a7..5c6ca818edf7 100644 --- a/stable/metrics-server/README.md +++ b/stable/metrics-server/README.md @@ -25,6 +25,7 @@ Parameter | Description | Default `extraVolumeMounts` | Ability to provide volume mounts to the pod | `[]` `extraVolumes` | Ability to provide volumes to the pod | `[]` `livenessProbe` | Container liveness probe | See values.yaml +`podLabels` | Labels to be added to pods | `{}` `podAnnotations` | Annotations to be added to pods | `{}` `priorityClassName` | Pod priority class | `""` `readinessProbe` | Container readiness probe | See values.yaml diff --git a/stable/metrics-server/templates/metrics-server-deployment.yaml b/stable/metrics-server/templates/metrics-server-deployment.yaml index ae4f27cfdeb9..2c1a0c737afe 100644 --- a/stable/metrics-server/templates/metrics-server-deployment.yaml +++ b/stable/metrics-server/templates/metrics-server-deployment.yaml @@ -18,6 +18,9 @@ spec: labels: app: {{ template "metrics-server.name" . }} release: {{ .Release.Name }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} + {{- end }} {{- with .Values.podAnnotations }} annotations: {{- range $key, $value := . }} diff --git a/stable/metrics-server/values.yaml b/stable/metrics-server/values.yaml index 6890ba0d2510..ba752a35dfea 100644 --- a/stable/metrics-server/values.yaml +++ b/stable/metrics-server/values.yaml @@ -50,6 +50,8 @@ replicas: 1 extraContainers: [] +podLabels: {} + podAnnotations: {} # The following annotations guarantee scheduling for critical add-on pods. # See more at: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ From 18e4853b4b6f712910bf2958400b3903552d6d11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A1ndor=20Guba?= Date: Wed, 26 Feb 2020 19:53:20 +0100 Subject: [PATCH 296/304] [stable/grafana] move datasource provider to containers (#20985) Signed-off-by: tarokkk --- stable/grafana/Chart.yaml | 2 +- stable/grafana/templates/_pod.tpl | 56 +++++++++++++++---------------- stable/grafana/values.yaml | 2 ++ 3 files changed, 31 insertions(+), 29 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index c97f039e4117..e3a10856a7d4 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 5.0.1 +version: 5.0.2 appVersion: 6.6.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/templates/_pod.tpl b/stable/grafana/templates/_pod.tpl index 23842821be83..e0e6e6fc5845 100644 --- a/stable/grafana/templates/_pod.tpl +++ b/stable/grafana/templates/_pod.tpl @@ -13,7 +13,7 @@ securityContext: {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} -{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.extraInitContainers) }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.extraInitContainers) }} initContainers: {{- end }} {{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} @@ -58,33 +58,6 @@ initContainers: readOnly: {{ .readOnly }} {{- end }} {{- end }} -{{- if .Values.sidecar.datasources.enabled }} - - name: {{ template "grafana.name" . }}-sc-datasources - image: "{{ .Values.sidecar.image }}" - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - - name: METHOD - value: LIST - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - - name: RESOURCE - value: "both" - {{- if .Values.sidecar.datasources.searchNamespace }} - - name: NAMESPACE - value: "{{ .Values.sidecar.datasources.searchNamespace }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - resources: -{{ toYaml .Values.sidecar.resources | indent 6 }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} {{- if .Values.extraInitContainers }} {{ toYaml .Values.extraInitContainers | indent 2 }} {{- end }} @@ -121,6 +94,33 @@ containers: volumeMounts: - name: sc-dashboard-volume mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + image: "{{ .Values.sidecar.image }}" + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.datasources.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: "both" + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" {{- end}} - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index 181df0926964..324452abcf72 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -471,6 +471,8 @@ sidecar: allowUiUpdates: false datasources: enabled: false + ## Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH # label that the configmaps with datasources are marked with label: grafana_datasource # If specified, the sidecar will search for datasource config-maps inside this namespace. From 52cc1ecd07a2c0e8801fbcb3ba52f6c43d301132 Mon Sep 17 00:00:00 2001 From: Chris Sng Date: Thu, 27 Feb 2020 05:47:19 +0800 Subject: [PATCH 297/304] Affinity settings (#20436) Signed-off-by: Chris Sng --- stable/docker-registry/Chart.yaml | 2 +- stable/docker-registry/README.md | 1 + stable/docker-registry/templates/deployment.yaml | 5 ++++- stable/docker-registry/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/docker-registry/Chart.yaml b/stable/docker-registry/Chart.yaml index c8e41309f05d..3462fb1c2f4f 100644 --- a/stable/docker-registry/Chart.yaml +++ b/stable/docker-registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Docker Registry name: docker-registry -version: 1.9.1 +version: 1.9.2 appVersion: 2.7.1 home: https://hub.docker.com/_/registry/ icon: https://hub.docker.com/public/images/logos/mini-logo.svg diff --git a/stable/docker-registry/README.md b/stable/docker-registry/README.md index b4d16d65d0b9..65796f216714 100644 --- a/stable/docker-registry/README.md +++ b/stable/docker-registry/README.md @@ -66,6 +66,7 @@ their default values. | `swift.authurl` | Swift authurl | `nil` | | `swift.container` | Swift container | `nil` | | `nodeSelector` | node labels for pod assignment | `{}` | +| `affinity` | affinity settings | `{}` | | `tolerations` | pod tolerations | `[]` | | `ingress.enabled` | If true, Ingress will be created | `false` | | `ingress.annotations` | Ingress annotations | `{}` | diff --git a/stable/docker-registry/templates/deployment.yaml b/stable/docker-registry/templates/deployment.yaml index b630afa596af..a146d763bc9b 100644 --- a/stable/docker-registry/templates/deployment.yaml +++ b/stable/docker-registry/templates/deployment.yaml @@ -182,6 +182,10 @@ spec: nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} @@ -215,4 +219,3 @@ spec: {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} - diff --git a/stable/docker-registry/values.yaml b/stable/docker-registry/values.yaml index f67329650ed5..245cd9209daf 100644 --- a/stable/docker-registry/values.yaml +++ b/stable/docker-registry/values.yaml @@ -124,6 +124,8 @@ podDisruptionBudget: {} nodeSelector: {} +affinity: {} + tolerations: [] extraVolumeMounts: [] From 012ff2d86bb2c127aec4905ad125bdb9017e93f2 Mon Sep 17 00:00:00 2001 From: Christian Groschupp Date: Wed, 26 Feb 2020 22:55:19 +0100 Subject: [PATCH 298/304] [stable/fluent-bit] Add serviceAccount annotations (#21056) * [stable/fluent-bit] Add serviceAccount annotations Signed-off-by: Christian Groschupp * Bump fluent-bit chart to version 2.8.11 Signed-off-by: Christian Groschupp --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/README.md | 1 + stable/fluent-bit/templates/serviceaccount.yaml | 4 ++++ stable/fluent-bit/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 9d2a69e35a03..f0a70e92dd02 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: fluent-bit -version: 2.8.10 +version: 2.8.11 appVersion: 1.3.7 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index cb8b16d9b389..2ece5deed027 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -142,6 +142,7 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `rbac.pspEnabled` | Specifies whether a PodSecurityPolicy should be created. | `false` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created. | `true` | | `serviceAccount.name` | The name of the ServiceAccount to use. | `NULL` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | | `rawConfig` | Raw contents of fluent-bit.conf | `@INCLUDE fluent-bit-service.conf`
`@INCLUDE fluent-bit-input.conf`
`@INCLUDE fluent-bit-filter.conf`
` @INCLUDE fluent-bit-output.conf` | | `resources` | Pod resource requests & limits | `{}` | | `securityContext` | [Security settings for a container](https://kubernetes.io/docs/concepts/policy/security-context) | `{}` | diff --git a/stable/fluent-bit/templates/serviceaccount.yaml b/stable/fluent-bit/templates/serviceaccount.yaml index c7f4307e9a4d..1a1b1a0b1cd0 100644 --- a/stable/fluent-bit/templates/serviceaccount.yaml +++ b/stable/fluent-bit/templates/serviceaccount.yaml @@ -8,4 +8,8 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "fluent-bit.serviceAccountName" . }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end -}} diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index 871fb07b73f6..2ecf44ce3ebc 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -290,6 +290,8 @@ taildb: serviceAccount: # Specifies whether a ServiceAccount should be created create: true + # Annotations to add to the service account + annotations: {} # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: From 6a9da11bd99a6cf68a6f314936f98b30f8b4656c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 26 Feb 2020 22:55:27 +0100 Subject: [PATCH 299/304] [stable/postgresql] Release 8.4.3 updating components versions (#21062) Signed-off-by: Bitnami Containers --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/values-production.yaml | 4 ++-- stable/postgresql/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index d26df16416dc..751406db2f76 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: postgresql -version: 8.4.2 +version: 8.4.3 appVersion: 11.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 80811837261c..4b72fd2ac946 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -15,7 +15,7 @@ global: image: registry: docker.io repository: bitnami/postgresql - tag: 11.7.0-debian-10-r8 + tag: 11.7.0-debian-10-r9 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -449,7 +449,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r15 + tag: 0.8.0-debian-10-r28 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index dc93921a611d..ab158f96e4a5 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -15,7 +15,7 @@ global: image: registry: docker.io repository: bitnami/postgresql - tag: 11.7.0-debian-10-r8 + tag: 11.7.0-debian-10-r9 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -457,7 +457,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.8.0-debian-10-r15 + tag: 0.8.0-debian-10-r28 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 42d756b0d9d0fe4bbc2d005d5776d40836c0b1ce Mon Sep 17 00:00:00 2001 From: Fabrizio Fortino Date: Wed, 26 Feb 2020 23:03:20 +0100 Subject: [PATCH 300/304] cerebro: add support for extra deployment labels (#21053) Signed-off-by: fabriziofortino --- stable/cerebro/Chart.yaml | 2 +- stable/cerebro/README.md | 1 + stable/cerebro/templates/deployment.yaml | 3 +++ stable/cerebro/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/cerebro/Chart.yaml b/stable/cerebro/Chart.yaml index f14c0f9c33bb..441a54564612 100644 --- a/stable/cerebro/Chart.yaml +++ b/stable/cerebro/Chart.yaml @@ -1,5 +1,5 @@ name: cerebro -version: 1.3.1 +version: 1.4.0 appVersion: 0.8.5 apiVersion: v1 description: A Helm chart for Cerebro - a web admin tool that replaces Kopf. diff --git a/stable/cerebro/README.md b/stable/cerebro/README.md index 72ee027dbef3..b85dd458c7f9 100644 --- a/stable/cerebro/README.md +++ b/stable/cerebro/README.md @@ -49,6 +49,7 @@ The following table lists the configurable parameters of the cerebro chart and t | `init.image.tag` | The image tag to pull | `musl` | | `init.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `deployment.annotations` | Annotations for deployment | `{}` | +| `deployment.labels` | Additional labels for deployment | `{}` | | `service.type` | Type of Service | `ClusterIP` | | `service.port` | Port for kubernetes service | `80` | | `service.annotations` | Annotations to add to the service | `{}` | diff --git a/stable/cerebro/templates/deployment.yaml b/stable/cerebro/templates/deployment.yaml index ac0f34e62b2b..2ad5c02acf28 100644 --- a/stable/cerebro/templates/deployment.yaml +++ b/stable/cerebro/templates/deployment.yaml @@ -7,6 +7,9 @@ metadata: chart: {{ template "cerebro.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + {{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- if .Values.deployment.annotations }} annotations: {{ toYaml .Values.deployment.annotations | indent 4 }} diff --git a/stable/cerebro/values.yaml b/stable/cerebro/values.yaml index 50353e8b8339..c34aac4ec545 100644 --- a/stable/cerebro/values.yaml +++ b/stable/cerebro/values.yaml @@ -12,6 +12,8 @@ image: pullPolicy: IfNotPresent deployment: + # additionals labels + labels: {} annotations: {} service: From f8994062d2908b82209e4dd8127de45f8d26f5d1 Mon Sep 17 00:00:00 2001 From: Gareth Luckett Date: Wed, 26 Feb 2020 22:11:20 +0000 Subject: [PATCH 301/304] Update Grafana to 6.6.2 (#21051) Signed-off-by: Gareth Luckett Co-authored-by: David J. M. Karlsen --- stable/grafana/Chart.yaml | 4 ++-- stable/grafana/README.md | 2 +- stable/grafana/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index e3a10856a7d4..d1481095d160 100644 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: grafana -version: 5.0.2 -appVersion: 6.6.1 +version: 5.0.3 +appVersion: 6.6.2 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 059111ccefa7..5003f778f1a0 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -52,7 +52,7 @@ You have to add --force to your helm upgrade command as the labels of the chart | `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` | | `priorityClassName` | Name of Priority Class to assign pods | `nil` | | `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Image tag (`Must be >= 5.0.0`) | `6.6.1` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `6.6.2` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `{}` | | `service.type` | Kubernetes service type | `ClusterIP` | diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index 324452abcf72..cb1467159df1 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -50,7 +50,7 @@ livenessProbe: image: repository: grafana/grafana - tag: 6.6.1 + tag: 6.6.2 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From ac47f27e23bbd3498fcef5375881cdcb4364ca35 Mon Sep 17 00:00:00 2001 From: jaramon <32755098+jaramon@users.noreply.github.com> Date: Thu, 27 Feb 2020 07:11:32 +0900 Subject: [PATCH 302/304] Allowing nodePort to be specified (#21066) Signed-off-by: Yu Ichijo --- stable/metabase/Chart.yaml | 2 +- stable/metabase/README.md | 1 + stable/metabase/templates/service.yaml | 3 +++ stable/metabase/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 633bc816aaa8..711f7090e334 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.10.4 +version: 0.10.5 appVersion: v0.34.0 maintainers: - name: pmint93 diff --git a/stable/metabase/README.md b/stable/metabase/README.md index dab13c652fbe..61c46714990e 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -85,6 +85,7 @@ The following table lists the configurable parameters of the Metabase chart and | service.loadBalancerSourceRanges | Array of Source Ranges | null | | service.externalPort | Service external port | 80 | | service.internalPort | Service internal port, should be the same as `listen.port` | 3000 | +| service.nodePort | Service node port | null | | service.annotations | Service annotations | {} | | ingress.enabled | Enable ingress controller resource | false | | ingress.hosts | Ingress resource hostnames | null | diff --git a/stable/metabase/templates/service.yaml b/stable/metabase/templates/service.yaml index 42bd631c4aec..dbcd2cd1e44b 100644 --- a/stable/metabase/templates/service.yaml +++ b/stable/metabase/templates/service.yaml @@ -21,6 +21,9 @@ spec: ports: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} +{{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} +{{- end}} protocol: TCP name: {{ .Values.service.name }} selector: diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index a389d2558384..c2768806a1ac 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -78,6 +78,8 @@ service: type: ClusterIP externalPort: 80 internalPort: 3000 + # Used to fix NodePort when service.type: NodePort. + nodePort: annotations: {} # Used to add custom annotations to the Service. # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" From 845bfd6a7e7e65604702fba76e79f2c56d25e1af Mon Sep 17 00:00:00 2001 From: Marco Date: Wed, 26 Feb 2020 23:25:19 +0100 Subject: [PATCH 303/304] [stable/graylog] Fixed missing values from README (#21055) * Fixed missing values from README Signed-off-by: Marco Bulgarini * Chart bump Signed-off-by: Marco Bulgarini --- stable/graylog/Chart.yaml | 2 +- stable/graylog/README.md | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/stable/graylog/Chart.yaml b/stable/graylog/Chart.yaml index d569c0161f21..cab4754b3734 100755 --- a/stable/graylog/Chart.yaml +++ b/stable/graylog/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: graylog home: https://www.graylog.org -version: 1.5.8 +version: 1.5.9 appVersion: 3.1 description: Graylog is the centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. keywords: diff --git a/stable/graylog/README.md b/stable/graylog/README.md index 64f9f7fc5586..cffef5d8134a 100644 --- a/stable/graylog/README.md +++ b/stable/graylog/README.md @@ -148,6 +148,15 @@ The following table lists the configurable parameters of the Graylog chart and t | `graylog.mongodb.uriSecretName` | K8s secret name where MongoDB URI will be set from. | `{{ graylog.fullname }}` | | `graylog.mongodb.uriSecretKey` | K8s secret key name where MongoDB URI will be set from. | `` | | `graylog.transportEmail.enabled` | If true, enable transport email settings on Graylog | `false` | +| `graylog.transportEmail.hostname` | The hostname of the server used to send the email | `` | +| `graylog.transportEmail.port` | The port of the server used to send the email | `` | +| `graylog.transportEmail.useTls` | If true, use TLS to connect to the mailserver | `` | +| `graylog.transportEmail.useSsl` | If true, use SSL to connect to the mailserver | `` | +| `graylog.transportEmail.useAuth` | If true, authenticate to the email server | `` | +| `graylog.transportEmail.authUsername` | The username for server authentication | `` | +| `graylog.transportEmail.authPassword` | The password for server authentication | `` | +| `graylog.transportEmail.subjectPrefix` | Prepend this string to every mail subjects | `` | +| `graylog.transportEmail.fromEmail` | Use this as a FROM address | `` | | `graylog.config` | Add additional server configuration to `graylog.conf` file. | `` | | `graylog.serverFiles` | Add additional server files on /etc/graylog/server. This is useful for enable TLS on input | `{}` | | `graylog.journal.deleteBeforeStart` | Delete all journal files before start Graylog | `false` | From ee50ef74be87fb5afe14abb90d81e03c5d8b1c8b Mon Sep 17 00:00:00 2001 From: Thibault Cohen Date: Wed, 26 Feb 2020 17:43:19 -0500 Subject: [PATCH 304/304] [Weave Scope] Add priorityClassName for DaemonSet (#20893) Signed-off-by: Thibault Cohen --- stable/weave-scope/Chart.yaml | 2 +- stable/weave-scope/README.md | 1 + stable/weave-scope/charts/weave-scope-agent/Chart.yaml | 2 +- .../charts/weave-scope-agent/templates/daemonset.yaml | 3 +++ stable/weave-scope/charts/weave-scope-cluster-agent/Chart.yaml | 2 +- stable/weave-scope/charts/weave-scope-frontend/Chart.yaml | 2 +- stable/weave-scope/values.yaml | 1 + 7 files changed, 9 insertions(+), 4 deletions(-) diff --git a/stable/weave-scope/Chart.yaml b/stable/weave-scope/Chart.yaml index 713f6416b56f..7772757e0e0e 100644 --- a/stable/weave-scope/Chart.yaml +++ b/stable/weave-scope/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: weave-scope -version: 1.1.8 +version: 1.1.9 appVersion: 1.12.0 description: A Helm chart for the Weave Scope cluster visualizer. keywords: diff --git a/stable/weave-scope/README.md b/stable/weave-scope/README.md index 6e7101d5a9cb..075eca3eec8a 100644 --- a/stable/weave-scope/README.md +++ b/stable/weave-scope/README.md @@ -87,6 +87,7 @@ The **agent** section controls how the Weave Scope node agent pods are installed | **dockerBridge** | the name of the Docker bridge interface | `docker0` | | **scopeFrontendAddr** | the host:port of a Scope frontend to send data to -- this is only needed in cases where the frontend is deployed separately from the agent (e.g. an install outside the cluster or a pre-existing install inside it) | | | **probeToken** | the token used to connect to Weave Cloud -- this is not needed for connecting to non-cloud Scope frontends | | +| **priorityClassName** | The priorityClassName used for the Daemonset | | | **readOnly** | disables all controls (e.g. start/stop, terminal, logs, etc.) | `false` | | **resources.*** | controls requests/limits for the agent (these values are all optional) | | | **resources.requests.cpu** | CPU request in MHz (m) | | diff --git a/stable/weave-scope/charts/weave-scope-agent/Chart.yaml b/stable/weave-scope/charts/weave-scope-agent/Chart.yaml index 77d69f36c15c..de68cb18007b 100644 --- a/stable/weave-scope/charts/weave-scope-agent/Chart.yaml +++ b/stable/weave-scope/charts/weave-scope-agent/Chart.yaml @@ -1,6 +1,6 @@ description: A Helm chart for the Weave Scope cluster visualizer node agent. name: weave-scope-agent -version: 1.1.8 +version: 1.1.9 appVersion: 1.12.0 keywords: - containers diff --git a/stable/weave-scope/charts/weave-scope-agent/templates/daemonset.yaml b/stable/weave-scope/charts/weave-scope-agent/templates/daemonset.yaml index 4d5036af2b01..d2ebbf64a1dc 100644 --- a/stable/weave-scope/charts/weave-scope-agent/templates/daemonset.yaml +++ b/stable/weave-scope/charts/weave-scope-agent/templates/daemonset.yaml @@ -25,6 +25,9 @@ spec: tolerations: - effect: NoSchedule operator: Exists + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} containers: - name: {{ template "weave-scope-agent.name" . }} image: "{{ .Values.global.image.repository }}:{{ .Values.global.image.tag }}" diff --git a/stable/weave-scope/charts/weave-scope-cluster-agent/Chart.yaml b/stable/weave-scope/charts/weave-scope-cluster-agent/Chart.yaml index ca7ce02b9c06..77fb40e4cf89 100644 --- a/stable/weave-scope/charts/weave-scope-cluster-agent/Chart.yaml +++ b/stable/weave-scope/charts/weave-scope-cluster-agent/Chart.yaml @@ -1,6 +1,6 @@ description: A Helm chart for the Weave Scope cluster visualizer node agent. name: weave-scope-cluster-agent -version: 1.1.8 +version: 1.1.9 appVersion: 1.12.0 keywords: - containers diff --git a/stable/weave-scope/charts/weave-scope-frontend/Chart.yaml b/stable/weave-scope/charts/weave-scope-frontend/Chart.yaml index 715296a7157d..86eefee0e6e3 100644 --- a/stable/weave-scope/charts/weave-scope-frontend/Chart.yaml +++ b/stable/weave-scope/charts/weave-scope-frontend/Chart.yaml @@ -1,6 +1,6 @@ description: A Helm chart for the Weave Scope cluster visualizer frontend. name: weave-scope-frontend -version: 1.1.8 +version: 1.1.9 appVersion: 1.12.0 keywords: - containers diff --git a/stable/weave-scope/values.yaml b/stable/weave-scope/values.yaml index 9b7b8d7b4d84..64f3a3561c7a 100644 --- a/stable/weave-scope/values.yaml +++ b/stable/weave-scope/values.yaml @@ -60,6 +60,7 @@ weave-scope-frontend: weave-scope-agent: enabled: true flags: [] + # priorityClassName: # weave-scope-agent.dockerBridge: (required if agent.enabled == true) the name of the Docker bridge interface dockerBridge: "docker0" # weave-scope-agent.scopeFrontendAddr: the host:port of a Scope frontend to send data to