diff --git a/incubator/kafka/Chart.yaml b/incubator/kafka/Chart.yaml index 7cf28b24c4db..e78275af6911 100755 --- a/incubator/kafka/Chart.yaml +++ b/incubator/kafka/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Apache Kafka is publish-subscribe messaging rethought as a distributed commit log. name: kafka -version: 0.16.2 +version: 0.16.3 appVersion: 5.0.1 keywords: - kafka diff --git a/incubator/kafka/README.md b/incubator/kafka/README.md index d34da48e6953..304e2faae633 100644 --- a/incubator/kafka/README.md +++ b/incubator/kafka/README.md @@ -85,7 +85,7 @@ following configurable parameters: | `podAnnotations` | Annotation to be added to Kafka pods | `{}` | | `podLabels` | Labels to be added to Kafka pods | `{}` | | `envOverrides` | Add additional Environment Variables in the dictionary format | `{ zookeeper.sasl.enabled: "False" }` | -| `configurationOverrides` | `Kafka ` [configuration setting][brokerconfigs] overrides in the dictionary format | `{ offsets.topic.replication.factor: 3 }` | +| `configurationOverrides` | `Kafka ` [configuration setting][brokerconfigs] overrides in the dictionary format | `{ "confluent.support.metrics.enable": false }` | | `secrets` | Pass any secrets to the kafka pods. Each secret will be passed as an environment variable by default. The secret can also be mounted to a specific path if required. Environment variable names are generated as: `_` (All upper case) | `{}` | | `additionalPorts` | Additional ports to expose on brokers. Useful when the image exposes metrics (like prometheus, etc.) through a javaagent instead of a sidecar | `{}` | | `readinessProbe.initialDelaySeconds` | Number of seconds before probe is initiated. | `30` | diff --git a/incubator/kafka/templates/_helpers.tpl b/incubator/kafka/templates/_helpers.tpl index 22846779d72d..7d67a7f0cbc9 100644 --- a/incubator/kafka/templates/_helpers.tpl +++ b/incubator/kafka/templates/_helpers.tpl @@ -52,6 +52,14 @@ else use user-provided URL {{- end -}} {{- end -}} +{{/* +Derive offsets.topic.replication.factor in following priority order: configurationOverrides, replicas +*/}} +{{- define "kafka.replication.factor" }} +{{- $replicationFactorOverride := index .Values "configurationOverrides" "offsets.topic.replication.factor" }} +{{- default .Values.replicas $replicationFactorOverride }} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/incubator/kafka/templates/statefulset.yaml b/incubator/kafka/templates/statefulset.yaml index 31478113e310..9e658b0a1d53 100644 --- a/incubator/kafka/templates/statefulset.yaml +++ b/incubator/kafka/templates/statefulset.yaml @@ -158,6 +158,8 @@ spec: fieldPath: metadata.namespace - name: KAFKA_HEAP_OPTS value: {{ .Values.kafkaHeapOptions }} + - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR + value: {{ include "kafka.replication.factor" . | quote }} {{- if not (hasKey .Values.configurationOverrides "zookeeper.connect") }} - name: KAFKA_ZOOKEEPER_CONNECT value: {{ include "zookeeper.url" . | quote }} diff --git a/incubator/kafka/values.yaml b/incubator/kafka/values.yaml index 307a2461a1d6..36281c68bc1c 100644 --- a/incubator/kafka/values.yaml +++ b/incubator/kafka/values.yaml @@ -169,7 +169,6 @@ podLabels: {} ## ref: https://kafka.apache.org/documentation/#brokerconfigs ## configurationOverrides: - "offsets.topic.replication.factor": 3 "confluent.support.metrics.enable": false # Disables confluent metric submission # "auto.leader.rebalance.enable": true # "auto.create.topics.enable": true diff --git a/incubator/mysqlha/Chart.yaml b/incubator/mysqlha/Chart.yaml index 52c55148e0c2..67954c45802b 100644 --- a/incubator/mysqlha/Chart.yaml +++ b/incubator/mysqlha/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mysqlha -version: 0.7.1 +version: 0.8.0 appVersion: 5.7.13 description: MySQL cluster with a single master and zero or more slave replicas keywords: diff --git a/incubator/mysqlha/README.md b/incubator/mysqlha/README.md index fdcb7841bfc2..d92471b33078 100644 --- a/incubator/mysqlha/README.md +++ b/incubator/mysqlha/README.md @@ -37,6 +37,7 @@ The following table lists the configurable parameters of the MySQL chart and the | ----------------------------------------- | ------------------------------------------------- | -------------------------------------- | | `mysqlImage` | `mysql` image and tag. | `mysql:5.7.13` | | `xtraBackupImage` | `xtrabackup` image and tag. | `gcr.io/google-samples/xtrabackup:1.0` | +| `imagePullPolicy` | Image pull policy. | `IfNotPresent` | | `replicaCount` | Number of MySQL replicas | 3 | | `mysqlRootPassword` | Password for the `root` user. | Randomly generated | | `mysqlUser` | Username of new user to create. | `nil` | diff --git a/incubator/mysqlha/templates/NOTES.txt b/incubator/mysqlha/templates/NOTES.txt index dec0da63314a..a9dbef981959 100644 --- a/incubator/mysqlha/templates/NOTES.txt +++ b/incubator/mysqlha/templates/NOTES.txt @@ -12,8 +12,16 @@ To connect to your database: 2. Run a pod to use as a client: - kubectl run mysql-client --image={{ .Values.mysqlImage }} -it --rm --restart=Never -- /bin/sh + kubectl run mysql-client --image={{ .Values.mysqlImage }} -it --rm --restart='Never' --namespace {{ .Release.Namespace }} -- /bin/sh -2. Open a connection to one of the MySQL pods +3. To connect to Master service (read/write): - mysql -h {{ template "fullname" . }}-0.{{ template "fullname" . }} -p + mysql -h {{ template "fullname" . }}-0.{{ template "fullname" . }} -u root -p + +{{- if lt 1 (.Values.mysqlha.replicaCount | int64) }} + +4. To connect to slave service (read-only): + + mysql -h {{ template "fullname" . }}-readonly -u root -p + +{{- end }} diff --git a/incubator/mysqlha/templates/statefulset.yaml b/incubator/mysqlha/templates/statefulset.yaml index ae6527de1ae9..6044da50441a 100644 --- a/incubator/mysqlha/templates/statefulset.yaml +++ b/incubator/mysqlha/templates/statefulset.yaml @@ -25,6 +25,7 @@ spec: initContainers: - name: clone-mysql image: {{ .Values.xtraBackupImage }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} command: - bash - "-c" @@ -58,6 +59,7 @@ spec: mountPath: /etc/mysql/conf.d - name: init-mysql image: {{ .Values.mysqlImage }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} command: ["/bin/bash"] args: - "-c" @@ -89,6 +91,7 @@ spec: containers: - name: mysql image: {{ .Values.mysqlImage }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} env: - name: MYSQL_DATABASE value: {{ default "" .Values.mysqlha.mysqlDatabase | quote }} @@ -146,6 +149,7 @@ spec: timeoutSeconds: 1 - name: xtrabackup image: {{ .Values.xtraBackupImage }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} env: - name: MYSQL_PWD valueFrom: @@ -226,7 +230,7 @@ spec: {{- if .Values.metrics.enabled }} - name: metrics image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}" - imagePullPolicy: {{ .Values.pullPolicy | quote }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} {{- if .Values.mysqlha.mysqlAllowEmptyPassword }} command: ['sh', '-c', 'DATA_SOURCE_NAME="root@(localhost:3306)/" /bin/mysqld_exporter' ] {{- else }} diff --git a/incubator/mysqlha/values.yaml b/incubator/mysqlha/values.yaml index 341ecc534fb0..0c8e23b073d9 100644 --- a/incubator/mysqlha/values.yaml +++ b/incubator/mysqlha/values.yaml @@ -4,6 +4,12 @@ mysqlImage: mysql:5.7.13 xtraBackupImage: gcr.io/google-samples/xtrabackup:1.0 +## Specify an imagePullPolicy (Required) +## It's recommended to change this to 'Always' if the image tag is 'latest' +## ref: http://kubernetes.io/docs/user-guide/images/#updating-images +## +imagePullPolicy: IfNotPresent + mysqlha: replicaCount: 3 @@ -76,7 +82,6 @@ metrics: enabled: false image: prom/mysqld-exporter imageTag: v0.10.0 - imagePullPolicy: IfNotPresent annotations: {} livenessProbe: diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index 2afef72f780f..f120424f8fc2 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.73.0 +appVersion: 0.74.1 description: A Helm chart for Datawire Ambassador name: ambassador -version: 3.1.0 +version: 3.2.0 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index b06458a9f471..5cb669bf4fe1 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -62,7 +62,7 @@ The following tables lists the configurable parameters of the Ambassador chart a | `env` | Any additional environment variables for ambassador pods | `{}` | | `image.pullPolicy` | Ambassador image pull policy | `IfNotPresent` | | `image.repository` | Ambassador image | `quay.io/datawire/ambassador` | -| `image.tag` | Ambassador image tag | `0.72.0` | +| `image.tag` | Ambassador image tag | `0.74.1` | | `imagePullSecrets` | Image pull secrets | `[]` | | `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | | `scope.singleNamespace` | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false` | @@ -93,10 +93,9 @@ The following tables lists the configurable parameters of the Ambassador chart a | `volumes` | Volumes for the ambassador service | `[]` | | `pro.enabled` | Installs the Ambassador Pro container as a sidecar to Ambassador | `false` | | `pro.image.repository` | Ambassador Pro image | `quay.io/datawire/ambassador_pro` | -| `pro.image.tag` | Ambassador Pro image tag | `amb-sidecar-0.4.0` | +| `pro.image.tag` | Ambassador Pro image tag | `amb-sidecar-0.6.0` | | `pro.ports.auth` | Ambassador Pro authentication port | `8500` | -| `pro.ports.ratelimit` | Ambassador Pro ratelimit port | `8501` | -| `pro.ports.ratelimitDebug` | Debug port for Ambassador Pro ratelimit | `8502` | +| `pro.ports.ratelimit` | Ambassador Pro ratelimit port | `8500` | | `pro.licenseKey.value` | License key for Ambassador Pro | "" | | `pro.licenseKey.secret` | Stores the license key as a base64-encoded string in a Kubernetes secret | `false` | | `autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | `false` | @@ -110,12 +109,7 @@ The following tables lists the configurable parameters of the Ambassador chart a Ambassador configuration is done through annotations on Kubernetes services or Custom Resource Definitions (CRDs). The `service.annotations` section of the values file contains commented out examples of [Ambassador Module](https://www.getambassador.io/reference/core/ambassador) and a global [TLSContext](https://www.getambassador.io/reference/core/tls) configurations which are typically created in the Ambassador service. -If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above, -and remember that you'll have to escape newlines. For example, the annotation above could be defined as - -``` -service.annotations: { "getambassador.io/config": "---\napiVersion: ambassador/v1\nkind: Module\nname: ambassador\nconfig:\n service_port: 8080" } -``` +If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above. ### Ambassador Pro @@ -123,6 +117,8 @@ Setting `pro.enabled: true` will install Ambassador Pro as a sidecar to Ambassad You must set the `pro.licenseKey.value` to the license key issued to you. Sign up for a [free trial](https://www.getambassador.io/pro/free-trial) of Ambassador Pro or [contact](https://www.getambassador.io/contact) our sales team to obtain a license key. +`pro.ports.auth` and `pro.ports.ratelimit` must be the same value. If changing one, you must change the other. + For most use cases, `pro.image` and `pro.ports` can be left as default. ### Specifying Values diff --git a/stable/ambassador/templates/deployment.yaml b/stable/ambassador/templates/deployment.yaml index f48cb0d8ed2e..38336e6b06fd 100644 --- a/stable/ambassador/templates/deployment.yaml +++ b/stable/ambassador/templates/deployment.yaml @@ -165,19 +165,13 @@ spec: containerPort: {{ .Values.pro.ports.auth }} - name: grpc-ratelimit containerPort: {{ .Values.pro.ports.ratelimit }} - - name: http-debug - containerPort: {{ .Values.pro.ports.ratelimitDebug }} env: - name: REDIS_SOCKET_TYPE value: tcp - name: REDIS_URL value: {{ include "ambassador.fullname" . }}-pro-redis:6379 - - name: APRO_AUTH_PORT + - name: APRO_HTTP_PORT value: "{{ .Values.pro.ports.auth }}" - - name: GRPC_PORT - value: "{{ .Values.pro.ports.ratelimit }}" - - name: DEBUG_PORT - value: "{{ .Values.pro.ports.ratelimitDebug }}" - name: APP_LOG_LEVEL value: "{{ .Values.pro.logLevel }}" - name: AMBASSADOR_NAMESPACE diff --git a/stable/ambassador/values.yaml b/stable/ambassador/values.yaml index c2175fdfaa18..7e922db84d2c 100644 --- a/stable/ambassador/values.yaml +++ b/stable/ambassador/values.yaml @@ -46,7 +46,7 @@ securityContext: image: repository: quay.io/datawire/ambassador - tag: 0.73.0 + tag: 0.74.1 pullPolicy: IfNotPresent nameOverride: "" @@ -216,11 +216,11 @@ pro: enabled: false image: repository: quay.io/datawire/ambassador_pro - tag: amb-sidecar-0.5.0 + tag: amb-sidecar-0.6.0 + # As of Ambassador Pro 0.6.0, both the RateLimitService and AuthService use the same port ports: auth: 8500 - ratelimit: 8501 - ratelimitDebug: 8502 + ratelimit: 8500 logLevel: info licenseKey: value: diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml index 0091c2c274a6..04a3b5d57b29 100644 --- a/stable/anchore-engine/Chart.yaml +++ b/stable/anchore-engine/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: anchore-engine -version: 1.2.0 -appVersion: 0.4.1 +version: 1.2.1 +appVersion: 0.4.2 description: Anchore container analysis and policy evaluation engine service keywords: - analysis diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml index 4600da1ff746..466d9abf1f8f 100644 --- a/stable/anchore-engine/values.yaml +++ b/stable/anchore-engine/values.yaml @@ -66,7 +66,7 @@ ingress: # Global configuration shared by all anchore-engine services. anchoreGlobal: # Image used for all anchore engine deployments (excluding enterprise components). - image: docker.io/anchore/anchore-engine:v0.4.1 + image: docker.io/anchore/anchore-engine:v0.4.2 imagePullPolicy: IfNotPresent # Add additionnal labels to all kubernetes resources diff --git a/stable/cerebro/Chart.yaml b/stable/cerebro/Chart.yaml index 391fb8847902..c22a3350972e 100644 --- a/stable/cerebro/Chart.yaml +++ b/stable/cerebro/Chart.yaml @@ -1,6 +1,6 @@ name: cerebro -version: 1.1.3 -appVersion: 0.8.3 +version: 1.1.5 +appVersion: 0.8.4 apiVersion: v1 description: A Helm chart for Cerebro - a web admin tool that replaces Kopf. home: https://github.com/lmenezes/cerebro diff --git a/stable/cerebro/README.md b/stable/cerebro/README.md index 709a9711f278..e8191ee9785b 100644 --- a/stable/cerebro/README.md +++ b/stable/cerebro/README.md @@ -42,7 +42,7 @@ The following table lists the configurable parameters of the cerebro chart and t |-------------------------------------|-------------------------------------|-------------------------------------------| | `replicaCount` | Number of replicas | `1` | | `image.repository` | The image to run | `lmenezes/cerebro` | -| `image.tag` | The image tag to pull | `0.8.3` | +| `image.tag` | The image tag to pull | `0.8.4` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | | `init.image.repository` | The image to run | `docker.io/busybox` | diff --git a/stable/cerebro/templates/deployment.yaml b/stable/cerebro/templates/deployment.yaml index ebe8713ce2c0..4236fe2198a7 100644 --- a/stable/cerebro/templates/deployment.yaml +++ b/stable/cerebro/templates/deployment.yaml @@ -68,12 +68,12 @@ spec: {{- end }} livenessProbe: httpGet: - path: / + path: {{ .Values.config.basePath }} port: http initialDelaySeconds: 120 readinessProbe: httpGet: - path: / + path: {{ .Values.config.basePath }} port: http initialDelaySeconds: 120 resources: diff --git a/stable/cerebro/values.yaml b/stable/cerebro/values.yaml index 0137d691c470..c6cb9cc1a8cd 100644 --- a/stable/cerebro/values.yaml +++ b/stable/cerebro/values.yaml @@ -8,7 +8,7 @@ image: repository: lmenezes/cerebro # Note: when updating the version, ensure `config` and the ConfigMap are kept # in sync with the default configuration of the upstream image - tag: 0.8.3 + tag: 0.8.4 pullPolicy: IfNotPresent init: diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index 6727402bd02d..f992e994657f 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 3.1.0 +version: 3.2.0 appVersion: 1.13.1 home: https://github.com/kubernetes/autoscaler sources: diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md index e51aa7281fec..49f28948dcac 100644 --- a/stable/cluster-autoscaler/README.md +++ b/stable/cluster-autoscaler/README.md @@ -150,6 +150,7 @@ Parameter | Description | Default `extraArgs` | additional container arguments | `{}` `podDisruptionBudget` | Pod disruption budget | `maxUnavailable: 1` `extraEnv` | additional container environment variables | `{}` +`envFromConfigMap` | additional container environment variables from a configmap | `[]` `envFromSecret` | additional container environment variables from secret | `nil` `nodeSelector` | node labels for pod assignment | `{}` `podAnnotations` | annotations to add to each pod | `{}` diff --git a/stable/cluster-autoscaler/templates/deployment.yaml b/stable/cluster-autoscaler/templates/deployment.yaml index 68f3af55e4f7..26939316e4f7 100644 --- a/stable/cluster-autoscaler/templates/deployment.yaml +++ b/stable/cluster-autoscaler/templates/deployment.yaml @@ -142,6 +142,13 @@ spec: - name: {{ $key }} value: "{{ $value }}" {{- end }} + {{- range $key, $value := .Values.envFromConfigMap }} + - name: {{ $key }} + valueFrom: + configMapKeyRef: + name: {{ default (include "cluster-autoscaler.fullname" $) $value.name }} + key: {{ required "Must specify key!" $value.key }} + {{- end }} {{- if .Values.envFromSecret }} envFrom: - secretRef: diff --git a/stable/dex/Chart.yaml b/stable/dex/Chart.yaml index 75511cd49a8d..672360d697f1 100644 --- a/stable/dex/Chart.yaml +++ b/stable/dex/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: dex -version: 1.5.1 +version: 2.0.1 appVersion: 2.17.0 description: CoreOS Dex keywords: @@ -17,3 +17,5 @@ maintainers: email: shane.starcher@gmail.com - name: rendhalver email: pete.brown@powerhrg.com +- name: vi7 + email: vi7alya@gmail.com diff --git a/stable/dex/OWNERS b/stable/dex/OWNERS index 0ecc0f4833ae..3b79f6f4b8e3 100644 --- a/stable/dex/OWNERS +++ b/stable/dex/OWNERS @@ -1,4 +1,6 @@ approvers: - desaintmartin +- vi7 reviewers: - desaintmartin +- vi7 diff --git a/stable/dex/README.md b/stable/dex/README.md new file mode 100644 index 000000000000..a8d69123b65c --- /dev/null +++ b/stable/dex/README.md @@ -0,0 +1,95 @@ +# dex + +[Dex][dex] is an identity service that uses OpenID Connect to drive authentication for other apps. + +## Introduction + +Dex acts as a portal to other identity providers through "connectors." This lets dex defer authentication to LDAP servers, SAML providers, or established identity providers like GitHub, Google, and Active Directory. Clients write their authentication logic once to talk to dex, then dex handles the protocols for a given backend. + +**Kubernetes authentication note** + +If you plan to use dex as a [Kubernetes OpenID Connect token authenticator plugin](http://kubernetes.io/docs/admin/authentication/#openid-connect-tokens) you'll need to additionally deploy some helper app which will provide authentication UI for users and talk to dex. + +Several helper apps are listed below: + - https://github.com/mintel/dex-k8s-authenticator + - https://github.com/heptiolabs/gangway + - https://github.com/micahhausler/k8s-oidc-helper + - https://github.com/negz/kuberos + - https://github.com/negz/kubehook + - https://github.com/fydrah/loginapp + - https://github.com/keycloak/keycloak + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```sh +$ helm install --name my-release stable/dex +``` + +It'll install chart with the default parameters. However most probably it won't work for you as-is, thus before installing the chart you need to consult to the [values.yaml](values.yaml) notes as well as [dex documentation][dex]. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```sh +$ helm delete --purge my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing release to a new major version + +A major chart version change (like v1.5.1 -> v2.0.0) indicates that there is an incompatible breaking change which requires manual actions. + +### Upgrade to v2.0.0 + +Breaking changes which should be considered and require manual actions during release upgrade: + +- ability to switch grpc and https on and off via dedicated chart parameters +- port definition for Pod, Service and dex config re-written from scratch +- dex config is _not_ taken from `.Values.config` as-is anymore, pay attention! + +See the [Configuration](#configuration) section for the details on the parameters introduced in version 2.0.0. + +Moreover, this release updates all the labels to the new [recommended labels](https://github.com/helm/charts/blob/master/REVIEW_GUIDELINES.md#names-and-labels), most of them being immutable. + +In order to upgrade, please update your values file and uninstall/reinstall the chart. + +## Configuration + +The following table lists parameters introduced in v2.0.0 + +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `grpc` | Enable dex grpc endpoint | `true` | +| `https` | Enable TLS termination for the dex http endpoint | `false` | +| `ports.web.containerPort` | http/https port listened by the dex | `5556` | +| `ports.web.nodePort` | K8S Service node port for the dex http/https listener | `32000` | +| `ports.web.servicePort` | K8S Service port for the dex http/https listener | `32000` | +| `ports.grpc.containerPort` | grpc port listened by the dex | `5000` | +| `ports.grpc.nodePort` | K8S Service node port for the dex grpc listener | `35000` | +| `ports.grpc.servicePort` | K8S Service port for the dex grpc listener | `35000` | +| `service.loadBalancerIP` | IP override for K8S LoadBalancer Service | `""` | +| `config.issuer` | Maps to the dex config `issuer` param | `http://dex.io:8080` | +| `config.storage` | Maps to the dex config `storage` dict param | `{"type": "kubernetes", "config": {"inCluster": true}}` | +| `config.logger` | Maps to the dex config `logger` dict param | `{"level": "debug"}` | +| `config.web.address` | dex http/https listen address | `0.0.0.0` | +| `config.web.tlsCert` | Maps to the dex config `web.tlsCert` param | `/etc/dex/tls/https/server/tls.crt` | +| `config.web.tlsKey` | Maps to the dex config `web.tlsKey` param | `/etc/dex/tls/https/server/tls.key` | +| `config.grpc.address` | dex grpc listen address | `127.0.0.1` | +| `config.grpc.tlsCert` | Maps to the dex config `grpc.tlsCert` param | `/etc/dex/tls/grpc/server/tls.crt` | +| `config.grpc.tlsKey` | Maps to the dex config `grpc.tlsKey` param | `/etc/dex/tls/grpc/server/tls.key` | +| `config.grpc.tlsClientCA` | Maps to the dex config `grpc.tlsClientCA` param | `/etc/dex/tls/grpc/ca/tls.crt` | +| `config.connectors` | Maps to the dex config `connectors` dict param | `{}` | +| `config.oauth2.skipApprovalScreen` | Maps to the dex config `oauth2.skipApprovalScreen` param | `true` | +| `config.staticClients` | Maps to the dex config `staticClients` list param | `""` | +| `config.enablePasswordDB` | Maps to the dex config `enablePasswordDB` param | `true` | +| `config.staticPasswords` | Maps to the dex config `staticPasswords` list param | `""` | + + +Check [values.yaml](values.yaml) notes together with [dex documentation][dex] and [config examples](https://github.com/dexidp/dex/tree/master/examples) for all the possible configuration options. + + +[dex]: https://github.com/dexidp/dex diff --git a/stable/dex/templates/_helpers.tpl b/stable/dex/templates/_helpers.tpl index 9b8baac29b8f..e9f476d0b127 100644 --- a/stable/dex/templates/_helpers.tpl +++ b/stable/dex/templates/_helpers.tpl @@ -31,6 +31,19 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Common labels +*/}} +{{- define "dex.labels" -}} +app.kubernetes.io/name: {{ include "dex.name" . }} +helm.sh/chart: {{ include "dex.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + {{/* Create the name of the service account to use */}} diff --git a/stable/dex/templates/clusterrole.yaml b/stable/dex/templates/clusterrole.yaml index 76d4957831e8..2dea792e57f0 100644 --- a/stable/dex/templates/clusterrole.yaml +++ b/stable/dex/templates/clusterrole.yaml @@ -3,10 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.fullname" . }} rules: - apiGroups: ["dex.coreos.com"] # API group created by dex diff --git a/stable/dex/templates/clusterrolebinding.yaml b/stable/dex/templates/clusterrolebinding.yaml index c76f89f9565b..bc7370d9f50a 100644 --- a/stable/dex/templates/clusterrolebinding.yaml +++ b/stable/dex/templates/clusterrolebinding.yaml @@ -3,10 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.fullname" . }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/stable/dex/templates/config-openssl.yaml b/stable/dex/templates/config-openssl.yaml index 280018e95f78..bc8add398bca 100644 --- a/stable/dex/templates/config-openssl.yaml +++ b/stable/dex/templates/config-openssl.yaml @@ -1,12 +1,9 @@ -{{- if .Values.certs.grpc.create }} +{{- if and .Values.grpc .Values.certs.grpc.create }} apiVersion: v1 kind: ConfigMap metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.fullname" . }}-openssl-config annotations: "helm.sh/hook": post-install diff --git a/stable/dex/templates/deployment.yaml b/stable/dex/templates/deployment.yaml index bf779487651a..b701ae0b9b58 100644 --- a/stable/dex/templates/deployment.yaml +++ b/stable/dex/templates/deployment.yaml @@ -11,10 +11,8 @@ kind: Deployment metadata: name: {{ template "dex.fullname" . }} labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} + app.kubernetes.io/component: dex spec: replicas: {{ .Values.replicas }} strategy: @@ -24,13 +22,15 @@ spec: type: RollingUpdate selector: matchLabels: - app: {{ template "dex.name" . }} - release: "{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "dex.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: dex template: metadata: labels: - app: {{ template "dex.name" . }} - release: "{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "dex.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: dex annotations: checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} @@ -44,10 +44,10 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} -{{- if .Values.affinity }} +{{- with .Values.affinity }} affinity: -{{ tpl .Values.affinity | indent 8 }} -{{- end }} +{{ toYaml . | indent 8 }} + {{- end }} containers: - name: main image: "{{ .Values.image }}:{{ .Values.imageTag }}" @@ -59,7 +59,14 @@ spec: resources: {{ toYaml .Values.resources | indent 10 }} ports: -{{ toYaml .Values.ports | indent 10 }} + - name: {{ if .Values.https }}https{{ else }}http{{ end }} + containerPort: {{ .Values.ports.web.containerPort }} + protocol: TCP + {{- if .Values.grpc }} + - name: grpc + containerPort: {{ .Values.ports.grpc.containerPort }} + protocol: TCP + {{- end }} env: {{ toYaml .Values.env | indent 10 }} volumeMounts: @@ -67,10 +74,12 @@ spec: name: config - mountPath: /etc/dex/tls/https/server name: https-tls +{{- if .Values.grpc }} - mountPath: /etc/dex/tls/grpc/server name: grpc-tls-server - mountPath: /etc/dex/tls/grpc/ca name: grpc-tls-ca +{{- end }} {{- if ne (len .Values.extraVolumeMounts) 0 }} {{ toYaml .Values.extraVolumeMounts | indent 8 }} {{- end }} @@ -86,6 +95,7 @@ spec: secret: defaultMode: 420 secretName: {{ $httpsTlsSecretName | quote }} +{{- if .Values.grpc }} - name: grpc-tls-server secret: defaultMode: 420 @@ -94,7 +104,7 @@ spec: secret: defaultMode: 420 secretName: {{ $grpcCaSecretName| quote }} +{{- end }} {{- if ne (len .Values.extraVolumes) 0 }} {{ toYaml .Values.extraVolumes | indent 6 }} {{- end }} - diff --git a/stable/dex/templates/ingress.yaml b/stable/dex/templates/ingress.yaml index 4ac724d126c2..22eef9568d36 100644 --- a/stable/dex/templates/ingress.yaml +++ b/stable/dex/templates/ingress.yaml @@ -1,16 +1,13 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "dex.fullname" . -}} -{{- $servicePort := .Values.service.port -}} +{{- $servicePort := .Values.ports.web.servicePort -}} {{- $ingressPath := .Values.ingress.path -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $fullName }} labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/stable/dex/templates/job-grpc-certs.yaml b/stable/dex/templates/job-grpc-certs.yaml index 4ff9b04b4833..b37c217ea711 100644 --- a/stable/dex/templates/job-grpc-certs.yaml +++ b/stable/dex/templates/job-grpc-certs.yaml @@ -1,4 +1,4 @@ -{{- if .Values.certs.grpc.create }} +{{- if and .Values.grpc .Values.certs.grpc.create }} {{ $fullname := include "dex.fullname" . }} {{ $tlsServerBuiltName := printf "%s-server-tls" $fullname }} {{ $tlsServerSecretName := default $tlsServerBuiltName .Values.certs.grpc.secret.serverTlsName }} @@ -17,19 +17,16 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded name: {{ $fullname }}-grpc-certs labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" - component: "job" +{{ include "dex.labels" . | indent 4 }} + app.kubernetes.io/component: "job-grpc-certs" spec: activeDeadlineSeconds: {{ .Values.certs.grpc.activeDeadlineSeconds }} template: metadata: labels: - app: {{ template "dex.name" . }} - release: "{{ .Release.Name }}" - component: "job" + app.kubernetes.io/name: {{ include "dex.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "job-grpc-certs" spec: {{- if .Values.certs.securityContext.enabled }} securityContext: diff --git a/stable/dex/templates/job-web-certs.yaml b/stable/dex/templates/job-web-certs.yaml index 1e62cff18c54..1b696c40f264 100644 --- a/stable/dex/templates/job-web-certs.yaml +++ b/stable/dex/templates/job-web-certs.yaml @@ -14,19 +14,16 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded name: {{ $fullname }}-web-certs labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" - component: "job" +{{ include "dex.labels" . | indent 4 }} + app.kubernetes.io/component: "job-web-certs" spec: activeDeadlineSeconds: {{ .Values.certs.web.activeDeadlineSeconds }} template: metadata: labels: - app: {{ template "dex.name" . }} - release: "{{ .Release.Name }}" - component: "job" + app.kubernetes.io/name: {{ include "dex.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "job" spec: {{- if .Values.certs.securityContext.enabled }} securityContext: diff --git a/stable/dex/templates/poddisruptionbudget.yaml b/stable/dex/templates/poddisruptionbudget.yaml index 66e8e6fa67d5..0757558265fb 100644 --- a/stable/dex/templates/poddisruptionbudget.yaml +++ b/stable/dex/templates/poddisruptionbudget.yaml @@ -4,14 +4,11 @@ kind: PodDisruptionBudget metadata: name: {{ template "dex.fullname" . }} labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} spec: selector: matchLabels: - app: {{ template "dex.name" . }} - release: "{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "dex.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{ toYaml .Values.podDisruptionBudget | indent 2 }} {{- end -}} diff --git a/stable/dex/templates/role.yaml b/stable/dex/templates/role.yaml index 0684ce890fc7..055a1a272a6c 100644 --- a/stable/dex/templates/role.yaml +++ b/stable/dex/templates/role.yaml @@ -4,10 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.fullname" . }} namespace: {{ .Release.Namespace }} rules: diff --git a/stable/dex/templates/rolebinding.yaml b/stable/dex/templates/rolebinding.yaml index 4e5db10ff9e8..89e9334aae64 100644 --- a/stable/dex/templates/rolebinding.yaml +++ b/stable/dex/templates/rolebinding.yaml @@ -4,10 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.fullname" . }} namespace: {{ .Release.Namespace }} roleRef: diff --git a/stable/dex/templates/secret.yaml b/stable/dex/templates/secret.yaml index c5f03ff6d35e..564bc8995d6f 100644 --- a/stable/dex/templates/secret.yaml +++ b/stable/dex/templates/secret.yaml @@ -2,10 +2,44 @@ apiVersion: v1 kind: Secret metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.fullname" . }} -data: - config.yaml: {{ toYaml .Values.config | b64enc }} +stringData: + config.yaml: |- + {{- with .Values.config }} + issuer: {{ .issuer }} + storage: +{{ toYaml .storage | indent 6 }} + logger: +{{ toYaml .logger | indent 6 }} + web: + {{- if $.Values.https }} + https: {{ $.Values.config.web.address }}:{{ $.Values.ports.web.containerPort }} + tlsCert: {{ .web.tlsCert }} + tlsKey: {{ .web.tlsKey }} + {{- else }} + http: {{ $.Values.config.web.address }}:{{ $.Values.ports.web.containerPort }} + {{- end }} + {{- if $.Values.grpc }} + grpc: + addr: {{ $.Values.config.grpc.address }}:{{ $.Values.ports.grpc.containerPort }} + tlsCert: {{ .grpc.tlsCert }} + tlsKey: {{ .grpc.tlsKey }} + tlsClientCA: {{ .grpc.tlsClientCA }} + {{- end }} + {{- if .connectors }} + connectors: +{{ toYaml .connectors | indent 4 }} + {{- end }} + oauth2: + {{ toYaml .oauth2 | indent 2 }} + {{- if .staticClients }} + staticClients: +{{ toYaml .staticClients | indent 4 }} + {{- end }} + enablePasswordDB: {{ .enablePasswordDB }} + {{- if .staticPasswords }} + staticPasswords: +{{ toYaml .staticPasswords | indent 4 }} + {{- end }} + {{- end }} diff --git a/stable/dex/templates/service.yaml b/stable/dex/templates/service.yaml index e05c8765d18d..d69ec1147e3e 100644 --- a/stable/dex/templates/service.yaml +++ b/stable/dex/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: name: {{ template "dex.fullname" . }} labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} +{{ include "dex.labels" . | indent 4 }} {{- if .Values.service.annotations }} annotations: {{ toYaml .Values.service.annotations | indent 4 }} @@ -15,18 +12,27 @@ spec: type: {{ .Values.service.type}} sessionAffinity: None ports: -{{- range .Values.ports }} - - name: {{ .name }} - port: {{ .containerPort }} - targetPort: {{ .containerPort}} -{{- if and (eq "NodePort" $.Values.service.type) (hasKey . "nodePort") }} - nodePort: {{ .nodePort }} -{{- end}} -{{- end}} + - name: {{ if .Values.https }}https{{ else }}http{{ end }} + targetPort: {{ if .Values.https }}https{{ else }}http{{ end }} +{{- if eq "NodePort" .Values.service.type }} + nodePort: {{ .Values.ports.web.nodePort }} +{{- end }} + port: {{ .Values.ports.web.servicePort }} +{{- if .Values.grpc }} + - name: grpc + targetPort: grpc + {{- if eq "NodePort" .Values.service.type }} + nodePort: {{ .Values.ports.grpc.nodePort }} + {{- end }} + port: {{ .Values.ports.grpc.servicePort }} +{{- end }} {{- if hasKey .Values.service "externalIPs" }} externalIPs: {{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} +{{- if hasKey .Values.service "loadBalancerIP" }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{- end }} selector: - app: {{ template "dex.name" . }} - release: {{ .Release.Name | quote }} + app.kubernetes.io/name: {{ include "dex.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/dex/templates/serviceaccount.yaml b/stable/dex/templates/serviceaccount.yaml index a933dac43676..8d39c4384f3a 100644 --- a/stable/dex/templates/serviceaccount.yaml +++ b/stable/dex/templates/serviceaccount.yaml @@ -3,9 +3,6 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app: {{ template "dex.name" . }} - chart: {{ template "dex.chart" . }} - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" +{{ include "dex.labels" . | indent 4 }} name: {{ template "dex.serviceAccountName" . }} {{- end -}} diff --git a/stable/dex/values.yaml b/stable/dex/values.yaml index 81cb8d1eceb0..1d4625d6049d 100644 --- a/stable/dex/values.yaml +++ b/stable/dex/values.yaml @@ -31,18 +31,30 @@ replicas: 1 # cpu: 100m # memory: 50Mi +# grpc support +grpc: true + +# https termination by dex itself +https: false + ports: - - name: http - containerPort: 8080 - protocol: TCP -# nodePort: 32080 - - name: grpc + web: + containerPort: 5556 + # for service.type: NodePort + nodePort: 32000 + servicePort: 32000 +# Relevant only when grpc support is enabled + grpc: containerPort: 5000 - protocol: TCP + # for service.type: NodePort + nodePort: 35000 + servicePort: 35000 service: type: ClusterIP - port: 8080 + # Override IP for the Service Type: LoadBalancer. + # This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. + # loadBalancerIP: 127.0.0.1 annotations: {} ingress: @@ -80,6 +92,7 @@ certs: secret: tlsName: dex-web-server-tls caName: dex-web-server-ca + # Section below is relevant only when grpc support is enabled grpc: create: true activeDeadlineSeconds: 300 @@ -127,15 +140,18 @@ config: logger: level: debug web: - http: 0.0.0.0:8080 -# tlsCert: /etc/dex/tls/https/server/tls.crt -# tlsKey: /etc/dex/tls/https/server/tls.key + # port is taken from ports section above + address: 0.0.0.0 + tlsCert: /etc/dex/tls/https/server/tls.crt + tlsKey: /etc/dex/tls/https/server/tls.key +# Section below is relevant only when grpc support is enabled grpc: - addr: 0.0.0.0:5000 + # port is taken from ports section above + address: 127.0.0.1 tlsCert: /etc/dex/tls/grpc/server/tls.crt tlsKey: /etc/dex/tls/grpc/server/tls.key tlsClientCA: /etc/dex/tls/grpc/ca/tls.crt - connectors: + connectors: {} # - type: github # id: github # name: GitHub @@ -155,9 +171,9 @@ config: # secret: ZXhhbXBsZS1hcHAtc2VjcmV0 # enablePasswordDB: true -# staticPasswords: -# - email: "admin@example.com" -# # bcrypt hash of the string "password" -# hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" -# username: "admin" -# userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" +# staticPasswords: +# - email: "admin@example.com" +# # bcrypt hash of the string "password" +# hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" +# username: "admin" +# userID: "08a8684b-db88-4b73-90a9-3cd1661f5466" diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index d34cb51d56bc..e7452b89fa5e 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.0.6 +version: 2.0.7 appVersion: 1.2 description: Drone is a Continuous Delivery system built on container technology keywords: diff --git a/stable/drone/README.md b/stable/drone/README.md index 47a23c4eb4c2..138430dc858a 100644 --- a/stable/drone/README.md +++ b/stable/drone/README.md @@ -107,8 +107,11 @@ The following table lists the configurable parameters of the drone charts and th | `agent.tolerations` | Drone **agent** node taints to tolerate | `[]` | | `agent.livenessProbe` | Not currently used. | `{}` | | `agent.readinessProbe` | Not currently used | `{}` | +| `agent.volumes` | Additional volumes to make available to agent (shared by dind if used) | `nil` | +| `agent.volumeMounts` | Mount points for volumes | `nil` | | `dind.enabled` | Enable or disable **DinD** | `true` | | `dind.driver` | **DinD** storage driver | `overlay2` | +| `dind.volumeMounts` | Mount points for volumes (defined in agent.volumes) | `nil` | | `dind.resources` | **DinD** pod resource requests & limits | `{}` | | `dind.env` | **DinD** environment variables | `nil` | | `dind.command` | **DinD** custom command instead of default entry point | `nil` | diff --git a/stable/drone/templates/deployment-agent.yaml b/stable/drone/templates/deployment-agent.yaml index 7c1e9ba1cafd..f318cd7d284d 100644 --- a/stable/drone/templates/deployment-agent.yaml +++ b/stable/drone/templates/deployment-agent.yaml @@ -71,11 +71,18 @@ spec: volumeMounts: - mountPath: /var/run/docker.sock name: docker-socket + {{- with .Values.agent.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} volumes: - name: docker-socket hostPath: path: /var/run/docker.sock {{- else }} + {{- with .Values.agent.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} - name: dind image: "{{ .Values.images.dind.repository }}:{{ .Values.images.dind.tag }}" imagePullPolicy: {{ .Values.images.dind.pullPolicy }} @@ -99,8 +106,14 @@ spec: volumeMounts: - name: docker-graph-storage mountPath: /var/lib/docker + {{- with .Values.dind.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} volumes: - name: docker-graph-storage emptyDir: {} {{- end }} + {{- with .Values.agent.volumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- end -}} diff --git a/stable/drone/values.yaml b/stable/drone/values.yaml index 4aad72a85e1e..c80c18c90eb4 100644 --- a/stable/drone/values.yaml +++ b/stable/drone/values.yaml @@ -225,6 +225,34 @@ agent: ## annotations: {} + ## Additional volumes e.g. for shared caching between agents on different nodes or + ## shared cache between agents on the same node when using dind or + ## for a global docker login config as per + ## Option 2 ref: https://discourse.drone.io/t/how-to-pull-private-images-with-1-0/3155 + ## Note: Option 2 also requires DRONE_DOCKER_CONFIG: /root/.docker/config.json env var in agent + ## NB: This will make the credentials available globally to all builds and all repositories + # volumes: + # - name: docker-config + # secret: + # defaultMode: 420 + # items: + # - key: .dockerconfigjson + # path: config.json + # secretName: drone-docker-config + # - name: persistent-data + # persistentVolumeClaim: + # claimName: drone-agent-pvc + # - name: cache + # hostPath: + # path: /drone-cache + # type: Directory + + ## Volume mount into agent container + # volumeMounts: + # - name: docker-config + # mountPath: /root/.docker + # readOnly: true + ## CPU and memory limits for drone agent ## resources: {} @@ -286,6 +314,15 @@ dind: ## driver: overlay2 + ## Volume mount into dind container + ## Volumes are defined under agent values. + # volumeMounts: + # - mountPath: /root/.docker + # name: docker-config + # readOnly: true + # - name: persistent-data + # mountPath: /mnt/drone-cache + ## CPU and memory limits for dind ## resources: {} diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index e132132acae9..06d4154baa44 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: external-dns -version: 2.4.2 +version: 2.5.1 appVersion: 0.5.15 description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. keywords: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index 36a8f3b46c00..4561addb5def 100644 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -68,10 +68,17 @@ The following table lists the configurable parameters of the external-dns chart | `aws.batchChangeSize` | When using the AWS provider, set the maximum number of changes that will be applied in each batch | `1000` | | `aws.zoneTags` | When using the AWS provider, filter for zones with these tags | `[]` | | `azure.secretName` | When using the Azure provider, set the secret containing the `azure.json` file | `""` | -| `azure.resourceGroup` | When using the Azure provider, set the Azure Resource Group | `""` | +| `azure.resourceGroup` | When using the Azure provider, set the Azure Resource Group | `""` | | `cloudflare.apiKey` | When using the Cloudflare provider, `CF_API_KEY` to set (optional) | `""` | | `cloudflare.email` | When using the Cloudflare provider, `CF_API_EMAIL` to set (optional) | `""` | | `cloudflare.proxied` | When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional) | `true` | +| `coredns.etcdEndpoints` | When using the CoreDNS provider, set etcd backend endpoints (comma-separated list) | `"http://etcd-extdns:2379"` | +| `coredns.etcdTLS.enabled` | When using the CoreDNS provider, enable secure communication with etcd | `false` | +| `coredns.etcdTLS.secretName` | When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys | `"etcd-client-certs"` | +| `coredns.etcdTLS.mountPath` | When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to | `"/etc/coredns/tls/etcd"` | +| `coredns.etcdTLS.caFilename` | When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` | `"ca.crt"` | +| `coredns.etcdTLS.certFilename` | When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` | `"cert.pem"` | +| `coredns.etcdTLS.keyFilename` | When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` | `"key.pem"` | | `designate.customCA.enabled` | When using the Designate provider, enable a custom CA (optional) | false | | `designate.customCA.content` | When using the Designate provider, set the content of the custom CA | "" | | `designate.customCA.mountPath` | When using the Designate provider, set the mountPath in which to mount the custom CA configuration | "/config/designate" | diff --git a/stable/external-dns/templates/clusterrole.yaml b/stable/external-dns/templates/clusterrole.yaml index 46679162849e..db403579c41e 100644 --- a/stable/external-dns/templates/clusterrole.yaml +++ b/stable/external-dns/templates/clusterrole.yaml @@ -17,6 +17,7 @@ rules: - watch - apiGroups: - extensions + - "networking.k8s.io" # k8s 1.14+ resources: - ingresses verbs: diff --git a/stable/external-dns/templates/deployment.yaml b/stable/external-dns/templates/deployment.yaml index 2ea68596e5c3..400fd545e916 100755 --- a/stable/external-dns/templates/deployment.yaml +++ b/stable/external-dns/templates/deployment.yaml @@ -195,6 +195,19 @@ spec: - name: CF_API_EMAIL value: {{ .Values.cloudflare.email | quote }} {{- end }} + # CoreDNS environment variables + {{- if eq .Values.provider "coredns" }} + - name: ETCD_URLS + value: {{ .Values.coredns.etcdEndpoints | quote }} + {{- if .Values.coredns.etcdTLS.enabled }} + - name: ETCD_CERT_FILE + value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.certFilename }} + - name: ETCD_KEY_FILE + value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.keyFilename }} + - name: ETCD_CA_FILE + value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ .Values.coredns.etcdTLS.caFilename }} + {{- end }} + {{- end }} # DigitalOcean environment variables {{- if eq .Values.provider "digitalocean" }} - name: DO_TOKEN @@ -285,6 +298,12 @@ spec: {{- end }} readOnly: true {{- end }} + # CoreDNS mountPath(s) + {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} + - name: {{ .Values.coredns.etcdTLS.secretName }} + mountPath: {{ .Values.coredns.etcdTLS.mountPath }} + readOnly: true + {{- end }} # Google mountPath(s) {{- if eq .Values.provider "google" }} {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} @@ -317,6 +336,13 @@ spec: secretName: {{ .Values.azure.secretName }} {{- end }} {{- end }} + # CoreDNS volume(s) + {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} + - name: {{ .Values.coredns.etcdTLS.secretName }} + secret: + secretName: {{ .Values.coredns.etcdTLS.secretName }} + defaultMode: 400 + {{- end }} # Google volume(s) {{- if eq .Values.provider "google" }} {{- if .Values.google.serviceAccountSecret }} diff --git a/stable/external-dns/values-production.yaml b/stable/external-dns/values-production.yaml index eade26b5ee9b..f3810b41cc32 100644 --- a/stable/external-dns/values-production.yaml +++ b/stable/external-dns/values-production.yaml @@ -40,7 +40,7 @@ sources: # - crd ## DNS provider where the DNS records will be created. Available providers are: -## - aws, azure, cloudflare, designate, digitalocoean, google, infoblox, rfc2136 +## - aws, azure, cloudflare, coredns, designate, digitalocoean, google, infoblox, rfc2136 ## provider: aws @@ -99,6 +99,42 @@ cloudflare: ## proxied: true +## CoreDNS configuration to be set via arguments/env variables +## +coredns: + ## Comma-separated list of the etcd endpoints + ## Secure (https) endpoints can be used as well, in that case `etcdTLS` section + ## should be filled in accordingly + ## + etcdEndpoints: "https://etcd-extdns:2379" + ## Configuration of the secure communication and client authentication to the etcd cluster + ## If enabled all the values under this key must hold a valid data + ## + etcdTLS: + ## Enable or disable secure communication and client authentication to the etcd cluster + ## + enabled: true + ## Name of the existing secret containing cert files for client communication + ## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md + ## ref (secret creation): + ## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication + ## + secretName: "etcd-client-certs" + ## Location of the mounted certificates inside external-dns pod + ## + mountPath: "/etc/coredns/tls/etcd" + ## CA PEM file used to sign etcd TLS cert, should exist in the secret provided above + ## + caFilename: "ca.crt" + ## Certificate PEM file, should exist in the secret provided above + ## Will be used by external-dns to authenticate against etcd + ## + certFilename: "cert.pem" + ## Private key PEM file, should exist in the secret provided above + ## Will be used by external-dns to authenticate against etcd + ## + keyFilename: "key.pem" + ## OpenStack Designate provider configuration to be set via arguments/env. variables ## designate: diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 9f5808ef5798..3530a961892c 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -40,7 +40,7 @@ sources: # - crd ## DNS provider where the DNS records will be created. Available providers are: -## - aws, azure, cloudflare, designate, digitalocoean, google, infoblox, rfc2136 +## - aws, azure, cloudflare, coredns, designate, digitalocoean, google, infoblox, rfc2136 ## provider: aws @@ -99,6 +99,42 @@ cloudflare: ## proxied: true +## CoreDNS configuration to be set via arguments/env variables +## +coredns: + ## Comma-separated list of the etcd endpoints + ## Secure (https) endpoints can be used as well, in that case `etcdTLS` section + ## should be filled in accordingly + ## + etcdEndpoints: "http://etcd-extdns:2379" + ## Configuration of the secure communication and client authentication to the etcd cluster + ## If enabled all the values under this key must hold a valid data + ## + etcdTLS: + ## Enable or disable secure communication and client authentication to the etcd cluster + ## + enabled: false + ## Name of the existing secret containing cert files for client communication + ## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md + ## ref (secret creation): + ## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication + ## + secretName: "etcd-client-certs" + ## Location of the mounted certificates inside external-dns pod + ## + mountPath: "/etc/coredns/tls/etcd" + ## CA PEM file used to sign etcd TLS cert, should exist in the secret provided above + ## + caFilename: "ca.crt" + ## Certificate PEM file, should exist in the secret provided above + ## Will be used by external-dns to authenticate against etcd + ## + certFilename: "cert.pem" + ## Private key PEM file, should exist in the secret provided above + ## Will be used by external-dns to authenticate against etcd + ## + keyFilename: "key.pem" + ## OpenStack Designate provider configuration to be set via arguments/env. variables ## designate: diff --git a/stable/falco/CHANGELOG.md b/stable/falco/CHANGELOG.md index 4ef482140cc6..a441769e3d70 100644 --- a/stable/falco/CHANGELOG.md +++ b/stable/falco/CHANGELOG.md @@ -3,6 +3,12 @@ This file documents all notable changes to Sysdig Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.0.3 + +### Minor Changes + +* Support [`priorityClassName`](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/) + ## v1.0.2 ### Minor Changes diff --git a/stable/falco/Chart.yaml b/stable/falco/Chart.yaml index 433673b1cb3a..9207098f3cdd 100644 --- a/stable/falco/Chart.yaml +++ b/stable/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: falco -version: 1.0.2 +version: 1.0.3 appVersion: 0.16.0 description: Falco keywords: diff --git a/stable/falco/README.md b/stable/falco/README.md index 9b0d90bfea99..6ef90ead99fb 100644 --- a/stable/falco/README.md +++ b/stable/falco/README.md @@ -68,6 +68,7 @@ The following table lists the configurable parameters of the Falco chart and the | `proxy.httpsProxy` | Set the Proxy server if is behind a firewall | ` ` | | `proxy.noProxy` | Set the Proxy server if is behind a firewall | ` ` | | `timezone` | Set the daemonset's timezone | ` ` | +| `priorityClassName` | Set the daemonset's priorityClassName | ` ` | | `ebpf.enabled` | Enable eBPF support for Falco instead of `falco-probe` kernel module | `false` | | `ebpf.settings.hostNetwork` | Needed to enable eBPF JIT at runtime for performance reasons | `true` | | `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` | diff --git a/stable/falco/templates/daemonset.yaml b/stable/falco/templates/daemonset.yaml index 5280ab1a2b2d..645c71d931e4 100644 --- a/stable/falco/templates/daemonset.yaml +++ b/stable/falco/templates/daemonset.yaml @@ -20,6 +20,9 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} +{{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" +{{- end }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} containers: diff --git a/stable/falco/values.yaml b/stable/falco/values.yaml index b1f6c4f79157..cc8b91ae7e21 100644 --- a/stable/falco/values.yaml +++ b/stable/falco/values.yaml @@ -65,6 +65,9 @@ proxy: # Set daemonset timezone timezone: +# Set daemonset priorityClassName +priorityClassName: + ebpf: # Enable eBPF support for Falco enabled: false diff --git a/stable/fluentd/Chart.yaml b/stable/fluentd/Chart.yaml index ada1deffc6f0..022889e8f66d 100644 --- a/stable/fluentd/Chart.yaml +++ b/stable/fluentd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Fluentd Elasticsearch Helm chart for Kubernetes. icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png name: fluentd -version: 1.10.0 +version: 1.10.1 appVersion: v2.4.0 home: https://www.fluentd.org/ sources: diff --git a/stable/fluentd/README.md b/stable/fluentd/README.md index 17721aaf68a6..190ceec901e0 100644 --- a/stable/fluentd/README.md +++ b/stable/fluentd/README.md @@ -62,6 +62,7 @@ Parameter | Description | Default `priorityClassName` | priorityClassName | `nil` `service.ports` | port definition for the service | See [values.yaml](values.yaml) `service.type` | type of service | `ClusterIP` +`service.annotations` | list of annotations for the service | `{}` `tolerations` | List of node taints to tolerate | `[]` `persistence.enabled` | Enable buffer persistence | `false` `persistence.accessMode` | Access mode for buffer persistence | `ReadWriteOnce` diff --git a/stable/fluentd/templates/service.yaml b/stable/fluentd/templates/service.yaml index 6ba13d263d12..fc7a35ca363a 100644 --- a/stable/fluentd/templates/service.yaml +++ b/stable/fluentd/templates/service.yaml @@ -7,6 +7,8 @@ metadata: chart: {{ template "fluentd.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} spec: type: {{ .Values.service.type }} ports: diff --git a/stable/fluentd/values.yaml b/stable/fluentd/values.yaml index 1d7f2458f964..a740009f766a 100644 --- a/stable/fluentd/values.yaml +++ b/stable/fluentd/values.yaml @@ -28,6 +28,7 @@ extraEnvVars: # key: secret_key service: + annotations: {} type: ClusterIP # type: NodePort # nodePort: diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 8bdfd38818d9..5eb6b2181325 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: ghost -version: 6.7.33 -appVersion: 2.26.0 +version: 7.0.1 +appVersion: 2.27.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/requirements.lock b/stable/ghost/requirements.lock index ec4810e7cfbd..11824158be79 100644 --- a/stable/ghost/requirements.lock +++ b/stable/ghost/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 5.11.3 -digest: sha256:b3053e73f5c114f55a794eccea2606cc9fe8a669eaab1716246994bbdd37a473 -generated: 2019-07-16T10:19:06.007402028Z + version: 6.7.4 +digest: sha256:234702bf5dbec8956e4f113b783db5559f7d3cbf60abf8a89c7a3c73b3c79c5c +generated: "2019-08-02T13:28:17.725866+02:00" diff --git a/stable/ghost/requirements.yaml b/stable/ghost/requirements.yaml index 2d21fd00a637..7c4e77e8a425 100644 --- a/stable/ghost/requirements.yaml +++ b/stable/ghost/requirements.yaml @@ -1,6 +1,6 @@ dependencies: - name: mariadb - version: 5.x.x + version: 6.x.x repository: https://kubernetes-charts.storage.googleapis.com/ condition: mariadb.enabled tags: diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 8715dbf1d643..2c31c493b165 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.26.0-debian-9-r0 + tag: 2.27.0-debian-9-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/gocd/CHANGELOG.md b/stable/gocd/CHANGELOG.md index eb6254e56511..8bef5322ce79 100644 --- a/stable/gocd/CHANGELOG.md +++ b/stable/gocd/CHANGELOG.md @@ -1,3 +1,12 @@ +### 1.16.0 + +* [7872692](https://github.com/kubernetes/charts/commit/7872692): Update Pipeline config API version, use getting started repo's script for task + +### 1.15.0 + +* [723e309](https://github.com/kubernetes/charts/commit/723e309): +- Bump up GoCD Version to 19.7.0 + ### 1.14.0 * [c191fb46c](https://github.com/kubernetes/charts/commit/c191fb46c): diff --git a/stable/gocd/Chart.yaml b/stable/gocd/Chart.yaml index 35007e5b5470..a4063b2a269e 100644 --- a/stable/gocd/Chart.yaml +++ b/stable/gocd/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: gocd home: https://www.gocd.org/ -version: 1.14.0 -appVersion: 19.6.0 +version: 1.16.0 +appVersion: 19.7.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png keywords: diff --git a/stable/gocd/templates/configmap.yaml b/stable/gocd/templates/configmap.yaml index 9d5065d80e82..7f1f565794f0 100644 --- a/stable/gocd/templates/configmap.yaml +++ b/stable/gocd/templates/configmap.yaml @@ -95,12 +95,12 @@ data: echo "Trying to creating a hello world pipeline." >> /godata/logs/preconfigure.log (curl --fail -i 'http://localhost:8153/go/api/admin/pipelines' \ - -H 'Accept: application/vnd.go.cd.v6+json' \ + -H 'Accept: application/vnd.go.cd.v8+json' \ -H 'Content-Type: application/json' \ -X POST -d '{ "group": "sample", "pipeline": { "label_template": "${COUNT}", - "name": "hello_world", + "name": "getting_started_pipeline", "materials": [ { "type": "git", @@ -121,12 +121,21 @@ data: { "type": "exec", "attributes": { - "command": "echo", - "arguments": [ - "Hello World" - ] + "command": "./build" } } + ], + "tabs": [ + { + "name": "Sample", + "path": "my-artifact.html" + } + ], + "artifacts": [ + { + "type": "build", + "source": "my-artifact.html" + } ] } ] diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index e0cf60ae9afa..79eedd43c6b4 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 3.7.3 +version: 3.8.0 appVersion: 6.2.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 8ea290953d55..f6738a072071 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -123,7 +123,8 @@ The command removes all the Kubernetes components associated with the chart and | `command` | Define command to be executed by grafana container at startup | `nil` | | `testFramework.image` | `test-framework` image repository. | `dduportal/bats` | | `testFramework.tag` | `test-framework` image tag. | `0.4.0` | -| `testFramework.securityContext` | `test-framework securityContext | `{}` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | ### Example of extraVolumeMounts diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index 4cad040ea8f6..40100eba743e 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -77,6 +77,11 @@ spec: imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} command: ["/bin/sh"] args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} volumeMounts: - name: config mountPath: "/etc/grafana/download_dashboards.sh" diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index ea1757e652d1..9ea8c97d2e66 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -75,6 +75,9 @@ downloadDashboardsImage: tag: latest pullPolicy: IfNotPresent +downloadDashboards: + env: {} + ## Pod Annotations # podAnnotations: {} diff --git a/stable/hazelcast/Chart.yaml b/stable/hazelcast/Chart.yaml index e5242ef69b31..1d6493b17b17 100644 --- a/stable/hazelcast/Chart.yaml +++ b/stable/hazelcast/Chart.yaml @@ -1,6 +1,6 @@ name: hazelcast -version: 2.0.0 -appVersion: "3.12.1" +version: 2.1.0 +appVersion: "3.12.2" tillerVersion: ">=2.7.2" kubeVersion: ">=1.9.0-0" description: Hazelcast IMDG is the most widely used in-memory data grid with hundreds of thousands of installed clusters around the world. It offers caching solutions ensuring that data is in the right place when it’s needed for optimal performance. diff --git a/stable/hazelcast/values.yaml b/stable/hazelcast/values.yaml index e2e5363c05da..22844b66b999 100644 --- a/stable/hazelcast/values.yaml +++ b/stable/hazelcast/values.yaml @@ -5,7 +5,7 @@ image: # repository is the Hazelcast image name repository: "hazelcast/hazelcast" # tag is the Hazelcast image tag - tag: "3.12.1" + tag: "3.12.2" # pullPolicy is the Docker image pull policy # It's recommended to change this to 'Always' if the image tag is 'latest' # ref: http://kubernetes.io/docs/user-guide/images/#updating-images @@ -158,7 +158,7 @@ mancenter: # repository is the Hazelcast Management Center image name repository: "hazelcast/management-center" # tag is the Hazelcast Management Center image tag - tag: "3.12.2" + tag: "3.12.3" # pullPolicy is the Docker image pull policy # It's recommended to change this to 'Always' if the image tag is 'latest' # ref: http://kubernetes.io/docs/user-guide/images/#updating-images diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 30876f2c481e..1e3b08d37085 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: influxdb -version: 1.3.0 +version: 1.3.1 appVersion: 1.7.6 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/deployment.yaml b/stable/influxdb/templates/deployment.yaml index c70b3b51cd1d..e74e250c4014 100644 --- a/stable/influxdb/templates/deployment.yaml +++ b/stable/influxdb/templates/deployment.yaml @@ -15,6 +15,12 @@ spec: app: {{ template "influxdb.fullname" . }} release: "{{ .Release.Name }}" spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} containers: - name: {{ template "influxdb.fullname" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index d66077ec19d2..47b5e9288ecc 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -4,6 +4,9 @@ image: repository: "influxdb" tag: "1.7.6-alpine" pullPolicy: IfNotPresent + ## If specified, use these secrets to access the images + # pullSecrets: + # - registry-secret ## Specify a service type ## NodePort is default diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index aee4c5b88cc6..429e8d6e6cfd 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: jenkins home: https://jenkins.io/ -version: 1.4.1 +version: 1.5.0 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index 22e658c020e7..84d5b072f459 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -138,9 +138,9 @@ The following tables list the configurable parameters of the Jenkins chart and t | `master.initScripts` | List of Jenkins init scripts | Not set | | `master.credentialsXmlSecret` | Kubernetes secret that contains a 'credentials.xml' file | Not set | | `master.secretsFilesSecret` | Kubernetes secret that contains 'secrets' files | Not set | -| `master.jobs` | Jenkins XML job configs | Not set | +| `master.jobs` | Jenkins XML job configs | `{}` | | `master.overwriteJobs` | Replace jobs w/ ConfigMap on boot | `false` | -| `master.installPlugins` | List of Jenkins plugins to install. If you don't want to install plugins set it to `[]` | `kubernetes:1.14.0 workflow-aggregator:2.6 credentials-binding:1.17 git:3.9.1 workflow-job:2.31` | +| `master.installPlugins` | List of Jenkins plugins to install. If you don't want to install plugins set it to `[]` | `kubernetes:1.18.1 workflow-aggregator:2.6 credentials-binding:1.19 git:3.11.0 workflow-job:2.33` | | `master.overwritePlugins` | Overwrite installed plugins on start.| `false` | | `master.enableRawHtmlMarkupFormatter` | Enable HTML parsing using (see below) | false | | `master.scriptApproval` | List of groovy functions to approve | Not set | diff --git a/stable/jenkins/ci/casc-values.yaml b/stable/jenkins/ci/casc-values.yaml index 833e443ad282..24c2cf94d26c 100644 --- a/stable/jenkins/ci/casc-values.yaml +++ b/stable/jenkins/ci/casc-values.yaml @@ -4,3 +4,7 @@ master: sidecars: configAutoReload: enabled: true + healthProbeLivenessInitialDelay: 10 + healthProbeReadinessInitialDelay: 10 +persistence: + enabled: false diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 93ccc3b9ca3b..72412b34aad4 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -150,7 +150,7 @@ spec: - mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir containers: - - name: {{ template "jenkins.fullname" . }} + - name: jenkins {{- if .Values.master.imageTag }} image: "{{ .Values.master.image }}:{{ .Values.master.imageTag }}" {{- else }} diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 45950b8e939d..f6ef2366b3a2 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -156,11 +156,11 @@ master: # List of plugins to be install during Jenkins master start installPlugins: - - kubernetes:1.16.0 - - workflow-job:2.32 + - kubernetes:1.18.1 + - workflow-job:2.33 - workflow-aggregator:2.6 - credentials-binding:1.19 - - git:3.10.0 + - git:3.11.0 # Enable to always override the installed plugins with the values of 'master.installPlugins' on upgrade or redeployment. # overwritePlugins: true @@ -182,7 +182,7 @@ master: # master.key and hudson.util.Secret) # secretsFilesSecret: jenkins-secrets # Jenkins XML job configs to provision - jobs: + jobs: {} # test: |- # <> @@ -195,7 +195,7 @@ master: # etc. Best reference is https:///configuration-as-code/reference. The example below creates a welcome message: JCasC: enabled: false - pluginVersion: "1.21" + pluginVersion: "1.25" # it's only used when plugin version is <=1.18 for later version the # configuration as code support plugin is no longer needed supportPluginVersion: "1.18" diff --git a/stable/karma/Chart.yaml b/stable/karma/Chart.yaml index c4767a5c879a..647dce38b331 100644 --- a/stable/karma/Chart.yaml +++ b/stable/karma/Chart.yaml @@ -1,12 +1,12 @@ apiVersion: v1 -appVersion: "v0.38" +appVersion: "v0.42" description: A Helm chart for Karma - an UI for Prometheus Alertmanager name: karma home: https://github.com/prymitive/karma sources: - https://hub.docker.com/r/lmierzwa/karma/ - https://github.com/prymitive/karma -version: 1.1.17 +version: 1.1.18 maintainers: - name: davidkarlsen email: david@davidkarlsen.com diff --git a/stable/karma/README.md b/stable/karma/README.md index b68d8a48f5e9..83e0c63b143e 100644 --- a/stable/karma/README.md +++ b/stable/karma/README.md @@ -41,7 +41,7 @@ The following table lists the configurable parameters of the karma chart and the |-------------------------------------|----------------------------------------|-------------------------------------------| | `replicaCount` | Number of replicas | `1` | | `image.repository` | The image to run | `lmierzwa/karma` | -| `image.tag` | The image tag to pull | `v0.38` | +| `image.tag` | The image tag to pull | `v0.42` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `nameOverride` | Override name of app | `` | | `fullnameOverride` | Override full name of app | `` | diff --git a/stable/karma/values.yaml b/stable/karma/values.yaml index 646d2b6cd316..7ba470fcb740 100644 --- a/stable/karma/values.yaml +++ b/stable/karma/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: lmierzwa/karma - tag: v0.38 + tag: v0.42 pullPolicy: IfNotPresent nameOverride: "" diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index e918432f3f95..4dced63118b8 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -6,8 +6,8 @@ keywords: - monitoring - prometheus - kubernetes -version: 2.2.1 -appVersion: 1.7.1 +version: 2.2.2 +appVersion: 1.7.2 home: https://github.com/kubernetes/kube-state-metrics/ sources: - https://github.com/kubernetes/kube-state-metrics/ diff --git a/stable/kube-state-metrics/README.md b/stable/kube-state-metrics/README.md index 78ddeaac9001..e4236ab687f2 100644 --- a/stable/kube-state-metrics/README.md +++ b/stable/kube-state-metrics/README.md @@ -15,7 +15,7 @@ $ helm install stable/kube-state-metrics | Parameter | Description | Default | |:----------------------------------------|:--------------------------------------------------------------------------------------|:-------------------------------------------| | `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.7.1` | +| `image.tag` | The image tag to pull from | `v1.7.2` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicas` | Number of replicas | `1` | | `service.port` | The port of the container | `8080` | diff --git a/stable/kube-state-metrics/values.yaml b/stable/kube-state-metrics/values.yaml index a08b8f1fae74..2c32ccf8d61d 100644 --- a/stable/kube-state-metrics/values.yaml +++ b/stable/kube-state-metrics/values.yaml @@ -2,7 +2,7 @@ prometheusScrape: true image: repository: quay.io/coreos/kube-state-metrics - tag: v1.7.1 + tag: v1.7.2 pullPolicy: IfNotPresent replicas: 1 diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index e10f0b5abfab..84659e57b977 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: mariadb -version: 6.7.3 -appVersion: 10.3.16 +version: 6.7.4 +appVersion: 10.3.17 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: - mariadb diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index e5cca2397c74..4d46473687d6 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -18,7 +18,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.3.16-debian-9-r38 + tag: 10.3.17-debian-9-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -412,7 +412,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.0-debian-9-r2 + tag: 0.12.1-debian-9-r2 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 337ec441ca0e..54ff39d368d7 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -18,7 +18,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.3.16-debian-9-r38 + tag: 10.3.17-debian-9-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -412,7 +412,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.12.0-debian-9-r2 + tag: 0.12.1-debian-9-r2 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/minecraft/Chart.yaml b/stable/minecraft/Chart.yaml index 98f9623dcaee..5458ade5c68a 100755 --- a/stable/minecraft/Chart.yaml +++ b/stable/minecraft/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: minecraft -version: 1.0.3 -appVersion: 1.13.1 +version: 1.1.0 +appVersion: 1.14.4 home: https://minecraft.net/ description: Minecraft server keywords: diff --git a/stable/minecraft/templates/deployment.yaml b/stable/minecraft/templates/deployment.yaml index bf7c991de598..c4aa91752c47 100644 --- a/stable/minecraft/templates/deployment.yaml +++ b/stable/minecraft/templates/deployment.yaml @@ -133,8 +133,12 @@ spec: {{- end }} - name: ONLINE_MODE value: {{ .Values.minecraftServer.onlineMode | quote }} + - name: MEMORY + value: {{ .Values.minecraftServer.memory | quote }} - name: JVM_OPTS value: {{ .Values.minecraftServer.jvmOpts | quote }} + - name: JVM_XX_OPTS + value: {{ .Values.minecraftServer.jvmXXOpts | quote }} {{- if .Values.minecraftServer.rcon.enabled }} - name: ENABLE_RCON @@ -178,4 +182,16 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} {{ end }} diff --git a/stable/minecraft/values.yaml b/stable/minecraft/values.yaml index 7765a0825392..888af294974a 100644 --- a/stable/minecraft/values.yaml +++ b/stable/minecraft/values.yaml @@ -10,6 +10,12 @@ resources: memory: 512Mi cpu: 500m +nodeSelector: {} + +tolerations: [] + +affinity: {} + securityContext: # Security context settings runAsUser: 1000 @@ -34,9 +40,9 @@ minecraftServer: # This must be overridden, since we can't accept this for the user. eula: "FALSE" # One of: LATEST, SNAPSHOT, or a specific version (ie: "1.7.9"). - version: "1.13.1" - # This can be one of empty string, "FORGE", "SPIGOT", "BUKKIT", "PAPER", "FTB", "SPONGEVANILLA"; empty string will produce a vanilla server - type: "" + version: "1.14.4" + # This can be one of "VANILLA", "FORGE", "SPIGOT", "BUKKIT", "PAPER", "FTB", "SPONGEVANILLA" + type: "VANILLA" # If type is set to FORGE, this sets the version; this is ignored if forgeInstallerUrl is set forgeVersion: # If type is set to SPONGEVANILLA, this sets the version @@ -114,7 +120,11 @@ minecraftServer: # Check accounts against Minecraft account service. onlineMode: true # If you adjust this, you may need to adjust resources.requests above to match. - jvmOpts: "-Xmx512M -Xms512M" + memory: 512M + # General JVM options to be passed to the Minecraft server invocation + jvmOpts: "" + # Options like -X that need to proceed general JVM options + jvmXXOpts: "" serviceType: LoadBalancer rcon: # If you enable this, make SURE to change your password below. diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 440989784bb7..d3b2a89ae202 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: MinIO is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.5.4 -appVersion: RELEASE.2019-07-17T22-54-12Z +version: 2.5.7 +appVersion: RELEASE.2019-08-01T22-18-54Z keywords: - storage - object-storage diff --git a/stable/minio/README.md b/stable/minio/README.md index ad6c60ee7098..54d71a1ed465 100755 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -93,10 +93,10 @@ The following table lists the configurable parameters of the MinIO chart and the | Parameter | Description | Default | |----------------------------|-------------------------------------|---------------------------------------------------------| | `image.repository` | Image repository | `minio/minio` | -| `image.tag` | MinIO image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/).| `RELEASE.2019-07-17T22-54-12Z`| +| `image.tag` | MinIO image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/).| `RELEASE.2019-08-01T22-18-54Z`| | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `mcImage.repository` | Client image repository | `minio/mc` | -| `mcImage.tag` | mc image tag. Possible values listed [here](https://hub.docker.com/r/minio/mc/tags/).| `RELEASE.2019-07-17T22-13-42Z`| +| `mcImage.tag` | mc image tag. Possible values listed [here](https://hub.docker.com/r/minio/mc/tags/).| `RELEASE.2019-07-31T19-17-35Z`| | `mcImage.pullPolicy` | mc Image pull policy | `IfNotPresent` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | @@ -129,6 +129,7 @@ The following table lists the configurable parameters of the MinIO chart and the | `affinity` | Affinity settings for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod Labels | `{}` | | `tls.enabled` | Enable TLS for MinIO server | `false` | | `tls.certSecret` | Kubernetes Secret with `public.crt` and `private.key` files. | `""` | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `5` | diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index 3e7d95d4430e..5cd918ce1c25 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -43,6 +43,9 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} {{- if .Values.podAnnotations }} annotations: {{ toYaml .Values.podAnnotations | indent 8 }} diff --git a/stable/minio/templates/statefulset.yaml b/stable/minio/templates/statefulset.yaml index 7276a0ec192d..282366c07322 100644 --- a/stable/minio/templates/statefulset.yaml +++ b/stable/minio/templates/statefulset.yaml @@ -43,6 +43,9 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} {{- if .Values.podAnnotations }} annotations: {{ toYaml .Values.podAnnotations | indent 8 }} diff --git a/stable/minio/values.yaml b/stable/minio/values.yaml index 58628dc149ca..3370659f32f5 100755 --- a/stable/minio/values.yaml +++ b/stable/minio/values.yaml @@ -6,7 +6,7 @@ clusterDomain: cluster.local ## image: repository: minio/minio - tag: RELEASE.2019-07-17T22-54-12Z + tag: RELEASE.2019-08-01T22-18-54Z pullPolicy: IfNotPresent ## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio @@ -14,7 +14,7 @@ image: ## mcImage: repository: minio/mc - tag: RELEASE.2019-07-17T22-13-42Z + tag: RELEASE.2019-07-31T19-17-35Z pullPolicy: IfNotPresent ## minio server mode, i.e. standalone or distributed. @@ -135,6 +135,9 @@ affinity: {} # Additational pod annotations podAnnotations: {} +# Additional pod labels +podLabels: {} + ## Liveness and Readiness probe values. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ livenessProbe: diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index b1b7f3eab388..5bdbc01acf7a 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mongodb -version: 6.3.1 +version: 7.0.2 appVersion: 4.0.11 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index a55af3e3fe2f..e4f94dcb8f73 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -129,12 +129,16 @@ The following table lists the configurable parameters of the MongoDB chart and t | `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | | `initConfigMap.name` | Custom config map with init scripts | `nil` | | `configmap` | MongoDB configuration file to be used | `nil` | -| `ingress.enabled` | Enables Ingress. Tested with nginx-ingress version `1.3.1` | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.paths` | Ingress paths | `[/]` | -| `ingress.hosts` | Ingress accepted hostnames | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[ { secretName: secret-tls, hosts: [] } ]` | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.annotations` | Ingress annotations | `[]` | +| `ingress.hosts[0].name` | Hostname to your MongoDB installation | `mongodb.local` | +| `ingress.hosts[0].path` | Path within the url structure | `/` | +| `ingress.tls[0].hosts[0]` | TLS hosts | `mongodb.local` | +| `ingress.tls[0].secretName` | TLS Secret (certificates) | `mongodb.local-tls` | +| `ingress.secrets[0].name` | TLS Secret Name | `nil` | +| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | +| `ingress.secrets[0].key` | TLS Secret Key | `nil` | | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | MongoDB exporter image registry | `docker.io` | | `metrics.image.repository` | MongoDB exporter image name | `forekshub/percona-mongodb-exporter` | @@ -265,6 +269,16 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru ## Upgrading +### To 7.0.0 +From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: + +```yaml +ingress: + hosts: + - name: mongodb.local + path: / +``` + ### To 6.0.0 From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. @@ -275,12 +289,12 @@ You can find more information in the [`bitnami/mongodb` image README](https://gi When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: -```consoloe +```console $ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false ``` ## Configure Ingress -MongoDB can exposed externally using the [NGINX Ingress Controller](https://github.com/kubernetes/ingress-nginx). To do so, it's necessary to: +MongoDB can exposed externally using an Ingress controller. To do so, it's necessary to: - Install the MongoDB chart setting the parameter `ingress.enabled=true`. - Create a ConfigMap to map the external port to use and the internal service/port where to redirect the requests (see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/exposing-tcp-udp-services.md for more information). diff --git a/stable/mongodb/templates/ingress.yaml b/stable/mongodb/templates/ingress.yaml index 97d42bb01e9a..9a17e04c792c 100644 --- a/stable/mongodb/templates/ingress.yaml +++ b/stable/mongodb/templates/ingress.yaml @@ -1,40 +1,33 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "mongodb.fullname" . -}} -{{- $ingressPaths := .Values.ingress.paths -}} +{{- if .Values.ingress.enabled }} apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: {{ $fullName }} + name: {{ template "mongodb.fullname" . }} labels: - app.kubernetes.io/name: {{ include "mongodb.name" . }} - helm.sh/chart: {{ include "mongodb.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.ingress.annotations }} + app: {{ template "mongodb.name" . }} + chart: {{ template "mongodb.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" annotations: -{{- toYaml . | nindent 4 }} - {{- end }} + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - {{- range $ingressPaths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: mongodb - {{- end }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + backend: + serviceName: "{{ template "mongodb.fullname" $ }}" + servicePort: mongodb + {{- end }} + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index b0981e3af658..32d8b65c58b3 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -17,7 +17,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.0.11-debian-9-r0 + tag: 4.0.11-debian-9-r14 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -249,18 +249,52 @@ persistence: size: 8Gi annotations: {} -# Expose mongodb via ingress. This is possible if using nginx-ingress -# https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/ +## Configure the ingress resource that allows you to access the +## MongoDB installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## ingress: + ## Set to true to enable ingress record generation enabled: false - annotations: {} - labels: {} - paths: - - / - hosts: [] + + ## Set this to true in order to add the corresponding annotations for cert-manager + certManager: false + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: + - name: mongodb.local + path: / + + ## The tls configuration for the ingress + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls tls: - - secretName: secret-tls - hosts: [] + - hosts: + - mongodb.local + secretName: mongodb.local-tls + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: airflow.local-tls + # key: + # certificate: ## Configure the options for init containers to be run before the main app containers ## are started. All init containers are run sequentially and must exit without errors diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 8b491f51396d..876108ba784e 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -17,7 +17,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.0.11-debian-9-r0 + tag: 4.0.11-debian-9-r14 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## @@ -251,18 +251,52 @@ persistence: size: 8Gi annotations: {} -# Expose mongodb via ingress. This is possible if using nginx-ingress -# https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/ +## Configure the ingress resource that allows you to access the +## MongoDB installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## ingress: + ## Set to true to enable ingress record generation enabled: false - annotations: {} - labels: {} - paths: - - / - hosts: [] + + ## Set this to true in order to add the corresponding annotations for cert-manager + certManager: false + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: + - name: mongodb.local + path: / + + ## The tls configuration for the ingress + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls tls: - - secretName: secret-tls - hosts: [] + - hosts: + - mongodb.local + secretName: mongodb.local-tls + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: airflow.local-tls + # key: + # certificate: ## Configure the options for init containers to be run before the main app containers ## are started. All init containers are run sequentially and must exit without errors diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index 7e175cd15357..849be7d6d05e 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.13.3 -appVersion: 1.9.2 +version: 0.13.5 +appVersion: 1.9.3 home: https://hub.docker.com/r/newrelic/infrastructure-k8s/ source: - https://github.com/kubernetes/kubernetes/tree/master/examples/newrelic-infrastructure diff --git a/stable/newrelic-infrastructure/README.md b/stable/newrelic-infrastructure/README.md index 2ca6ead5614d..655544e16411 100644 --- a/stable/newrelic-infrastructure/README.md +++ b/stable/newrelic-infrastructure/README.md @@ -18,7 +18,7 @@ This chart will deploy the New Relic Infrastructure agent as a Daemonset. | `rbac.create` | Enable Role-based authentication | `true` | | `rbac.pspEnabled` | Enable pod security policy support | `false` | | `privileged` | Enable privileged mode. | `false` | -| `image.name` | The container to pull. | `newrelic/infrastructure` | +| `image.repository` | The container to pull. | `newrelic/infrastructure` | | `image.pullPolicy` | The pull policy. | `IfNotPresent` | | `image.tag` | The version of the container to pull. | `1.9.2` | | `resources` | Any resources you wish to assign to the pod. | See Resources below | @@ -27,6 +27,8 @@ This chart will deploy the New Relic Infrastructure agent as a Daemonset. | `nodeSelector` | Node label to use for scheduling | `nil` | | `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | | `updateStrategy` | Strategy for DaemonSet updates (requires Kubernetes >= 1.6) | `RollingUpdate` | +| `serviveAccount.create` | If true, a service account would be created and assigned to the deployment | true | +| `serviveAccount.name` | The service account to assign to the deployment. If `serviveAccount.create` is true then this name will be used when creating the service account | | ## Example diff --git a/stable/newrelic-infrastructure/values.yaml b/stable/newrelic-infrastructure/values.yaml index d12dff2fcedb..84e0ca4c2924 100644 --- a/stable/newrelic-infrastructure/values.yaml +++ b/stable/newrelic-infrastructure/values.yaml @@ -20,7 +20,7 @@ verboseLog: false image: repository: newrelic/infrastructure-k8s - tag: 1.9.2 + tag: 1.9.3 pullPolicy: IfNotPresent resources: diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index a293c29f7083..7d6e32eb789a 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: nginx-ingress -version: 1.11.5 +version: 1.13.0 appVersion: 0.25.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index 1ad8ff6da808..15c439b8b079 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -71,14 +71,15 @@ Parameter | Description | Default `controller.autoscaling.enabled` | If true, creates Horizontal Pod Autoscaler | false `controller.autoscaling.minReplicas` | If autoscaling enabled, this field sets minimum replica count | `2` `controller.autoscaling.maxReplicas` | If autoscaling enabled, this field sets maximum replica count | `11` -`controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `50` -`controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `50` +`controller.autoscaling.targetCPUUtilizationPercentage` | Target CPU utilization percentage to scale | `"50"` +`controller.autoscaling.targetMemoryUtilizationPercentage` | Target memory utilization percentage to scale | `"50"` `controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false `controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"` `controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"` `controller.daemonset.hostPorts.stats` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"18080"` `controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` `controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}` +`controller.terminationGracePeriodSeconds` | how many seconds to wait before terminating a pod | `60` `controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0` `controller.nodeSelector` | node labels for pod assignment | `{}` `controller.podAnnotations` | annotations to be added to pods | `{}` @@ -149,6 +150,9 @@ Parameter | Description | Default `controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""` `controller.headers` | configMap key:value pairs containing the [custom headers](https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers) for Nginx | `{}` `controller.updateStrategy` | allows setting of RollingUpdate strategy | `{}` +`controller.configMapNamespace` | The nginx-configmap namespace name | `""` +`controller.tcp.configMapNamespace` | The tcp-services-configmap namespace name | `""` +`controller.udp.configMapNamespace` | The udp-services-configmap namespace name | `""` `defaultBackend.enabled` | Use default backend component | `true` `defaultBackend.name` | name of the default backend component | `default-backend` `defaultBackend.image.repository` | default backend container image repository | `k8s.gcr.io/defaultbackend-amd64` diff --git a/stable/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml b/stable/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 000000000000..3484704f8530 --- /dev/null +++ b/stable/nginx-ingress/ci/daemonset-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,14 @@ +controller: + kind: DaemonSet + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/stable/nginx-ingress/ci/deamonset-hostport-values.yaml b/stable/nginx-ingress/ci/deamonset-hostport-values.yaml index 678e768254aa..589bd5708f8c 100644 --- a/stable/nginx-ingress/ci/deamonset-hostport-values.yaml +++ b/stable/nginx-ingress/ci/deamonset-hostport-values.yaml @@ -2,3 +2,6 @@ controller: kind: DaemonSet daemonset: useHostPort: true + hostPorts: + http: 58462 + https: 58463 diff --git a/stable/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml b/stable/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml new file mode 100644 index 000000000000..7b06c1eb6283 --- /dev/null +++ b/stable/nginx-ingress/ci/deployment-tcp-udp-configMapNamespace-values.yaml @@ -0,0 +1,13 @@ +controller: + service: + type: ClusterIP + tcp: + configMapNamespace: default + udp: + configMapNamespace: default + +tcp: + 9000: "default/test:8080" + +udp: + 9001: "default/test:8080" diff --git a/stable/nginx-ingress/templates/controller-deployment.yaml b/stable/nginx-ingress/templates/controller-deployment.yaml index 833488429871..8eeba34e5377 100644 --- a/stable/nginx-ingress/templates/controller-deployment.yaml +++ b/stable/nginx-ingress/templates/controller-deployment.yaml @@ -64,15 +64,15 @@ spec: - --ingress-class={{ .Values.controller.ingressClass }} {{- end }} {{- if (semverCompare ">=0.9.0-beta.1" .Values.controller.image.tag) }} - - --configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }} + - --configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }} {{- else }} - - --nginx-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.controller.fullname" . }} + - --nginx-configmap={{ default .Release.Namespace .Values.controller.configMapNamespace }}/{{ template "nginx-ingress.controller.fullname" . }} {{- end }} {{- if .Values.tcp }} - - --tcp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-tcp + - --tcp-services-configmap={{ default .Release.Namespace .Values.controller.tcp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-tcp {{- end }} {{- if .Values.udp }} - - --udp-services-configmap={{ .Release.Namespace }}/{{ template "nginx-ingress.fullname" . }}-udp + - --udp-services-configmap={{ default .Release.Namespace .Values.controller.udp.configMapNamespace }}/{{ template "nginx-ingress.fullname" . }}-udp {{- end }} {{- if .Values.controller.scope.enabled }} - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} @@ -190,7 +190,7 @@ spec: {{ toYaml .Values.controller.affinity | indent 8 }} {{- end }} serviceAccountName: {{ template "nginx-ingress.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumes) }} volumes: {{- end }} diff --git a/stable/nginx-ingress/templates/controller-hpa.yaml b/stable/nginx-ingress/templates/controller-hpa.yaml index 9c7f8af23a3b..e027e808d57a 100644 --- a/stable/nginx-ingress/templates/controller-hpa.yaml +++ b/stable/nginx-ingress/templates/controller-hpa.yaml @@ -18,13 +18,17 @@ spec: minReplicas: {{ .Values.controller.autoscaling.minReplicas }} maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }} metrics: +{{- with .Values.controller.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }} + targetAverageUtilization: {{ . }} +{{- end }} +{{- with .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }} + targetAverageUtilization: {{ . }} +{{- end }} {{- end }} {{- end }} diff --git a/stable/nginx-ingress/templates/controller-service.yaml b/stable/nginx-ingress/templates/controller-service.yaml index a8fd2c72ae17..27a0fb0551a8 100644 --- a/stable/nginx-ingress/templates/controller-service.yaml +++ b/stable/nginx-ingress/templates/controller-service.yaml @@ -63,18 +63,22 @@ spec: port: {{ $key }} protocol: TCP targetPort: "{{ $key }}-tcp" + {{- if $.Values.controller.service.nodePorts.tcp }} {{- if index $.Values.controller.service.nodePorts.tcp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.tcp $key }} {{- end }} + {{- end }} {{- end }} {{- range $key, $value := .Values.udp }} - name: "{{ $key }}-udp" port: {{ $key }} protocol: UDP targetPort: "{{ $key }}-udp" + {{- if $.Values.controller.service.nodePorts.udp }} {{- if index $.Values.controller.service.nodePorts.udp $key }} nodePort: {{ index $.Values.controller.service.nodePorts.udp $key }} {{- end }} + {{- end }} {{- end }} selector: app: {{ template "nginx-ingress.name" . }} diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 1637fef0e06d..484504007d40 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -82,6 +82,20 @@ controller: enabled: false namespace: "" # defaults to .Release.Namespace + ## Allows customization of the configmap / nginx-configmap namespace + ## + configMapNamespace: "" # defaults to .Release.Namespace + + ## Allows customization of the tcp-services-configmap namespace + ## + tcp: + configMapNamespace: "" # defaults to .Release.Namespace + + ## Allows customization of the udp-services-configmap namespace + ## + udp: + configMapNamespace: "" # defaults to .Release.Namespace + ## Additional command line arguments to pass to nginx-ingress-controller ## E.g. to specify the default SSL certificate you can use ## extraArgs: @@ -150,6 +164,10 @@ controller: # - nginx-ingress # topologyKey: "kubernetes.io/hostname" + ## terminationGracePeriodSeconds + ## + terminationGracePeriodSeconds: 60 + ## Node labels for controller pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## diff --git a/stable/node-problem-detector/Chart.yaml b/stable/node-problem-detector/Chart.yaml index 799eea4c0250..4eeabcbeeacb 100644 --- a/stable/node-problem-detector/Chart.yaml +++ b/stable/node-problem-detector/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: node-problem-detector -version: "1.5.0" -appVersion: v0.6.3 +version: "1.5.2" +appVersion: v0.7.0 home: https://github.com/kubernetes/node-problem-detector description: Installs the node-problem-detector daemonset for monitoring extra attributes on nodes icon: https://github.com/kubernetes/kubernetes/raw/master/logo/logo.png diff --git a/stable/node-problem-detector/README.md b/stable/node-problem-detector/README.md index 72459cbf7b77..d61a5f186366 100644 --- a/stable/node-problem-detector/README.md +++ b/stable/node-problem-detector/README.md @@ -51,9 +51,12 @@ The following table lists the configurable parameters for this chart and their d | `settings.custom_monitor_definitions` | User-specified custom monitor definitions | `{}` | | `settings.log_monitors` | System log monitor config files | `/config/kernel-monitor.json`, `/config/docker-monitor.json` | | `settings.custom_plugin_monitors` | Custom plugin monitor config files | `[]` | +| `settings.prometheus_address` | Prometheus exporter address | `0.0.0.0` | +| `settings.prometheus_port` | Prometheus exporter port | `20257` | | `serviceAccount.create` | Whether a ServiceAccount should be created | `true` | | `serviceAccount.name` | Name of the ServiceAccount to create | Generated value from template | | `tolerations` | Optional daemonset tolerations | `[]` | +| `nodeSelector` | Optional daemonset nodeSelector | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: diff --git a/stable/node-problem-detector/templates/daemonset.yaml b/stable/node-problem-detector/templates/daemonset.yaml index 93690a992803..97107c664c4c 100644 --- a/stable/node-problem-detector/templates/daemonset.yaml +++ b/stable/node-problem-detector/templates/daemonset.yaml @@ -12,11 +12,13 @@ spec: matchLabels: app.kubernetes.io/name: {{ include "node-problem-detector.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ include "node-problem-detector.name" . }} template: metadata: labels: app.kubernetes.io/name: {{ include "node-problem-detector.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + app: {{ include "node-problem-detector.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/custom-config-configmap.yaml") . | sha256sum }} scheduler.alpha.kubernetes.io/critical-pod: '' @@ -37,7 +39,7 @@ spec: command: - "/bin/sh" - "-c" - - "exec /node-problem-detector --logtostderr --system-log-monitors={{- range $index, $monitor := .Values.settings.log_monitors }}{{if ne $index 0}},{{end}}{{ $monitor }}{{- end }} {{- if .Values.settings.custom_plugin_monitors }} --custom-plugin-monitors={{- range $index, $monitor := .Values.settings.custom_plugin_monitors }}{{if ne $index 0}},{{end}}{{ $monitor }}{{- end }} {{- end }}" + - "exec /node-problem-detector --logtostderr --system-log-monitors={{- range $index, $monitor := .Values.settings.log_monitors }}{{if ne $index 0}},{{end}}{{ $monitor }}{{- end }} {{- if .Values.settings.custom_plugin_monitors }} --custom-plugin-monitors={{- range $index, $monitor := .Values.settings.custom_plugin_monitors }}{{if ne $index 0}},{{end}}{{ $monitor }}{{- end }} {{- end }} --prometheus-address={{ .Values.settings.prometheus_address }} --prometheus-port={{ .Values.settings.prometheus_port }}" securityContext: privileged: true env: @@ -54,6 +56,9 @@ spec: - name: custom-config mountPath: /custom-config readOnly: true + ports: + - containerPort: {{ .Values.settings.prometheus_port }} + name: exporter resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.affinity }} @@ -64,6 +69,10 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} volumes: - name: log hostPath: diff --git a/stable/node-problem-detector/templates/psp-clusterrolebinding.yaml b/stable/node-problem-detector/templates/psp-clusterrolebinding.yaml index 8552c4933a78..80cd87789156 100644 --- a/stable/node-problem-detector/templates/psp-clusterrolebinding.yaml +++ b/stable/node-problem-detector/templates/psp-clusterrolebinding.yaml @@ -13,7 +13,7 @@ roleRef: kind: ClusterRole name: {{ template "node-problem-detector.fullname" . }}-psp subjects: - - kind: ServiceAccount +- kind: ServiceAccount name: {{ template "node-problem-detector.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/stable/node-problem-detector/templates/service.yaml b/stable/node-problem-detector/templates/service.yaml new file mode 100644 index 000000000000..f4ebb9b57537 --- /dev/null +++ b/stable/node-problem-detector/templates/service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "node-problem-detector.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "node-problem-detector.name" . }} + helm.sh/chart: {{ include "node-problem-detector.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app: {{ include "node-problem-detector.name" . }} + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: exporter + port: {{ .Values.settings.prometheus_port }} + protocol: TCP + selector: + app: {{ include "node-problem-detector.name" . }} +{{- end }} diff --git a/stable/node-problem-detector/templates/servicemonitor.yaml b/stable/node-problem-detector/templates/servicemonitor.yaml new file mode 100644 index 000000000000..ddc0a3b1b141 --- /dev/null +++ b/stable/node-problem-detector/templates/servicemonitor.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "node-problem-detector.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "node-problem-detector.name" . }} + helm.sh/chart: {{ include "node-problem-detector.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: {{ include "node-problem-detector.name" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: exporter + path: /metrics + interval: 60s +{{- end }} diff --git a/stable/node-problem-detector/values.yaml b/stable/node-problem-detector/values.yaml index 222bbdc8d7b3..ebfcbe1ef002 100644 --- a/stable/node-problem-detector/values.yaml +++ b/stable/node-problem-detector/values.yaml @@ -33,12 +33,15 @@ settings: # - /custom-config/docker-monitor-filelog.json custom_plugin_monitors: [] + prometheus_address: 0.0.0.0 + prometheus_port: 20257 + hostpath: logdir: /var/log/ image: repository: k8s.gcr.io/node-problem-detector - tag: v0.6.3 + tag: v0.7.0 pullPolicy: IfNotPresent nameOverride: "" @@ -68,3 +71,10 @@ serviceAccount: name: affinity: {} + +nodeSelector: {} + +metrics: + serviceMonitor: + enabled: false + additionalLabels: {} diff --git a/stable/oauth2-proxy/Chart.yaml b/stable/oauth2-proxy/Chart.yaml index 1b5662d04856..22e9c3b58cb5 100644 --- a/stable/oauth2-proxy/Chart.yaml +++ b/stable/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 0.13.0 +version: 0.14.0 apiVersion: v1 appVersion: 3.2.0 home: http://www.videntity.com/ diff --git a/stable/oauth2-proxy/README.md b/stable/oauth2-proxy/README.md index fd868cc182b6..969250059394 100644 --- a/stable/oauth2-proxy/README.md +++ b/stable/oauth2-proxy/README.md @@ -52,6 +52,9 @@ Parameter | Description | Default `config.google.serviceAccountJson` | google service account json contents | `""` `config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil` `extraArgs` | key:value list of extra arguments to give the binary | `{}` +`htpasswdFile.enabled` | enable htpasswd-file option | `false` +`htpasswdFile.entries` | list of [SHA encrypted user:passwords](https://pusher.github.io/oauth2_proxy/configuration#command-line-options) | `{}` +`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file` | `""` `image.pullPolicy` | Image pull policy | `IfNotPresent` `image.repository` | Image repository | `quay.io/pusher/oauth2_proxy` `image.tag` | Image tag | `v3.2.0` diff --git a/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml b/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml new file mode 100644 index 000000000000..c40b63716ba8 --- /dev/null +++ b/stable/oauth2-proxy/templates/configmap-htpasswd-file.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + labels: + app: {{ template "oauth2-proxy.name" . }} + chart: {{ template "oauth2-proxy.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file +type: Opaque +stringData: + users.txt: |- + {{- range $entries := .Values.htpasswdFile.entries }} + {{ $entries }} + {{- end -}} +{{- end }} \ No newline at end of file diff --git a/stable/oauth2-proxy/templates/deployment.yaml b/stable/oauth2-proxy/templates/deployment.yaml index 91eaa29a0f12..7df09a5b8021 100644 --- a/stable/oauth2-proxy/templates/deployment.yaml +++ b/stable/oauth2-proxy/templates/deployment.yaml @@ -62,6 +62,9 @@ spec: - --google-service-account-json=/google/service-account.json {{- end }} {{- end }} + {{- if .Values.htpasswdFile.enabled }} + - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt + {{- end }} env: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: @@ -118,6 +121,11 @@ spec: - mountPath: /etc/oauth2-proxy name: configaccesslist readOnly: true +{{- end }} +{{- if .Values.htpasswdFile.enabled }} + - mountPath: /etc/oauth2_proxy/htpasswd + name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file + readOnly: true {{- end }} volumes: {{- with .Values.config.google }} @@ -127,6 +135,13 @@ spec: secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" . }}{{ end }} {{- end }} {{- end }} + +{{- if .Values.htpasswdFile.enabled }} + - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file + secret: + secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }} +{{- end }} + {{- if or .Values.config.existingConfig .Values.config.configFile }} - configMap: defaultMode: 420 @@ -149,6 +164,7 @@ spec: {{- end }} name: configaccesslist {{- end }} + {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} diff --git a/stable/oauth2-proxy/values.yaml b/stable/oauth2-proxy/values.yaml index 02479e48f0c4..9515627f3bb8 100644 --- a/stable/oauth2-proxy/values.yaml +++ b/stable/oauth2-proxy/values.yaml @@ -124,3 +124,14 @@ readinessProbe: podAnnotations: {} podLabels: {} replicaCount: 1 + +# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -s" for SHA encryption. +# Alternatively supply an existing secret which contains the required information. +htpasswdFile: + enabled: false + existingSecret: "" + entries: {} + # One row for each user + # example: + # entries: + # - testuser:{SHA}EWhzdhgoYJWy0z2gyzhRYlN9DSiv diff --git a/stable/opa/Chart.yaml b/stable/opa/Chart.yaml index ac34dcfcbc39..5e7b90744a2b 100644 --- a/stable/opa/Chart.yaml +++ b/stable/opa/Chart.yaml @@ -6,7 +6,7 @@ keywords: - opa - admission control - policy -version: 1.6.0 +version: 1.6.1 home: https://www.openpolicyagent.org icon: https://raw.githubusercontent.com/open-policy-agent/opa/master/logo/logo.png sources: diff --git a/stable/opa/templates/deployment.yaml b/stable/opa/templates/deployment.yaml index 3ed0ce145b53..a68f5acbfd6d 100644 --- a/stable/opa/templates/deployment.yaml +++ b/stable/opa/templates/deployment.yaml @@ -11,7 +11,7 @@ spec: app: {{ template "opa.fullname" . }} template: metadata: -{{- if and .Values.generateAdmissionControllerCerts .Values.opa }} +{{- if or .Values.generateAdmissionControllerCerts .Values.opa }} annotations: {{- if .Values.generateAdmissionControllerCerts }} checksum/certs: {{ include (print $.Template.BasePath "/webhookconfiguration.yaml") . | sha256sum }} diff --git a/stable/openebs/Chart.yaml b/stable/openebs/Chart.yaml index 783392bc0fd3..a673de7ff652 100644 --- a/stable/openebs/Chart.yaml +++ b/stable/openebs/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 -version: 1.0.0 +version: 1.1.1 name: openebs -appVersion: 1.0.0 +appVersion: 1.1.0 description: Containerized Storage for Containers icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png home: http://www.openebs.io/ diff --git a/stable/openebs/README.md b/stable/openebs/README.md index a478aa83a3ed..bfd90438aede 100644 --- a/stable/openebs/README.md +++ b/stable/openebs/README.md @@ -40,49 +40,52 @@ The following table lists the configurable parameters of the OpenEBS chart and t | `rbac.create` | Enable RBAC Resources | `true` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `apiserver.image` | Image for API Server | `quay.io/openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `1.0.0` | +| `apiserver.imageTag` | Image Tag for API Server | `1.1.0` | | `apiserver.replicas` | Number of API Server Replicas | `1` | | `apiserver.sparse.enabled` | Create Sparse Pool based on Sparsefile | `false` | | `provisioner.image` | Image for Provisioner | `quay.io/openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `1.0.0` | +| `provisioner.imageTag` | Image Tag for Provisioner | `1.1.0` | | `provisioner.replicas` | Number of Provisioner Replicas | `1` | | `localProvisioner.image` | Image for localProvisioner | `quay.io/openebs/provisioner-localpv` | -| `localProvisioner.imageTag` | Image Tag for localProvisioner | `1.0.0` | +| `localProvisioner.imageTag` | Image Tag for localProvisioner | `1.1.0` | | `localProvisioner.replicas` | Number of localProvisioner Replicas | `1` | | `localProvisioner.basePath` | BasePath for hostPath volumes on Nodes | `/var/openebs/local` | | `webhook.image` | Image for admision server | `quay.io/openebs/admission-server` | -| `webhook.imageTag` | Image Tag for admission server | `1.0.0` | +| `webhook.imageTag` | Image Tag for admission server | `1.1.0` | | `webhook.replicas` | Number of admission server Replicas | `1` | | `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `quay.io/openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.0.0` | +| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `1.1.0` | | `snapshotOperator.controller.image` | Image for Snapshot Controller | `quay.io/openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.0.0` | +| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `1.1.0` | | `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | | `ndm.image` | Image for Node Disk Manager | `quay.io/openebs/node-disk-manager-amd64` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.4.0` | +| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.4.1` | | `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | | `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | | `ndm.sparse.count` | Number of sparse files to be created | `1` | | `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | | `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md` | | `ndm.filters.includePaths` | Include devices with specified path patterns | `""` | +| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md` | +| `ndm.probes.enableSeachest` | Enable Seachest probe for NDM | `false` | | `ndmOperator.image` | Image for NDM Operator | `quay.io/openebs/node-disk-operator-amd64`| -| `ndmOperator.imageTag` | Image Tag for NDM Operator | `v0.4.0` | +| `ndmOperator.imageTag` | Image Tag for NDM Operator | `v0.4.1` | | `jiva.image` | Image for Jiva | `quay.io/openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `1.0.0` | +| `jiva.imageTag` | Image Tag for Jiva | `1.1.0` | | `jiva.replicas` | Number of Jiva Replicas | `3` | | `cstor.pool.image` | Image for cStor Pool | `quay.io/openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.0.0` | +| `cstor.pool.imageTag` | Image Tag for cStor Pool | `1.1.0` | | `cstor.poolMgmt.image` | Image for cStor Pool Management | `quay.io/openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.0.0` | +| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `1.1.0` | | `cstor.target.image` | Image for cStor Target | `quay.io/openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `1.0.0` | +| `cstor.target.imageTag` | Image Tag for cStor Target | `1.1.0` | | `cstor.volumeMgmt.image` | Image for cStor Volume Management | `quay.io/openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.0.0` | +| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `1.1.0` | | `policies.monitoring.image` | Image for Prometheus Exporter | `quay.io/openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.0.0` | +| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `1.1.0` | | `analytics.enabled` | Enable sending stats to Google Analytics | `true` | | `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | +| `defaultStorageConfig.enabled` | Enable default storage class installation | `true` | | `HealthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | | 30 | | `HealthCheck.periodSeconds` | How often to perform the liveness probe | `60` | | 10 | diff --git a/stable/openebs/templates/clusterrole.yaml b/stable/openebs/templates/clusterrole.yaml index 0a388433ac48..7a2111a23ed2 100644 --- a/stable/openebs/templates/clusterrole.yaml +++ b/stable/openebs/templates/clusterrole.yaml @@ -23,7 +23,7 @@ rules: verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: [ "get", "list", "create", "update", "delete"] + verbs: [ "get", "list", "create", "update", "delete", "patch"] - apiGroups: ["*"] resources: [ "disks", "blockdevices", "blockdeviceclaims"] verbs: ["*" ] @@ -34,11 +34,14 @@ rules: resources: [ "castemplates", "runtasks"] verbs: ["*" ] - apiGroups: ["*"] - resources: [ "cstorpools", "cstorpools/finalizers", "cstorvolumereplicas", "cstorvolumes"] + resources: [ "cstorpools", "cstorpools/finalizers", "cstorvolumereplicas", "cstorvolumes", "cstorvolumeclaims"] verbs: ["*" ] - apiGroups: ["*"] resources: [ "cstorbackups", "cstorrestores", "cstorcompletedbackups"] verbs: ["*" ] +- apiGroups: ["*"] + resources: [ "upgradetasks"] + verbs: ["*" ] - nonResourceURLs: ["/metrics"] verbs: ["get"] {{- end }} diff --git a/stable/openebs/templates/deployment-maya-apiserver.yaml b/stable/openebs/templates/deployment-maya-apiserver.yaml index 05b5f86e5e85..d776cf333c7b 100644 --- a/stable/openebs/templates/deployment-maya-apiserver.yaml +++ b/stable/openebs/templates/deployment-maya-apiserver.yaml @@ -10,6 +10,7 @@ metadata: component: apiserver name: maya-apiserver openebs.io/component-name: maya-apiserver + openebs.io/version: {{ .Values.release.version }} spec: replicas: {{ .Values.apiserver.replicas }} selector: @@ -51,6 +52,10 @@ spec: value: "{{ .Values.apiserver.sparse.enabled }}" - name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR value: "{{ .Values.ndm.sparse.path }}" + - name: OPENEBS_IO_CREATE_DEFAULT_STORAGE_CONFIG + value: "{{ .Values.defaultStorageConfig.enabled }}" + - name: OPENEBS_IO_CSTOR_TARGET_DIR + value: "{{ .Values.ndm.sparse.path }}" # OPENEBS_NAMESPACE provides the namespace of this deployment as an # environment variable - name: OPENEBS_NAMESPACE diff --git a/stable/openebs/templates/deployment-ndm-operator.yaml b/stable/openebs/templates/deployment-ndm-operator.yaml index c193dbf400b5..d567d1061732 100644 --- a/stable/openebs/templates/deployment-ndm-operator.yaml +++ b/stable/openebs/templates/deployment-ndm-operator.yaml @@ -56,10 +56,10 @@ spec: - name: CLEANUP_JOB_IMAGE value: "{{ .Values.ndmOperator.cleanupImage }}:{{ .Values.ndmOperator.cleanupImageTag }}" {{- if .Values.ndmOperator.nodeSelector }} - nodeSelector: + nodeSelector: {{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} {{- end }} {{- if .Values.ndmOperator.tolerations }} - tolerations: + tolerations: {{ toYaml .Values.ndmOperator.tolerations | indent 8 }} {{- end }} diff --git a/stable/openebs/templates/validationwebhook.yaml b/stable/openebs/templates/validationwebhook.yaml index 49de39ae66cc..444298522442 100644 --- a/stable/openebs/templates/validationwebhook.yaml +++ b/stable/openebs/templates/validationwebhook.yaml @@ -14,8 +14,11 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: admission-webhook + openebs.io/component-name: admission-webhook webhooks: +# failurePolicy Fail means that an error calling the webhook causes the admission to fail. - name: admission-webhook.openebs.io + failurePolicy: Fail clientConfig: service: name: admission-server-svc @@ -42,6 +45,7 @@ metadata: chart: {{ template "openebs.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + openebs.io/component-name: admission-webhook type: Opaque data: {{- if .Values.webhook.generateTLS }} diff --git a/stable/openebs/values.yaml b/stable/openebs/values.yaml index 8cba066a45a1..a8856f77abee 100644 --- a/stable/openebs/values.yaml +++ b/stable/openebs/values.yaml @@ -12,14 +12,14 @@ serviceAccount: release: # "openebs.io/version" label for control plane components - version: "1.0.0" + version: "1.1.0" image: pullPolicy: IfNotPresent apiserver: image: "quay.io/openebs/m-apiserver" - imageTag: "1.0.0" + imageTag: "1.1.0" replicas: 1 ports: externalPort: 5656 @@ -33,9 +33,12 @@ apiserver: initialDelaySeconds: 30 periodSeconds: 60 +defaultStorageConfig: + enabled: "true" + provisioner: image: "quay.io/openebs/openebs-k8s-provisioner" - imageTag: "1.0.0" + imageTag: "1.1.0" replicas: 1 nodeSelector: {} tolerations: [] @@ -46,7 +49,7 @@ provisioner: localprovisioner: image: "quay.io/openebs/provisioner-localpv" - imageTag: "1.0.0" + imageTag: "1.1.0" helperImage: "quay.io/openebs/openebs-tools" helperImageTag: "3.8" replicas: 1 @@ -61,10 +64,10 @@ localprovisioner: snapshotOperator: controller: image: "quay.io/openebs/snapshot-controller" - imageTag: "1.0.0" + imageTag: "1.1.0" provisioner: image: "quay.io/openebs/snapshot-provisioner" - imageTag: "1.0.0" + imageTag: "1.1.0" replicas: 1 upgradeStrategy: "Recreate" nodeSelector: {} @@ -76,7 +79,7 @@ snapshotOperator: ndm: image: "quay.io/openebs/node-disk-manager-amd64" - imageTag: "v0.4.0" + imageTag: "v0.4.1" sparse: path: "/var/openebs/sparse" size: "10737418240" @@ -85,6 +88,8 @@ ndm: excludeVendors: "CLOUDBYT,OpenEBS" includePaths: "" excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md" + probes: + enableSeachest: false nodeSelector: {} healthCheck: initialDelaySeconds: 30 @@ -92,7 +97,7 @@ ndm: ndmOperator: image: "quay.io/openebs/node-disk-operator-amd64" - imageTag: "v0.4.0" + imageTag: "v0.4.1" replicas: 1 upgradeStrategy: Recreate nodeSelector: {} @@ -106,7 +111,7 @@ ndmOperator: webhook: image: "quay.io/openebs/admission-server" - imageTag: "1.0.0" + imageTag: "1.1.0" generateTLS: true replicas: 1 nodeSelector: {} @@ -115,28 +120,28 @@ webhook: jiva: image: "quay.io/openebs/jiva" - imageTag: "1.0.0" + imageTag: "1.1.0" replicas: 3 cstor: pool: image: "quay.io/openebs/cstor-pool" - imageTag: "1.0.0" + imageTag: "1.1.0" poolMgmt: image: "quay.io/openebs/cstor-pool-mgmt" - imageTag: "1.0.0" + imageTag: "1.1.0" target: image: "quay.io/openebs/cstor-istgt" - imageTag: "1.0.0" + imageTag: "1.1.0" volumeMgmt: image: "quay.io/openebs/cstor-volume-mgmt" - imageTag: "1.0.0" + imageTag: "1.1.0" policies: monitoring: enabled: true image: "quay.io/openebs/m-exporter" - imageTag: "1.0.0" + imageTag: "1.1.0" analytics: enabled: true diff --git a/stable/openvpn/Chart.yaml b/stable/openvpn/Chart.yaml index 8ed2c2c3785b..334ab4d83156 100755 --- a/stable/openvpn/Chart.yaml +++ b/stable/openvpn/Chart.yaml @@ -3,7 +3,7 @@ description: A Helm chart to install an openvpn server inside a kubernetes clust generation is also part of the deployment, and this chart will generate client keys as needed. name: openvpn -version: 3.13.4 +version: 3.13.6 appVersion: 1.1.0 maintainers: - name: jfelten diff --git a/stable/openvpn/README.md b/stable/openvpn/README.md index 242a5322f06f..de11b9b029fd 100644 --- a/stable/openvpn/README.md +++ b/stable/openvpn/README.md @@ -106,6 +106,7 @@ Parameter | Description | Default `openvpn.cipher` | Override the default cipher | `nil` (OpenVPN default) `openvpn.istio.enabled` | Enables istio support for openvpn clients | `false` `openvpn.istio.proxy.port` | Istio proxy port | `15001` +`openvpn.iptablesExtra` | Custom iptables rules for clients | `[]` `nodeSelector` | Node labels for pod assignment | `{}` This chart has been engineered to use kube-dns and route all network traffic to kubernetes pods and services, diff --git a/stable/openvpn/templates/config-openvpn.yaml b/stable/openvpn/templates/config-openvpn.yaml index c1593edda195..aaa69a40eae1 100644 --- a/stable/openvpn/templates/config-openvpn.yaml +++ b/stable/openvpn/templates/config-openvpn.yaml @@ -125,7 +125,11 @@ data: /etc/openvpn/setup/setup-certs.sh {{ if .Values.openvpn.istio.enabled }} - iptables -t nat -A ISTIO_INBOUND -s {{ .Values.openvpn.OVPN_NETWORK }}/{{ .Values.openvpn.OVPN_SUBNET }} -i tun0 -p tcp -j REDIRECT --to-ports {{ .Values.openvpn.istio.proxy.port }} + iptables -t nat -A PREROUTING -s {{ .Values.openvpn.OVPN_NETWORK }}/{{ .Values.openvpn.OVPN_SUBNET }} -i tun0 -p tcp -j REDIRECT --to-ports {{ .Values.openvpn.istio.proxy.port }} +{{ end }} + +{{ range .Values.openvpn.iptablesExtra }} + iptables {{ . }} {{ end }} iptables -t nat -A POSTROUTING -s {{ .Values.openvpn.OVPN_NETWORK }}/{{ .Values.openvpn.OVPN_SUBNET }} -o eth0 -j MASQUERADE diff --git a/stable/openvpn/values.yaml b/stable/openvpn/values.yaml index e3b0b14f9481..10dc2b5d5b14 100644 --- a/stable/openvpn/values.yaml +++ b/stable/openvpn/values.yaml @@ -96,5 +96,10 @@ openvpn: enabled: false proxy: port: 15001 + iptablesExtra: [] + # - -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + # - -A FORWARD -m conntrack --ctstate NEW -d 10.240.0.0/255.255.0.0 -j ACCEPT + # - -A FORWARD -j REJECT + nodeSelector: {} diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index 8dc6c70413c5..04dcdfc59963 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: parse -version: 8.0.1 -appVersion: 3.7.0 +version: 8.0.3 +appVersion: 3.7.2 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: - parse diff --git a/stable/parse/templates/_helpers.tpl b/stable/parse/templates/_helpers.tpl index 64d505e0f285..fdc271ac6e36 100644 --- a/stable/parse/templates/_helpers.tpl +++ b/stable/parse/templates/_helpers.tpl @@ -37,12 +37,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- if .Values.fullnameOverride -}} {{- printf "%s-%s" .Values.fullnameOverride "mongodb" | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} {{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name "mongodb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} {{- end -}} {{- end -}} diff --git a/stable/parse/values.yaml b/stable/parse/values.yaml index 05f96d0340f8..fcb9a4fd0b50 100644 --- a/stable/parse/values.yaml +++ b/stable/parse/values.yaml @@ -62,7 +62,7 @@ server: image: registry: docker.io repository: bitnami/parse - tag: 3.7.0-debian-9-r0 + tag: 3.7.2-debian-9-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -122,7 +122,7 @@ dashboard: image: registry: docker.io repository: bitnami/parse-dashboard - tag: 1.4.1-debian-9-r5 + tag: 1.4.3-debian-9-r1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 687cb858d7e4..b0ee33993007 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: phabricator -version: 6.2.0 -appVersion: 2019.26.0 +version: 6.2.1 +appVersion: 2019.31.0 description: Collection of open source web applications that help software companies build better software. keywords: - phabricator diff --git a/stable/phabricator/requirements.lock b/stable/phabricator/requirements.lock index d8b5e1fc6860..77866dfb9331 100644 --- a/stable/phabricator/requirements.lock +++ b/stable/phabricator/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 6.7.2 + version: 6.7.4 digest: sha256:98f8faaf456130a5ab8958a3f87b17ea1eed6a40f39fdbf1ee50c3d295ede5ef -generated: "2019-07-25T09:13:21.491258+02:00" +generated: 2019-07-31T23:16:44.975718444Z diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index 76a6f621c8b0..1fc1789f5552 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2019.26.0-debian-9-r0 + tag: 2019.31.0-debian-9-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -220,7 +220,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-9-r2 + tag: 0.7.0-debian-9-r10 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/pomerium/Chart.yaml b/stable/pomerium/Chart.yaml index 7b765d1b3a8c..35bfd285a5f5 100644 --- a/stable/pomerium/Chart.yaml +++ b/stable/pomerium/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: pomerium -version: 1.2.1 -appVersion: 0.1.0 +version: 1.3.0 +appVersion: 0.2.0 home: http://www.pomerium.io/ icon: https://www.pomerium.io/logo.svg description: Pomerium is an identity-aware access proxy. diff --git a/stable/pomerium/README.md b/stable/pomerium/README.md index 24d9da664f4b..3cbfb9650ed5 100644 --- a/stable/pomerium/README.md +++ b/stable/pomerium/README.md @@ -75,6 +75,14 @@ Parameter | Description `service.annotations` | Service annotations | `{}` `service.externalPort` | Pomerium's port | `443` `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` +`serviceMonitor.enabled` | Create Prometheus Operator ServiceMonitor | `false` +`serviceMonitor.namespace` | Namespace to create the ServiceMonitor resource in | The namespace of the chart +`serviceMonitor.labels` | Additional labels to apply to the ServiceMonitor resource | `release: prometheus` +`tracing.enabled` | Enable distributed tracing | `false` +`tracing.debug` | Set trace sampling to 100%. Use with caution! | `false` +`tracing.provider` | Specifies the tracing provider to configure (Valid options: Jaeger) | Required +`tracing.jaeger.collector_endpoint` | The jaeger collector endpoint | Required +`tracing.jaeger.agent_endpoint` | The jaeger agent endpoint | Required `ingress.enabled` | Enables Ingress for pomerium | `false` `ingress.annotations` | Ingress annotations | `{}` `ingress.hosts` | Ingress accepted hostnames | `nil` @@ -84,6 +92,32 @@ Parameter | Description ## Metrics Discovery Configuration +This chart provices two ways to surface metrics for discovery. Under normal circumstances, you will only set up one method. + +### Prometheus Operator + +This chart assumes you have already installed the Prometheus Operator CRDs. + +Example chart values: + +```yaml +metrics: + enabled: true + port: 9090 # default +serviceMonitor: + enabled: true + labels: + release: prometheus # default + +``` + +Example ServiceMonitor configuration: + +```yaml + serviceMonitorSelector: + matchLabels: + release: prometheus # operator chart default +``` ### Prometheus kubernetes_sd_configs diff --git a/stable/pomerium/templates/authenticate-service.yaml b/stable/pomerium/templates/authenticate-service.yaml index 7db18db50f0f..180e0cc5cc2a 100644 --- a/stable/pomerium/templates/authenticate-service.yaml +++ b/stable/pomerium/templates/authenticate-service.yaml @@ -22,7 +22,10 @@ spec: targetPort: https protocol: TCP name: https - + - name: metrics + port: {{ .Values.metrics.port }} + protocol: TCP + targetPort: metrics {{- if hasKey .Values.service "nodePort" }} nodePort: {{ .Values.service.nodePort }} {{- end }} diff --git a/stable/pomerium/templates/authorize-service.yaml b/stable/pomerium/templates/authorize-service.yaml index bfd0b0fd9bd4..b28bd1b9144a 100644 --- a/stable/pomerium/templates/authorize-service.yaml +++ b/stable/pomerium/templates/authorize-service.yaml @@ -22,7 +22,10 @@ spec: targetPort: https protocol: TCP name: https - + - name: metrics + port: {{ .Values.metrics.port }} + protocol: TCP + targetPort: metrics {{- if hasKey .Values.service "nodePort" }} nodePort: {{ .Values.service.nodePort }} {{- end }} diff --git a/stable/pomerium/templates/configmap.yaml b/stable/pomerium/templates/configmap.yaml index 7f47e9b0b577..77f71b125768 100644 --- a/stable/pomerium/templates/configmap.yaml +++ b/stable/pomerium/templates/configmap.yaml @@ -21,6 +21,16 @@ data: {{- end -}} {{- if .Values.metrics.enabled }} metrics_address: :{{ .Values.metrics.port }} +{{- end -}} +{{- if .Values.tracing.enabled }} + tracing_debug: {{ .Values.tracing.debug }} + tracing_provider: {{ required "tracing_provider is required for tracing" .Values.tracing.provider }} + +{{- if eq .Values.tracing.provider "jaeger" }} + tracing_jaeger_collector_endpoint: {{ required "collector_endpoint is required for jaeoger tracing" .Values.tracing.jaeger.collector_endpoint }} + tracing_jaeger_agent_endpoint: {{ required "agent_endpoint is required for jaeger tracing" .Values.tracing.jaeger.agent_endpoint }} +{{- end -}} + {{- end -}} {{- if .Values.config.policy }} policy: diff --git a/stable/pomerium/templates/proxy-service.yaml b/stable/pomerium/templates/proxy-service.yaml index a327b1dd49cb..b182142ab668 100644 --- a/stable/pomerium/templates/proxy-service.yaml +++ b/stable/pomerium/templates/proxy-service.yaml @@ -22,7 +22,10 @@ spec: targetPort: https protocol: TCP name: https - + - name: metrics + port: {{ .Values.metrics.port }} + protocol: TCP + targetPort: metrics {{- if hasKey .Values.service "nodePort" }} nodePort: {{ .Values.service.nodePort }} {{- end }} diff --git a/stable/pomerium/templates/servicemonitor.yaml b/stable/pomerium/templates/servicemonitor.yaml new file mode 100644 index 000000000000..3db254466b68 --- /dev/null +++ b/stable/pomerium/templates/servicemonitor.yaml @@ -0,0 +1,24 @@ +{{ if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pomerium.fullname" . }} +{{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} +{{- end }} + labels: + helm.sh/chart: {{ template "pomerium.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "pomerium.name" . }} +{{- if .Values.serviceMonitor.labels }} +{{ toYaml .Values.serviceMonitor.labels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + helm.sh/chart: {{ template "pomerium.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: metrics +{{ end }} \ No newline at end of file diff --git a/stable/pomerium/values.yaml b/stable/pomerium/values.yaml index 2edf79d8e6c7..7be195b6e7b3 100644 --- a/stable/pomerium/values.yaml +++ b/stable/pomerium/values.yaml @@ -115,9 +115,23 @@ extraVolumes: {} image: repository: "pomerium/pomerium" - tag: "v0.1.0" + tag: "v0.2.0" pullPolicy: "IfNotPresent" metrics: enabled: false port: 9090 + +tracing: + enabled: false + provider: "" + debug: false + jaeger: + collector_endpoint: "" + agent_endpoint: "" + +serviceMonitor: + enabled: false + namespace: "" + labels: + release: prometheus diff --git a/stable/prometheus-blackbox-exporter/README.md b/stable/prometheus-blackbox-exporter/README.md index ff35e6d354c5..d19121764890 100644 --- a/stable/prometheus-blackbox-exporter/README.md +++ b/stable/prometheus-blackbox-exporter/README.md @@ -46,6 +46,8 @@ The following table lists the configurable parameters of the Blackbox-Exporter c | `config` | Prometheus blackbox configuration | {} | | `secretConfig` | Whether to treat blackbox configuration as secret | `false` | | `configmapReload.name` | configmap-reload container name | `configmap-reload` | +| `configmapReload.runAsUser` | User to run configmap-reload container as | `65534` | +| `configmapReload.runAsNonRoot` | Run configmap-reload container as non-root | `true` | | `configmapReload.image.repository` | configmap-reload container image repository | `jimmidyson/configmap-reload` | | `configmapReload.image.tag` | configmap-reload container image tag | `v0.2.2` | | `configmapReload.image.pullPolicy` | configmap-reload container image pull policy | `IfNotPresent` | @@ -62,6 +64,9 @@ The following table lists the configurable parameters of the Blackbox-Exporter c | `ingress.hosts` | Ingress accepted hostnames | None | | `ingress.tls` | Ingress TLS configuration | None | | `nodeSelector` | node labels for pod assignment | `{}` | +| `runAsUser` | User to run blackbox-exporter container as | `1000` | +| `readOnlyRootFilesystem` | Set blackbox-exporter file-system to read-only | `true` | +| `runAsNonRoot` | Run blackbox-exporter as non-root | `true` | | `tolerations` | node tolerations for pod assignment | `[]` | | `affinity` | node affinity for pod assignment | `{}` | | `podAnnotations` | annotations to add to each pod | `{}` | diff --git a/stable/prometheus-blackbox-exporter/templates/deployment.yaml b/stable/prometheus-blackbox-exporter/templates/deployment.yaml index 1bd4707e339f..767335ed4fcc 100644 --- a/stable/prometheus-blackbox-exporter/templates/deployment.yaml +++ b/stable/prometheus-blackbox-exporter/templates/deployment.yaml @@ -53,8 +53,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: - runAsNonRoot: true - runAsUser: 1000 + readOnlyRootFilesystem: {{ .Values.readOnlyRootFilesystem }} + runAsNonRoot: {{ .Values.runAsNonRoot }} + runAsUser: {{ .Values.runAsUser }} args: {{- if .Values.config }} - "--config.file=/config/blackbox.yaml" @@ -64,8 +65,6 @@ spec: {{- if .Values.extraArgs }} {{ toYaml .Values.extraArgs | indent 12 }} {{- end }} - securityContext: - readOnlyRootFilesystem: true resources: {{ toYaml .Values.resources | indent 12 }} ports: @@ -85,6 +84,9 @@ spec: - name: configmap-reload image: "{{ .Values.configmapReload.image.repository }}:{{ .Values.configmapReload.image.tag }}" imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}" + securityContext: + runAsNonRoot: {{ .Values.configmapReload.runAsNonRoot }} + runAsUser: {{ .Values.configmapReload.runAsUser }} args: - --volume-dir=/etc/config - --webhook-url=http://localhost:{{ .Values.service.port }}/-/reload diff --git a/stable/prometheus-blackbox-exporter/values.yaml b/stable/prometheus-blackbox-exporter/values.yaml index d84524e4824e..2558b75aea42 100644 --- a/stable/prometheus-blackbox-exporter/values.yaml +++ b/stable/prometheus-blackbox-exporter/values.yaml @@ -12,6 +12,11 @@ image: # pullSecrets: # - myRegistrKeySecretName +## User to run blackbox-exporter container as +runAsUser: 1000 +readOnlyRootFilesystem: true +runAsNonRoot: true + nodeSelector: {} tolerations: [] affinity: {} @@ -69,6 +74,11 @@ configmapReload: ## name: configmap-reload + ## User to run configmap-reload container as + ## + runAsUser: 65534 + runAsNonRoot: true + ## configmap-reload container image ## image: diff --git a/stable/prometheus-cloudwatch-exporter/Chart.yaml b/stable/prometheus-cloudwatch-exporter/Chart.yaml index 2ef00415864e..3bb6671d7116 100644 --- a/stable/prometheus-cloudwatch-exporter/Chart.yaml +++ b/stable/prometheus-cloudwatch-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.5.0" description: A Helm chart for prometheus cloudwatch-exporter name: prometheus-cloudwatch-exporter -version: 0.4.8 +version: 0.4.9 home: https://github.com/prometheus/cloudwatch_exporter sources: - https://github.com/prometheus/cloudwatch_exporter diff --git a/stable/prometheus-cloudwatch-exporter/README.md b/stable/prometheus-cloudwatch-exporter/README.md index e5920ef041f5..c95265112d7f 100644 --- a/stable/prometheus-cloudwatch-exporter/README.md +++ b/stable/prometheus-cloudwatch-exporter/README.md @@ -74,12 +74,12 @@ The following table lists the configurable parameters of the Cloudwatch Exporter | `affinity` | node/pod affinities | `{}` | | `livenessProbe` | Liveness probe settings | | | `readinessProbe` | Readiness probe settings | | -| `servicemonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `servicemonitor.namespace` | Namespace thes Servicemonitor is installed in | | -| `servicemonitor.interval` | How frequently Prometheus should scrape | | -| `servicemonitor.telemetryPath` | path to cloudwatch-exporter telemtery-path | | -| `servicemonitor.labels` | labels for the ServiceMonitor passed to Prometheus Operator | `{}` | -| `servicemonitor.timeout` | Timeout after which the scrape is ended | | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace thes Servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | | +| `serviceMonitor.telemetryPath` | path to cloudwatch-exporter telemtery-path | | +| `serviceMonitor.labels` | labels for the ServiceMonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.timeout` | Timeout after which the scrape is ended | | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.labels` | Custom labels | `{}` | diff --git a/stable/prometheus-nats-exporter/Chart.yaml b/stable/prometheus-nats-exporter/Chart.yaml index fd51ad571717..10e39adc5bc3 100644 --- a/stable/prometheus-nats-exporter/Chart.yaml +++ b/stable/prometheus-nats-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.5.0" description: A Helm chart for prometheus-nats-exporter name: prometheus-nats-exporter -version: 2.2.0 +version: 2.2.1 home: https://github.com/nats-io/prometheus-nats-exporter sources: - https://github.com/nats-io/prometheus-nats-exporter diff --git a/stable/prometheus-nats-exporter/templates/deployment.yaml b/stable/prometheus-nats-exporter/templates/deployment.yaml index c51bf63918cc..214b8ab93b6b 100644 --- a/stable/prometheus-nats-exporter/templates/deployment.yaml +++ b/stable/prometheus-nats-exporter/templates/deployment.yaml @@ -46,7 +46,7 @@ spec: {{- if .Values.config.metrics.subz }} - "-subz" {{- end }} - - "http://{{ .Values.config.nats.service }}.{{ .Values.config.nats.namespace }}.svc.cluster.local:{{ .Values.config.nats.port }}" + - "http://{{ .Values.config.nats.service }}.{{ .Values.config.nats.namespace }}.svc:{{ .Values.config.nats.port }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index eaf1fe2d4a11..6052cb191d90 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -11,7 +11,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 6.3.0 +version: 6.4.0 appVersion: 0.31.1 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 604add341827..66a76f8e8c76 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -128,9 +128,11 @@ The following tables list the configurable parameters of the prometheus-operator | `defaultRules.rules.kubernetesResources` | Create Kubernetes Resources default rules| `true` | | `defaultRules.rules.kubernetesStorage` | Create Kubernetes Storage default rules| `true` | | `defaultRules.rules.kubernetesSystem` | Create Kubernetes System default rules| `true` | -| `defaultRules.rules.node` | Create Node default rules| `true` | +| `defaultRules.rules.node` | Create Node default rules | `true` | +| `defaultRules.rules.network` | Create networking default rules | `true` | | `defaultRules.rules.PrometheusOperator` | Create Prometheus Operator default rules| `true` | | `defaultRules.rules.prometheus` | Create Prometheus default rules| `true` | +| `defaultRules.rules.time` | Create time default rules | `true` | | `defaultRules.labels` | Labels for default rules for monitoring the cluster | `{}` | | `defaultRules.annotations` | Annotations for default rules for monitoring the cluster | `{}` | | `additionalPrometheusRules` | *DEPRECATED* Will be removed in a future release. Please use **additionalPrometheusRulesMap** instead. List of `prometheusRule` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusrulespec. | `[]` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index 94ca4afcf17c..120b0ef4efff 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -28,15 +28,18 @@ defaultRules: kubeApiserver: true kubePrometheusNodeAlerting: true kubePrometheusNodeRecording: true - kubeScheduler: true kubernetesAbsent: true kubernetesApps: true kubernetesResources: true kubernetesStorage: true kubernetesSystem: true + kubeScheduler: true + network: true node: true - prometheusOperator: true prometheus: true + prometheusOperator: true + time: true + ## Labels for default rules labels: {} ## Annotations for default rules diff --git a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml index 316924366092..f8728e56cbec 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -18,4 +18,11 @@ rules: verbs: - get - update +{{- if .Values.global.rbac.pspEnabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus-operator.fullname" . }}-admission +{{- end }} {{- end }} \ No newline at end of file diff --git a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml index 4f6b7b1cf6c0..51c5bd9d3724 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml new file mode 100644 index 000000000000..1f15a6c8126e --- /dev/null +++ b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus-operator.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "prometheus-operator.name" . }}-admission +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml index 81097ede89d9..13cf84ed1f74 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml index 387c6cdfe783..1ae2f2286fc1 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml index 9316f6fc34d4..cba67200b894 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled }} +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/stable/prometheus-operator/templates/prometheus/rules/node-network.yaml b/stable/prometheus-operator/templates/prometheus/rules/node-network.yaml index 79a704f773fc..a725ddb90100 100644 --- a/stable/prometheus-operator/templates/prometheus/rules/node-network.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/node-network.yaml @@ -1,7 +1,7 @@ # Generated from 'node-network' group from https://raw.githubusercontent.com/coreos/kube-prometheus/master/manifests/prometheus-rules.yaml # Do not change in-place! In order to change this file first read following link: # https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack -{{- if and .Values.defaultRules.create }} +{{- if and .Values.defaultRules.create .Values.defaultRules.rules.network }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: @@ -41,4 +41,4 @@ spec: for: 2m labels: severity: warning -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/prometheus-operator/templates/prometheus/rules/node-time.yaml b/stable/prometheus-operator/templates/prometheus/rules/node-time.yaml index 78cad3e758bc..19e98de3cea2 100644 --- a/stable/prometheus-operator/templates/prometheus/rules/node-time.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/node-time.yaml @@ -1,7 +1,7 @@ # Generated from 'node-time' group from https://raw.githubusercontent.com/coreos/kube-prometheus/master/manifests/prometheus-rules.yaml # Do not change in-place! In order to change this file first read following link: # https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack -{{- if and .Values.defaultRules.create }} +{{- if and .Values.defaultRules.create .Values.defaultRules.rules.time }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: @@ -27,4 +27,4 @@ spec: for: 2m labels: severity: warning -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 6290a8084ce6..2b93f7a47a3b 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -28,15 +28,18 @@ defaultRules: kubeApiserver: true kubePrometheusNodeAlerting: true kubePrometheusNodeRecording: true - kubeScheduler: true kubernetesAbsent: true kubernetesApps: true kubernetesResources: true kubernetesStorage: true kubernetesSystem: true + kubeScheduler: true + network: true node: true - prometheusOperator: true prometheus: true + prometheusOperator: true + time: true + ## Labels for default rules labels: {} ## Annotations for default rules diff --git a/stable/prometheus-pushgateway/Chart.yaml b/stable/prometheus-pushgateway/Chart.yaml index 438736379d4a..895ce41fefcb 100644 --- a/stable/prometheus-pushgateway/Chart.yaml +++ b/stable/prometheus-pushgateway/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "0.9.0" +appVersion: "0.9.1" description: A Helm chart for prometheus pushgateway name: prometheus-pushgateway -version: 1.0.0 +version: 1.0.1 home: https://github.com/prometheus/pushgateway sources: - https://github.com/prometheus/pushgateway diff --git a/stable/prometheus-pushgateway/README.md b/stable/prometheus-pushgateway/README.md index d079835a875f..ffe27574b93e 100644 --- a/stable/prometheus-pushgateway/README.md +++ b/stable/prometheus-pushgateway/README.md @@ -44,7 +44,7 @@ The following table lists the configurable parameters of the pushgateway chart a | `extraArgs` | Optional flags for pushgateway | `[]` | | `extraVars` | Optional environment variables for pushgateway | `[]` | | `image.repository` | Image repository | `prom/pushgateway` | -| `image.tag` | Image tag | `v0.9.0` | +| `image.tag` | Image tag | `v0.9.1` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `ingress.enabled` | Enables Ingress for pushgateway | `false` | | `ingress.annotations` | Ingress annotations | `{}` | diff --git a/stable/prometheus-pushgateway/values.yaml b/stable/prometheus-pushgateway/values.yaml index adb9080307c5..b08f2a74e3b0 100644 --- a/stable/prometheus-pushgateway/values.yaml +++ b/stable/prometheus-pushgateway/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: prom/pushgateway - tag: v0.9.0 + tag: v0.9.1 pullPolicy: IfNotPresent service: diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index c438371f7681..f2b51663a92a 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: rabbitmq -version: 6.2.3 +version: 6.2.4 appVersion: 3.7.17 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 885f7219eee8..39acc920a9d1 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -162,7 +162,7 @@ $ helm install --name my-release -f values.yaml stable/rabbitmq > **Tip**: You can use the default [values.yaml](values.yaml) -### Production configuration +### Production configuration and horizontal scaling This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. @@ -210,6 +210,27 @@ $ helm install --name my-release -f ./values-production.yaml stable/rabbitmq + volumePermissions.enabled: true ``` +To horizontally scale this chart once it has been deployed you have two options: + +- Use `kubectl scale` command: + +```console +$ kubectl scale statefulset my-release-rabbitmq --replicas=3 +``` + +- Use `helm upgrade` command: + +```console +RABBITMQ_PASSWORD="$(kubectl get secret my-release-rabbitmq -o jsonpath='{.data.rabbitmq-password}' | base64 --decode)" +RABBITMQ_ERLANG_COOKIE="$(kubectl get secret my-release-rabbitmq -o jsonpath='{.data.rabbitmq-erlang-cookie}' | base64 --decode)" +$ helm upgrade my-release stable/rabbitmq \ + --set replicas=3 \ + --set rabbitmq.password="$RABBITMQ_PASSWORD" \ + --set rabbitmq.erlangCookie="$RABBITMQ_ERLANG_COOKIE" +``` + +> Note: please note it's mandatory to indicate the password and erlangCookie that was set the first time the chart was installed to upgrade the chart. Otherwise, new pods won't be able to join the cluster. + ### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/stable/reloader/Chart.yaml b/stable/reloader/Chart.yaml index 97f7e8b23ab4..496fca527ac9 100644 --- a/stable/reloader/Chart.yaml +++ b/stable/reloader/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: reloader description: Reloader chart that runs on kubernetes -version: 1.1.0 +version: 1.1.1 appVersion: "v0.0.29" keywords: - Reloader diff --git a/stable/reloader/templates/clusterrole.yaml b/stable/reloader/templates/clusterrole.yaml index 08d85aaf95ec..81876e9fcd72 100644 --- a/stable/reloader/templates/clusterrole.yaml +++ b/stable/reloader/templates/clusterrole.yaml @@ -12,7 +12,7 @@ metadata: {{- if .Values.reloader.matchLabels }} {{ toYaml .Values.reloader.matchLabels | indent 4 }} {{- end }} - name: {{ template "reloader-name" . }}-role + name: {{ template "reloader-fullname" . }}-role namespace: {{ .Release.Namespace }} rules: - apiGroups: diff --git a/stable/reloader/templates/clusterrolebinding.yaml b/stable/reloader/templates/clusterrolebinding.yaml index 01d909448cc9..be547c8f01c1 100644 --- a/stable/reloader/templates/clusterrolebinding.yaml +++ b/stable/reloader/templates/clusterrolebinding.yaml @@ -12,12 +12,12 @@ metadata: {{- if .Values.reloader.matchLabels }} {{ toYaml .Values.reloader.matchLabels | indent 4 }} {{- end }} - name: {{ template "reloader-name" . }}-role-binding + name: {{ template "reloader-fullname" . }}-role-binding namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "reloader-name" . }}-role + name: {{ template "reloader-fullname" . }}-role subjects: - kind: ServiceAccount name: {{ template "serviceAccountName" . }} diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index ec22255b8f0b..af8ad967afb6 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,6 +1,6 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.3.2 +version: 1.3.3 appVersion: 0.8.1 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets diff --git a/stable/sealed-secrets/templates/deployment.yaml b/stable/sealed-secrets/templates/deployment.yaml index c42529c2dd95..fe82b6b6aea0 100644 --- a/stable/sealed-secrets/templates/deployment.yaml +++ b/stable/sealed-secrets/templates/deployment.yaml @@ -32,6 +32,9 @@ spec: ports: - containerPort: 8080 name: http + volumeMounts: + - mountPath: /tmp + name: tmp livenessProbe: httpGet: path: /healthz @@ -46,6 +49,9 @@ spec: runAsUser: 1001 resources: {{ toYaml .Values.resources | indent 12 }} + volumes: + - name: tmp + emptyDir: {} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index b7cf745211a0..61f1137f939e 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.13.4 +version: 1.14.0 appVersion: 1.12.5 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/README.md b/stable/spinnaker/README.md index cf28ee39f6a8..8a7f6947e7f9 100644 --- a/stable/spinnaker/README.md +++ b/stable/spinnaker/README.md @@ -96,6 +96,37 @@ Spinnaker supports [many](https://www.spinnaker.io/setup/install/storage/) persi * Redis * AWS S3 +## Use custom `cacerts` + +In environments with air-gapped setup, especially with internal tooling (repos) and self-signed certificates it is required to provide an adequate `cacerts` which overrides the default one: + +1. Create a yaml file `cacerts.yaml` with a secret that contanins the `cacerts` + + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: custom-cacerts + data: + cacerts: | + xxxxxxxxxxxxxxxxxxxxxxx + ``` + +2. Upload your `cacerts.yaml` to a secret with the key you specify in `secretName` in the cluster you are installing Spinnaker to. + + ```shell + $ kubectl apply -f cacerts.yaml + ``` + +3. Set the following values of the chart: + + ```yaml + customCerts: + ## Enable to override the default cacerts with your own one + enabled: false + secretName: custom-cacerts + ``` + ## Customizing your installation ### Manual diff --git a/stable/spinnaker/templates/statefulsets/halyard.yaml b/stable/spinnaker/templates/statefulsets/halyard.yaml index 87fbc88421c8..572b6eb30c2c 100644 --- a/stable/spinnaker/templates/statefulsets/halyard.yaml +++ b/stable/spinnaker/templates/statefulsets/halyard.yaml @@ -46,6 +46,11 @@ spec: mountPath: /tmp/additionalProfileConfigMaps - name: halyard-initscript mountPath: /tmp/initscript + {{- if .Values.halyard.customCerts.enabled }} + - mountPath: /etc/ssl/certs/java/cacerts + subPath: cacerts + name: cacerts + {{- end }} volumes: {{- if .Values.kubeConfig.enabled }} - name: kube-config @@ -66,7 +71,7 @@ spec: {{- if .Values.dockerRegistryAccountSecret }} secretName: {{ .Values.dockerRegistryAccountSecret }} {{- else }} - secretName: {{ template "spinnaker.fullname" .}}-registry + secretName: {{ template "spinnaker.fullname" . }}-registry {{- end }} {{- if and .Values.s3.enabled .Values.s3.accessKey .Values.s3.secretKey }} - name: s3-secrets @@ -102,6 +107,14 @@ spec: - name: halyard-initscript configMap: name: {{ template "spinnaker.fullname" . }}-halyard-init-script + {{- if .Values.halyard.customCerts.enabled }} + - name: cacerts + secret: + secretName: {{ .Values.halyard.customCerts.secretName }} + items: + - key: cacerts + path: cacerts + {{- end }} containers: - name: halyard image: {{ .Values.halyard.image.repository }}:{{ .Values.halyard.image.tag }} @@ -143,6 +156,11 @@ spec: env: {{ toYaml .Values.halyard.env | indent 8 }} {{- end }} + {{- if .Values.halyard.customCerts.enabled }} + - mountPath: /etc/ssl/certs/java/cacerts + subPath: cacerts + name: cacerts + {{- end }} volumeClaimTemplates: - metadata: name: halyard-home diff --git a/stable/spinnaker/values.yaml b/stable/spinnaker/values.yaml index cb0cb13759a5..912b425db7ba 100644 --- a/stable/spinnaker/values.yaml +++ b/stable/spinnaker/values.yaml @@ -75,6 +75,10 @@ halyard: # env: # - name: DEFAULT_JVM_OPTS # value: -Dhttp.proxyHost=proxy.example.com + customCerts: + ## Enable to override the default cacerts with your own one + enabled: false + secretName: custom-cacerts # Define which registries and repositories you want available in your # Spinnaker pipeline definitions diff --git a/stable/spring-cloud-data-flow/Chart.yaml b/stable/spring-cloud-data-flow/Chart.yaml index 3fb8b019f8e3..ec5c2deb4c8e 100644 --- a/stable/spring-cloud-data-flow/Chart.yaml +++ b/stable/spring-cloud-data-flow/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Toolkit for building data processing pipelines. name: spring-cloud-data-flow -version: 2.3.2 -appVersion: 2.1.2.RELEASE +version: 2.4.0 +appVersion: 2.2.0.RELEASE home: http://cloud.spring.io/spring-cloud-dataflow/ sources: - https://github.com/spring-cloud/spring-cloud-dataflow diff --git a/stable/spring-cloud-data-flow/README.md b/stable/spring-cloud-data-flow/README.md index 31ff85a26422..f9c8a938dbb1 100644 --- a/stable/spring-cloud-data-flow/README.md +++ b/stable/spring-cloud-data-flow/README.md @@ -78,7 +78,7 @@ The following tables list the configurable parameters and their default values. | Parameter | Description | Default | | --------------------------------- | -------------------------------------------------- | ---------------- | -| server.version | The version/tag of the Data Flow server | 2.0.2.RELEASE +| server.version | The version/tag of the Data Flow server | 2.2.0.RELEASE | server.imagePullPolicy | The imagePullPolicy of the Data Flow server | IfNotPresent | server.service.type | The service type for the Data Flow server | LoadBalancer | server.service.annotations | Extra annotations for service resources | {} @@ -89,7 +89,7 @@ The following tables list the configurable parameters and their default values. | Parameter | Description | Default | | ---------------------------------- | ------------------------------------------------- | ---------------- | -| skipper.version | The version/tag of the Skipper server | 2.0.1.RELEASE +| skipper.version | The version/tag of the Skipper server | 2.1.0.RELEASE | skipper.imagePullPolicy | The imagePullPolicy of the Skipper server | IfNotPresent | skipper.platformName | The name of the configured platform account | default | skipper.service.type | The service type for the Skipper server | ClusterIP diff --git a/stable/spring-cloud-data-flow/values.yaml b/stable/spring-cloud-data-flow/values.yaml index 970bcc7a2848..9352ab1931cc 100644 --- a/stable/spring-cloud-data-flow/values.yaml +++ b/stable/spring-cloud-data-flow/values.yaml @@ -18,7 +18,7 @@ initContainers: server: image: springcloud/spring-cloud-dataflow-server - version: 2.1.2.RELEASE + version: 2.2.0.RELEASE imagePullPolicy: IfNotPresent platformName: default service: @@ -35,7 +35,7 @@ server: skipper: image: springcloud/spring-cloud-skipper-server - version: 2.0.2.RELEASE + version: 2.1.0.RELEASE imagePullPolicy: IfNotPresent platformName: default service: diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index 2b2961458a19..b5506870e340 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: suitecrm -version: 7.0.0 -appVersion: 7.11.6 +version: 7.0.1 +appVersion: 7.11.7 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: - suitecrm diff --git a/stable/suitecrm/requirements.lock b/stable/suitecrm/requirements.lock index b9b8bcd1f4f1..66209ef3556b 100644 --- a/stable/suitecrm/requirements.lock +++ b/stable/suitecrm/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 6.7.2 + version: 6.7.3 digest: sha256:a363428d6463718a9523a88c70e485218373e315f2979cb1bb17b034ec2be96a -generated: "2019-07-25T09:27:56.419006+02:00" +generated: 2019-07-31T20:32:10.417518572Z diff --git a/stable/suitecrm/values.yaml b/stable/suitecrm/values.yaml index caa365b35058..f6cdc50b5026 100644 --- a/stable/suitecrm/values.yaml +++ b/stable/suitecrm/values.yaml @@ -13,7 +13,7 @@ image: registry: docker.io repository: bitnami/suitecrm - tag: 7.11.6-debian-9-r0 + tag: 7.11.7-debian-9-r0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -260,7 +260,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.7.0-debian-9-r2 + tag: 0.7.0-debian-9-r10 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/sysdig/CHANGELOG.md b/stable/sysdig/CHANGELOG.md index 2a6e18ca365c..fde43e6a05bc 100644 --- a/stable/sysdig/CHANGELOG.md +++ b/stable/sysdig/CHANGELOG.md @@ -3,6 +3,12 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.4.12 + +### Minor changes + +* Use the latest image from Agent (0.92.0) by default. + ## v1.4.11 ### Minor Changes diff --git a/stable/sysdig/Chart.yaml b/stable/sysdig/Chart.yaml index 3faf276b6e40..ed6da867dea4 100755 --- a/stable/sysdig/Chart.yaml +++ b/stable/sysdig/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: sysdig -version: 1.4.11 -appVersion: 0.90.3 +version: 1.4.12 +appVersion: 0.92.0 description: Sysdig Monitor and Secure agent keywords: - monitoring diff --git a/stable/sysdig/README.md b/stable/sysdig/README.md index 6b61cf629ae9..7398c569b12f 100644 --- a/stable/sysdig/README.md +++ b/stable/sysdig/README.md @@ -41,7 +41,7 @@ The following table lists the configurable parameters of the Sysdig chart and th | --- | --- | --- | | `image.registry` | Sysdig agent image registry | `docker.io` | | `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `0.90.3` | +| `image.tag` | The image tag to pull | `0.92.0` | | `image.pullPolicy` | The Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `nil` | | `resources.requests.cpu` | CPU requested for being run in a node | `100m` | diff --git a/stable/sysdig/values.yaml b/stable/sysdig/values.yaml index c9766ea2da55..b606bf10ed58 100644 --- a/stable/sysdig/values.yaml +++ b/stable/sysdig/values.yaml @@ -3,7 +3,7 @@ image: registry: docker.io repository: sysdig/agent - tag: 0.90.3 + tag: 0.92.0 # Specify a imagePullPolicy # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index f12790424505..aa12f4ec1bb8 100644 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: traefik -version: 1.75.0 +version: 1.75.1 appVersion: 1.7.12 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: diff --git a/stable/traefik/templates/deployment.yaml b/stable/traefik/templates/deployment.yaml index 3cbb19b257c2..ac062c99dfa3 100644 --- a/stable/traefik/templates/deployment.yaml +++ b/stable/traefik/templates/deployment.yaml @@ -162,7 +162,7 @@ spec: hostPort: {{ default 443 .Values.deployment.hostPort.httpsPort }} {{- end }} protocol: TCP - {{- if .Values.dashboard.enabled }} + {{- if or .Values.dashboard.enabled .Values.metrics.prometheus.enabled }} - name: dash containerPort: 8080 {{- if .Values.deployment.hostPort.dashboardEnabled }}